Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2020-3425
CVE-2021-20083
Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-20083
CVE-2021-29256
. The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29256
CVE-2021-29970
A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29970
CVE-2021-29972
A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29972
CVE-2021-29976
Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29976
CVE-2021-29977
Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29977
CVE-2021-29980
Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29980
CVE-2021-29981
An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29981
CVE-2021-29984
Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29984
CVE-2021-29985
A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29985
CVE-2021-29988
Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29988
CVE-2021-29989
Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29989
CVE-2021-29990
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-29990
CVE-2021-38493
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-38493
CVE-2021-38495
Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-38495
CVE-2021-38496
During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-38496
CVE-2021-38500
Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-38500
CVE-2021-38504
When interacting with an HTML input element’s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-38504
CVE-2021-43534
Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-43534
CVE-2021-43535
A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-43535
CVE-2021-43537
An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-43537
CVE-2021-43539
Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-43539
CVE-2021-45960
In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory).
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45960
CVE-2022-22990
A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22990
CVE-2021-44737
PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-44737
CVE-2021-25076
The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-25076
CVE-2022-22993
A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22993
CVE-2022-0306
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0306
CVE-2022-24508
Windows SMBv3 Client/Server Remote Code Execution Vulnerability.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24508
CVE-2022-24512
.NET and Visual Studio Remote Code Execution Vulnerability.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24512
CVE-2022-24732
Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24732
CVE-2022-0204
A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0204
CVE-2022-23940
SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23940
CVE-2022-24644
ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24644
CVE-2022-24915
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24915
CVE-2022-26846
SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-26846
CVE-2021-44673
A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-44673
CVE-2021-39022
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-39022
CVE-2022-25510
FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25510
CVE-2022-21808
Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-21808
CVE-2022-22729
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22729
CVE-2022-25600
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3).
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25600
CVE-2021-45886
An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin).
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45886
CVE-2021-24959
The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-24959
CVE-2022-0165
The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0165
CVE-2022-0478
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0478
CVE-2022-22735
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22735
CVE-2022-22346
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22346
CVE-2021-43304
Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-43304
CVE-2021-43305
Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-43305
CVE-2021-45010
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45010
CVE-2022-22771
The Server component of TIBCO Software Inc.’s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22771
CVE-2022-27223
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2022-27223
CVE-2020-25721
Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.
8.8
https://nvd.nist.gov/vuln/detail/CVE-2020-25721
CVE-2019-1737
A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device.
8.6
https://nvd.nist.gov/vuln/detail/CVE-2019-1737
CVE-2019-1740
A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition.
8.6
https://nvd.nist.gov/vuln/detail/CVE-2019-1740
CVE-2022-22351
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396
8.6
https://nvd.nist.gov/vuln/detail/CVE-2022-22351
CVE-2022-22706
An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function.
8.4
https://nvd.nist.gov/vuln/detail/CVE-2022-22706
CVE-2022-25219
A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218).
8.4
https://nvd.nist.gov/vuln/detail/CVE-2022-25219
CVE-2021-44224
A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
8.2
https://nvd.nist.gov/vuln/detail/CVE-2021-44224
CVE-2022-23924
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23924
CVE-2022-23925
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23925
CVE-2022-23926
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23926
CVE-2022-23927
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23927
CVE-2022-23928
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23928
CVE-2022-23929
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23929
CVE-2022-23930
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23930
CVE-2022-23931
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23931
CVE-2022-23932
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23932
CVE-2022-23933
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23933
CVE-2022-23934
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-23934
CVE-2022-24743
Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory.
8.2
https://nvd.nist.gov/vuln/detail/CVE-2022-24743
CVE-2018-10887
A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2018-10887
CVE-2021-29986
A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2021-29986
CVE-2021-3935
When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2021-3935
CVE-2022-25090
Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-25090
CVE-2022-25218
The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the “plaintext” to which an arbitrary blob of ciphertext will be decrypted by OpenSSL’s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219).
8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-25218
CVE-2022-21177
There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-21177
CVE-2022-22145
CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-22145
CVE-2022-22151
CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2022-22151
CVE-2021-42387
Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2021-42387
CVE-2021-42388
Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation.
8.1
https://nvd.nist.gov/vuln/detail/CVE-2021-42388
CVE-2022-24128
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.)
8
https://nvd.nist.gov/vuln/detail/CVE-2022-24128
CVE-2017-4966
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser’s local storage without expiration, making it possible to retrieve them using a chained attack.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2017-4966
CVE-2020-3265
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2020-3265
CVE-2021-3708
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-3708
CVE-2021-42726
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42726
CVE-2021-42721
Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42721
CVE-2021-42723
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42723
CVE-2021-42725
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42725
CVE-2021-42727
Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42727
CVE-2022-21137
Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-21137
CVE-2022-0392
Heap-based Buffer Overflow in GitHub repository vim prior to 8.2.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0392
CVE-2022-0407
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0407
CVE-2022-21999
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-21999
CVE-2021-3760
A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-3760
CVE-2022-25265
In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25265
CVE-2022-0646
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0646
CVE-2022-24048
MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24048
CVE-2022-24050
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24050
CVE-2022-24051
MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24051
CVE-2022-24052
MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24052
CVE-2021-46162
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048)
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-46162
CVE-2021-46699
A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061)
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-46699
CVE-2021-3762
A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-3762
CVE-2022-26490
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-26490
CVE-2022-26337
Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-26337
CVE-2022-24507
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24507
CVE-2022-24509
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24509
CVE-2022-24510
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24510
CVE-2021-32025
An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-32025
CVE-2021-40376
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40376
CVE-2022-0516
A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0516
CVE-2022-20048
In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-20048
CVE-2022-20053
In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-20053
CVE-2022-20054
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-20054
CVE-2022-21124
Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-21124
CVE-2022-24285
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24285
CVE-2022-24286
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24286
CVE-2022-24396
The Simple Diagnostics Agent – versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24396
CVE-2022-24618
Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the “Browse For Folder” window accessible by triggering a “Repair” on the MSI package located in C:\\Windows\\Installer.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24618
CVE-2022-24928
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24928
CVE-2022-24931
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24931
CVE-2022-24960
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24960
CVE-2022-25217
Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25217
CVE-2022-25294
Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25294
CVE-2022-25814
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25814
CVE-2022-25815
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25815
CVE-2022-24750
UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24750
CVE-2022-22141
‘Long-term Data Archive Package’ service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22141
CVE-2022-22148
‘Root Service’ service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-22148
CVE-2022-23401
The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23401
CVE-2021-33658
atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-33658
CVE-2022-23187
Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23187
CVE-2022-23731
V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-23731
CVE-2022-24094
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24094
CVE-2022-24095
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24095
CVE-2022-24096
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24096
CVE-2022-24097
Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24097
CVE-2022-24415
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24415
CVE-2022-24416
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24416
CVE-2022-24419
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24419
CVE-2022-24420
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24420
CVE-2022-24421
Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24421
CVE-2021-41850
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-41850
CVE-2022-26967
GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-26967
CVE-2022-24696
Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24696
CVE-2022-26981
Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c).
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-26981
CVE-2022-24575
GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24575
CVE-2022-24577
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen ().
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24577
CVE-2022-20001
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker’s control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-20001
CVE-2022-24578
GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24578
CVE-2022-0943
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0943
CVE-2022-21946
A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-21946
CVE-2021-0957
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-0957
CVE-2021-40734
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40734
CVE-2021-40735
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40735
CVE-2021-40736
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40736
CVE-2021-40738
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40738
CVE-2021-40739
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40739
CVE-2021-40740
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40740
CVE-2021-40763
Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40763
CVE-2021-40764
Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40764
CVE-2021-40765
Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40765
CVE-2021-40777
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40777
CVE-2021-40779
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40779
CVE-2021-40780
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40780
CVE-2021-40786
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40786
CVE-2021-40787
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40787
CVE-2021-40792
Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40792
CVE-2021-40793
Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40793
CVE-2021-40794
Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-40794
CVE-2021-42526
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42526
CVE-2021-42527
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42527
CVE-2021-42533
Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42533
CVE-2021-42719
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42719
CVE-2021-42720
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42720
CVE-2021-42722
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42722
CVE-2021-42724
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42724
CVE-2021-42728
Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42728
CVE-2021-42729
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42729
CVE-2021-42730
Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PSD file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2021-42730
CVE-2022-24092
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.
7.8
https://nvd.nist.gov/vuln/detail/CVE-2022-24092
CVE-2022-21819
NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components.
7.6
https://nvd.nist.gov/vuln/detail/CVE-2022-21819
CVE-2018-15501
In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol “ng” packet that lacks a ‘\\0’ byte to trigger an out-of-bounds read that leads to DoS.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2018-15501
CVE-2019-11287
Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The “X-Reason” HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2019-11287
CVE-2021-37419
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-37419
CVE-2021-24917
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-24917
CVE-2021-44878
Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with “none” algorithm (i.e., tokens with no signature) which is not secure and violates the OpenID Core Specification. The “none” algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using “none” as the value of “alg” key in the header with an empty signature value.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-44878
CVE-2021-22570
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file’s name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-22570
CVE-2021-46667
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-46667
CVE-2022-24683
HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24683
CVE-2022-23648
containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23648
CVE-2022-23327
A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node’s memory pool, causing a denial of service (DoS).
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23327
CVE-2022-23328
A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node’s memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS).
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23328
CVE-2021-46378
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-46378
CVE-2021-25087
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25).
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-25087
CVE-2022-24713
regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it’s considered part of the crate’s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it’s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24713
CVE-2022-24464
.NET and Visual Studio Denial of Service Vulnerability.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24464
CVE-2022-24748
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24748
CVE-2022-0618
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0618
CVE-2022-0725
A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0725
CVE-2022-22547
Simple Diagnostics Agent – versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-22547
CVE-2022-24601
Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24601
CVE-2022-25556
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25556
CVE-2022-25560
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25560
CVE-2022-25561
Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25561
CVE-2022-26311
Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26311
CVE-2022-26662
An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26662
CVE-2022-24726
Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24726
CVE-2022-25508
An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25508
CVE-2022-25512
FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25512
CVE-2020-36518
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2020-36518
CVE-2022-0913
Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0913
CVE-2021-23246
In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-23246
CVE-2021-32476
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-32476
CVE-2022-0853
A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0853
CVE-2022-25216
An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25216
CVE-2021-42577
An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-42577
CVE-2022-22719
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-22719
CVE-2022-22354
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-22354
CVE-2022-24740
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user’s account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24740
CVE-2022-26779
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26779
CVE-2022-0778
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: – TLS clients consuming server certificates – TLS servers consuming client certificates – Hosting providers taking certificates or private keys from customers – Certificate authorities parsing certification requests from subscribers – Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc).
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0778
CVE-2021-45848
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-45848
CVE-2021-43957
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2021-43957
CVE-2021-20299
A flaw was found in OpenEXR’s Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability.
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25514
CVE-2022-25515
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25515
CVE-2022-25516
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25516
CVE-2022-21822
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable.
7.5
https://nvd.nist.gov/vuln/detail/CVE-2022-21822
CVE-2021-32998
The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required.
7.4
https://nvd.nist.gov/vuln/detail/CVE-2021-32998
CVE-2022-23607
treq is an HTTP library inspired by requests but written on top of Twisted’s Agents. Treq’s request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain (“supercookies”). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it.
7.4
https://nvd.nist.gov/vuln/detail/CVE-2022-23607
CVE-2022-24738
Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue.
7.4
https://nvd.nist.gov/vuln/detail/CVE-2022-24738
CVE-2022-25214
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN.
7.4
https://nvd.nist.gov/vuln/detail/CVE-2022-25214
CVE-2022-24751
Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds.
7.4
https://nvd.nist.gov/vuln/detail/CVE-2022-24751
CVE-2022-0815
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected.
7.3
https://nvd.nist.gov/vuln/detail/CVE-2022-0815
CVE-2021-35244
The “Log alert to a file” action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution.
7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-35244
CVE-2022-0557
OS Command Injection in Packagist microweber/microweber prior to 1.2.11.
7.2
https://nvd.nist.gov/vuln/detail/CVE-2022-0557
CVE-2022-21828
A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3.
7.2
https://nvd.nist.gov/vuln/detail/CVE-2022-21828
CVE-2022-0440
The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true)
7.2
https://nvd.nist.gov/vuln/detail/CVE-2022-0440
CVE-2022-24506
Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519.
7.2
https://nvd.nist.gov/vuln/detail/CVE-2022-24506
CVE-2022-25225
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in ‘/api/eventinstance’ via the ‘sqlparameter’ JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.
7.2
https://nvd.nist.gov/vuln/detail/CVE-2022-25225
CVE-2022-26521
Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type).
7.2
https://nvd.nist.gov/vuln/detail/CVE-2022-26521
CVE-2021-32474
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
7.2
https://nvd.nist.gov/vuln/detail/CVE-2021-32474
CVE-2022-24387
With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010
7.2
https://nvd.nist.gov/vuln/detail/CVE-2022-24387
CVE-2022-0944
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1.
7.2
https://nvd.nist.gov/vuln/detail/CVE-2022-0944
CVE-2020-3264
A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make.
7.1
https://nvd.nist.gov/vuln/detail/CVE-2020-3264
CVE-2021-3752
A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
7.1
https://nvd.nist.gov/vuln/detail/CVE-2021-3752
CVE-2021-4090
An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat.
7.1
https://nvd.nist.gov/vuln/detail/CVE-2021-4090
CVE-2022-0905
Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.
7.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0905
CVE-2022-25821
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.
7.1
https://nvd.nist.gov/vuln/detail/CVE-2022-25821
CVE-2021-4083
A read-after-free memory flaw was found in the Linux kernel’s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.
7
https://nvd.nist.gov/vuln/detail/CVE-2021-4083
CVE-2021-3640
A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.
7
https://nvd.nist.gov/vuln/detail/CVE-2021-3640
CVE-2022-24505
Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287.
7
https://nvd.nist.gov/vuln/detail/CVE-2022-24505
CVE-2022-26488
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.
7
https://nvd.nist.gov/vuln/detail/CVE-2022-26488
CVE-2022-23036
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
7
https://nvd.nist.gov/vuln/detail/CVE-2022-23036
CVE-2022-23037
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
7
https://nvd.nist.gov/vuln/detail/CVE-2022-23037
CVE-2022-23038
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
7
https://nvd.nist.gov/vuln/detail/CVE-2022-23038
CVE-2022-23039
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
7
https://nvd.nist.gov/vuln/detail/CVE-2022-23039
CVE-2022-23040
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
7
https://nvd.nist.gov/vuln/detail/CVE-2022-23040
CVE-2022-23041
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
7
https://nvd.nist.gov/vuln/detail/CVE-2022-23041
CVE-2022-23042
Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042
7
https://nvd.nist.gov/vuln/detail/CVE-2022-23042
CVE-2022-20055
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830.
6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-20055
CVE-2022-25213
Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell.
6.8
https://nvd.nist.gov/vuln/detail/CVE-2022-25213
CVE-2021-33150
Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access.
6.8
https://nvd.nist.gov/vuln/detail/CVE-2021-33150
CVE-2020-5419
RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.
6.7
https://nvd.nist.gov/vuln/detail/CVE-2020-5419
CVE-2022-22943
VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element.
6.7
https://nvd.nist.gov/vuln/detail/CVE-2022-22943
CVE-2022-20049
In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679.
6.7
https://nvd.nist.gov/vuln/detail/CVE-2022-20049
CVE-2022-20050
In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038.
6.7
https://nvd.nist.gov/vuln/detail/CVE-2022-20050
CVE-2022-0921
Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12.
6.7
https://nvd.nist.gov/vuln/detail/CVE-2022-0921
CVE-2021-39719
In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A
6.7
https://nvd.nist.gov/vuln/detail/CVE-2021-39719
CVE-2022-20056
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820.
6.6
https://nvd.nist.gov/vuln/detail/CVE-2022-20056
CVE-2022-20058
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485.
6.6
https://nvd.nist.gov/vuln/detail/CVE-2022-20058
CVE-2022-20059
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781.
6.6
https://nvd.nist.gov/vuln/detail/CVE-2022-20059
CVE-2022-20060
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462.
6.6
https://nvd.nist.gov/vuln/detail/CVE-2022-20060
CVE-2018-8098
Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2018-8098
CVE-2018-8099
Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2018-8099
CVE-2018-10888
A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2018-10888
CVE-2021-29975
Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-29975
CVE-2021-29982
Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-29982
CVE-2021-29987
After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-29987
CVE-2021-40964
A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the “fullpath” parameter containing path traversal strings (../ and ..\\) in order to escape the server’s intended working directory and write malicious files onto any directory on the computer.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40964
CVE-2021-37420
Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-37420
CVE-2021-41125
Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41125
CVE-2021-38491
Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-38491
CVE-2021-38507
The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-38507
CVE-2021-43528
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-43528
CVE-2021-43536
Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-43536
CVE-2021-43540
WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-43540
CVE-2021-43541
When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-43541
CVE-2021-43542
Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-43542
CVE-2022-0273
Improper Access Control in Pypi calibreweb prior to 0.6.16.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0273
CVE-2021-24761
The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-24761
CVE-2021-25097
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-25097
CVE-2022-24684
HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24684
CVE-2022-0577
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0577
CVE-2022-24737
HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24737
CVE-2022-26319
An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26319
CVE-2022-24502
Windows HTML Platforms Security Feature Bypass Vulnerability.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24502
CVE-2022-24741
Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `’enable_previews’` config flag.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24741
CVE-2022-24745
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24745
CVE-2021-28488
Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group).
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-28488
CVE-2021-32436
An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-32436
CVE-2021-41657
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41657
CVE-2022-20057
In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-20057
CVE-2022-24398
Under certain conditions SAP Business Objects Business Intelligence Platform – versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24398
CVE-2022-25243
“Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25243
CVE-2022-25244
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25244
CVE-2022-26652
NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26652
CVE-2022-26661
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26661
CVE-2022-26778
Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26778
CVE-2022-0821
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0821
CVE-2022-25506
FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25506
CVE-2022-25511
An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25511
CVE-2022-0932
Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0932
CVE-2021-26341
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-26341
CVE-2022-0001
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0001
CVE-2022-0002
Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0002
CVE-2022-23625
Wire-ios is a messaging application using the wire protocol on apple’s ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-23625
CVE-2021-42262
An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-42262
CVE-2022-24385
A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24385
CVE-2021-24692
The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-24692
CVE-2022-0593
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0593
CVE-2021-39051
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-39051
CVE-2022-22353
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-22353
CVE-2021-42389
Divide-by-zero in Clickhouse’s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-42389
CVE-2021-42390
Divide-by-zero in Clickhouse’s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-42390
CVE-2021-42391
Divide-by-zero in Clickhouse’s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-42391
CVE-2022-24762
sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24762
CVE-2022-27201
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-27201
CVE-2022-27208
Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-27208
CVE-2022-27210
A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-27210
CVE-2022-27225
Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2022-27225
CVE-2021-20257
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
6.5
https://nvd.nist.gov/vuln/detail/CVE-2021-20257
CVE-2021-3700
A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination.
6.4
https://nvd.nist.gov/vuln/detail/CVE-2021-3700
CVE-2021-24982
The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard
6.4
https://nvd.nist.gov/vuln/detail/CVE-2021-24982
CVE-2022-0280
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
6.3
https://nvd.nist.gov/vuln/detail/CVE-2022-0280
CVE-2021-44964
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
6.3
https://nvd.nist.gov/vuln/detail/CVE-2021-44964
CVE-2022-25822
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
6.2
https://nvd.nist.gov/vuln/detail/CVE-2022-25822
CVE-2017-4965
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2017-4965
CVE-2017-4967
An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2017-4967
CVE-2021-43543
Documents loaded with the CSP sandbox directive could have escaped the sandbox’s script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-43543
CVE-2021-42063
A security vulnerability has been discovered in the SAP Knowledge Warehouse – versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-42063
CVE-2022-23397
The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-23397
CVE-2021-46379
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-46379
CVE-2022-24746
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24746
CVE-2022-24177
A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24177
CVE-2022-24395
SAP NetWeaver Enterprise Portal – versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24395
CVE-2022-24397
SAP NetWeaver Enterprise Portal – versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24397
CVE-2022-24399
The SAP Focused Run (Real User Monitoring) – versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24399
CVE-2022-24608
Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24608
CVE-2022-26101
Fiori launchpad – versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-26101
CVE-2021-44585
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-44585
CVE-2022-0820
Cross-site Scripting (XSS) – Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0820
CVE-2021-46708
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-46708
CVE-2021-27414
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-27414
CVE-2021-32009
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-32009
CVE-2021-32478
The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-32478
CVE-2022-25601
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4).
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-25601
CVE-2021-44667
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-44667
CVE-2022-26533
Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-26533
CVE-2022-0929
XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0929
CVE-2021-46709
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-46709
CVE-2022-24384
Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24384
CVE-2021-24940
The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-24940
CVE-2021-24996
The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-24996
CVE-2021-25006
The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-25006
CVE-2022-0147
The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0147
CVE-2022-0230
The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0230
CVE-2022-0248
The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0248
CVE-2022-0321
The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0321
CVE-2022-0327
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0327
CVE-2022-0399
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action’s response, leading to a Reflected Cross-Site Scripting
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0399
CVE-2022-0449
The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0449
CVE-2022-0503
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0503
CVE-2022-0601
The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0601
CVE-2022-0648
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0648
CVE-2022-22734
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-22734
CVE-2022-22344
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-22344
CVE-2022-24733
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker’s page overlays the target application’s interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: “sameorigin“. To achieve that, add a new `subscriber` in the app.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24733
CVE-2022-24749
Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-24749
CVE-2022-0951
File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0951
CVE-2021-43956
The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-43956
CVE-2021-42552
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim’s browser. This issue affects all ArchivistaBox versions prior to 2022/I.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2021-42552
CVE-2022-0986
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11.
6.1
https://nvd.nist.gov/vuln/detail/CVE-2022-0986
CVE-2021-3607
An integer overflow was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
6
https://nvd.nist.gov/vuln/detail/CVE-2021-3607
CVE-2021-3608
A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability.
6
https://nvd.nist.gov/vuln/detail/CVE-2021-3608
CVE-2021-38502
Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2.
5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-38502
CVE-2021-4160
There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb).
5.9
https://nvd.nist.gov/vuln/detail/CVE-2021-4160
CVE-2022-24686
HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6
5.9
https://nvd.nist.gov/vuln/detail/CVE-2022-24686
CVE-2021-26401
LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs.
5.6
https://nvd.nist.gov/vuln/detail/CVE-2021-26401
CVE-2022-23960
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information.
5.6
https://nvd.nist.gov/vuln/detail/CVE-2022-23960
CVE-2021-0561
In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-0561
CVE-2021-3707
D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-3707
CVE-2021-42733
Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-42733
CVE-2021-45958
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-45958
CVE-2022-0561
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0561
CVE-2022-0562
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0562
CVE-2021-3947
A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-3947
CVE-2022-24725
Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, “\\\\~”)`.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24725
CVE-2022-22946
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-22946
CVE-2022-26336
A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26336
CVE-2021-20300
A flaw was found in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-20300
CVE-2021-20302
A flaw was found in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-20302
CVE-2021-38988
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-38988
CVE-2021-38989
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-38989
CVE-2022-24511
Microsoft Office Word Tampering Vulnerability.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24511
CVE-2022-0890
NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0890
CVE-2021-32434
abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-32434
CVE-2021-32435
Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-32435
CVE-2022-0433
A NULL pointer dereference flaw was found in the Linux kernel’s BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0433
CVE-2022-20051
In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-20051
CVE-2022-25819
OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25819
CVE-2022-25825
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-25825
CVE-2022-26878
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed).
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26878
CVE-2022-0907
Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0907
CVE-2022-0908
Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0908
CVE-2022-0909
Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0909
CVE-2022-0924
Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0924
CVE-2022-24090
Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24090
CVE-2021-41849
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user’s list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-41849
CVE-2022-26966
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-26966
CVE-2022-24574
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra ().
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24574
CVE-2022-24576
GPAC 1.0.1 is affected by Use After Free through MP4Box.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24576
CVE-2021-25026
The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field “Custom Patreon Page name”, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-25026
CVE-2022-24742
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24742
CVE-2022-27193
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-27193
CVE-2022-0961
The microweber application allows large characters to insert in the input field “post title” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0961
CVE-2022-0968
The microweber application allows large characters to insert in the input field “fist & last name” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-0968
CVE-2021-46705
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-46705
CVE-2022-21945
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2022-21945
CVE-2021-20180
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-20180
CVE-2021-40737
Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40737
CVE-2021-40741
Adobe Audition version 14.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40741
CVE-2021-40742
Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40742
CVE-2021-40750
Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40750
CVE-2021-40762
Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40762
CVE-2021-40767
Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40767
CVE-2021-40768
Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40768
CVE-2021-40778
Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40778
CVE-2021-40781
Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40781
CVE-2021-40782
Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40782
CVE-2021-40785
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40785
CVE-2021-40788
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40788
CVE-2021-40789
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40789
CVE-2021-40796
Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-40796
CVE-2021-42263
Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-42263
CVE-2021-42264
Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
5.5
https://nvd.nist.gov/vuln/detail/CVE-2021-42264
CVE-2022-22511
Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-22511
CVE-2022-24432
Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-24432
CVE-2022-26102
Due to missing authorization check, SAP NetWeaver Application Server for ABAP – versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn’t authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-26102
CVE-2022-25507
FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-25507
CVE-2022-0822
Cross-site Scripting (XSS) – Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0822
CVE-2022-26874
lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-26874
CVE-2022-0928
Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.12.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0928
CVE-2021-27416
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-27416
CVE-2021-32475
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-32475
CVE-2022-0880
Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0880
CVE-2021-45889
An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-45889
CVE-2022-0937
Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0937
CVE-2022-0341
Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.12.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0341
CVE-2022-0938
Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0938
CVE-2022-0940
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0940
CVE-2022-0941
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0941
CVE-2022-24386
Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-24386
CVE-2022-0946
Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0946
CVE-2021-24897
The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-24897
CVE-2021-24950
The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-24950
CVE-2021-24958
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin’s settings and put Cross-Site Scripting payloads in them
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-24958
CVE-2022-0960
Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0960
CVE-2022-0962
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0962
CVE-2021-39055
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-39055
CVE-2022-0945
Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0945
CVE-2022-0950
Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0950
CVE-2022-0893
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0893
CVE-2022-0894
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0894
CVE-2022-0954
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop’s Other Settings, Shop’s Autorespond E-mail Settings and Shops’ Payments Methods in GitHub repository microweber/microweber prior to 1.2.11.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0954
CVE-2022-0956
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0956
CVE-2022-0957
Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0957
CVE-2022-0942
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0942
CVE-2022-0963
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0963
CVE-2022-0964
Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0964
CVE-2022-0965
Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0965
CVE-2022-0966
Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0966
CVE-2022-0967
Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0967
CVE-2022-0970
Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0970
CVE-2022-27212
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the ‘List Git branches (and more)’ parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-27212
CVE-2022-0911
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0911
CVE-2022-0704
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0704
CVE-2022-0705
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2022-0705
CVE-2021-45787
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-45787
CVE-2021-33853
A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM.
5.4
https://nvd.nist.gov/vuln/detail/CVE-2021-33853
CVE-2019-1551
There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t).
5.3
https://nvd.nist.gov/vuln/detail/CVE-2019-1551
CVE-2020-13956
Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2020-13956
CVE-2021-25009
The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses
5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-25009
CVE-2022-24503
Remote Desktop Protocol Client Information Disclosure Vulnerability.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-24503
CVE-2022-24747
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-24747
CVE-2022-25215
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25215
CVE-2022-26103
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) – version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-26103
CVE-2022-26104
SAP Financial Consolidation – version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-26104
CVE-2022-26847
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-26847
CVE-2021-38910
IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38910
CVE-2021-39025
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-39025
CVE-2021-41233
Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of “File Drop”. For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-41233
CVE-2022-0870
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-0870
CVE-2021-32473
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected
5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-32473
CVE-2022-25839
The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25839
CVE-2022-26276
An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2022-26276
CVE-2021-29134
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-29134
CVE-2021-45852
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.
5.3
https://nvd.nist.gov/vuln/detail/CVE-2021-45852
CVE-2021-43774
A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords.
4.9
https://nvd.nist.gov/vuln/detail/CVE-2021-43774
CVE-2021-24966
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
4.9
https://nvd.nist.gov/vuln/detail/CVE-2021-24966
CVE-2021-38971
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620.
4.9
https://nvd.nist.gov/vuln/detail/CVE-2021-38971
CVE-2020-36519
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.)
4.9
https://nvd.nist.gov/vuln/detail/CVE-2020-36519
CVE-2022-0906
Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12.
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0906
CVE-2022-0912
Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11.
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0912
CVE-2022-0926
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0926
CVE-2022-0930
File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12.
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0930
CVE-2021-45888
An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator.
4.8
https://nvd.nist.gov/vuln/detail/CVE-2021-45888
CVE-2021-24895
The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2021-24895
CVE-2021-24995
The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2021-24995
CVE-2021-41952
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim’s cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.
4.8
https://nvd.nist.gov/vuln/detail/CVE-2021-41952
CVE-2022-0659
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0659
CVE-2022-0674
The Kunze Law WordPress plugin before 2.1 does not escape its ‘E-Mail Error “From” Address’ settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0674
CVE-2022-0684
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0684
CVE-2022-0700
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0700
CVE-2022-0701
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0701
CVE-2022-0702
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0702
CVE-2022-0703
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-0703
CVE-2022-27200
Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
4.8
https://nvd.nist.gov/vuln/detail/CVE-2022-27200
CVE-2022-25368
Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim’s hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected.
4.7
https://nvd.nist.gov/vuln/detail/CVE-2022-25368
CVE-2022-24932
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
4.6
https://nvd.nist.gov/vuln/detail/CVE-2022-24932
CVE-2022-25816
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
4.6
https://nvd.nist.gov/vuln/detail/CVE-2022-25816
CVE-2022-25820
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
4.6
https://nvd.nist.gov/vuln/detail/CVE-2022-25820
CVE-2021-4002
A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data.
4.4
https://nvd.nist.gov/vuln/detail/CVE-2021-4002
CVE-2022-24349
An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors – an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel.
4.4
https://nvd.nist.gov/vuln/detail/CVE-2022-24349
CVE-2022-24917
An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
4.4
https://nvd.nist.gov/vuln/detail/CVE-2022-24917
CVE-2022-24918
An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
4.4
https://nvd.nist.gov/vuln/detail/CVE-2022-24918
CVE-2022-24919
An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks.
4.4
https://nvd.nist.gov/vuln/detail/CVE-2022-24919
CVE-2022-26355
Citrix Federated Authentication Service (FAS) 7.17 – 10.6 causes deployments that have been configured to store a registration authority certificate’s private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.
4.4
https://nvd.nist.gov/vuln/detail/CVE-2022-26355
CVE-2021-39722
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A
4.4
https://nvd.nist.gov/vuln/detail/CVE-2021-39722
CVE-2021-39724
In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A
4.4
https://nvd.nist.gov/vuln/detail/CVE-2021-39724
CVE-2021-29974
When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-29974
CVE-2021-38508
By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38508
CVE-2021-38509
Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker’s choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-38509
CVE-2021-43538
By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-43538
CVE-2021-43546
It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-43546
CVE-2022-0414
Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-0414
CVE-2022-23708
A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-23708
CVE-2022-23709
A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-23709
CVE-2021-24824
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-24824
CVE-2021-24825
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when either the unfiltered_html or file_edit is disallowed)
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-24825
CVE-2021-32006
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-32006
CVE-2018-25031
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2018-25031
CVE-2021-32472
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-32472
CVE-2021-32477
The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-32477
CVE-2021-43954
The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have ‘can add repository permission’, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-43954
CVE-2020-4989
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2020-4989
CVE-2022-27199
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-27199
CVE-2022-27214
A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2022-27214
CVE-2021-43955
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability.
4.3
https://nvd.nist.gov/vuln/detail/CVE-2021-43955
CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
3.7
https://nvd.nist.gov/vuln/detail/CVE-2020-9488
CVE-2022-21170
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.
3.7
https://nvd.nist.gov/vuln/detail/CVE-2022-21170
CVE-2019-11291
Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information.
3.5
https://nvd.nist.gov/vuln/detail/CVE-2019-11291
CVE-2022-24744
Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin.
3.5
https://nvd.nist.gov/vuln/detail/CVE-2022-24744
CVE-2020-8908
A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime’s java.io.tmpdir system property to point to a location whose permissions are appropriately configured.
3.3
https://nvd.nist.gov/vuln/detail/CVE-2020-8908
CVE-2022-24929
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-24929
CVE-2022-24930
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-24930
CVE-2022-25817
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25817
CVE-2022-25823
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25823
CVE-2022-25824
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25824
CVE-2022-25826
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25826
CVE-2022-25827
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25827
CVE-2022-25828
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25828
CVE-2022-25829
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25829
CVE-2022-25830
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log
3.3
https://nvd.nist.gov/vuln/detail/CVE-2022-25830
CVE-2021-40766
Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
3.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40766
CVE-2021-40769
Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
3.3
https://nvd.nist.gov/vuln/detail/CVE-2021-40769
CVE-2022-22348
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139.
2.4
https://nvd.nist.gov/vuln/detail/CVE-2022-22348
CVE-2013-3523
SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL.
–
https://nvd.nist.gov/vuln/detail/CVE-2013-3523
CVE-2014-9649
Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.
–
https://nvd.nist.gov/vuln/detail/CVE-2014-9649
CVE-2014-9650
CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
–
https://nvd.nist.gov/vuln/detail/CVE-2014-9650
CVE-2022-27195
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27195
CVE-2022-27196
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27196
CVE-2022-27197
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet’s Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27197
CVE-2022-27198
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27198
CVE-2022-27202
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27202
CVE-2022-27203
Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27203
CVE-2022-27204
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27204
CVE-2022-27205
A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27205
CVE-2022-27206
Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27206
CVE-2022-27207
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the ‘Global Build Stats’ page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27207
CVE-2022-27209
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27209
CVE-2022-27211
A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27211
CVE-2022-27213
Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27213
CVE-2022-27215
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27215
CVE-2022-27216
Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27216
CVE-2022-27217
Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27217
CVE-2022-27218
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27218
CVE-2022-25485
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25485
CVE-2022-25486
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25486
CVE-2022-25487
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25487
CVE-2022-25488
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25488
CVE-2022-25489
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the “A” parameter in /widgets/debug.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25489
CVE-2022-25490
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25490
CVE-2022-25491
HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25491
CVE-2022-25492
HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25492
CVE-2022-25493
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25493
CVE-2022-25494
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25494
CVE-2022-25495
The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25495
CVE-2022-25497
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25497
CVE-2022-25498
CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25498
CVE-2022-23989
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23989
CVE-2022-26995
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26995
CVE-2022-26996
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26996
CVE-2022-26997
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26997
CVE-2022-26998
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26998
CVE-2022-26999
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26999
CVE-2022-27000
Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27000
CVE-2022-27001
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27001
CVE-2022-27002
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27002
CVE-2021-45851
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server’s internal environment and services, often potentially leading to the attacker executing commands on the server.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45851
CVE-2021-39624
In Package Manger, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-67862680
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39624
CVE-2021-39667
In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39667
CVE-2021-39685
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39685
CVE-2021-39686
In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39686
CVE-2021-39689
In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206090748
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39689
CVE-2021-39690
In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204316511
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39690
CVE-2021-39692
In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39692
CVE-2021-39693
In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208662370
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39693
CVE-2021-39694
In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39694
CVE-2021-39695
In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39695
CVE-2021-39697
In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39697
CVE-2021-39698
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39698
CVE-2021-39701
In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39701
CVE-2021-39702
In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39702
CVE-2021-39703
In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-207057578
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39703
CVE-2021-39704
In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39704
CVE-2021-39705
In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-186026746
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39705
CVE-2021-39706
In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39706
CVE-2021-39707
In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39707
CVE-2021-39708
In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39708
CVE-2021-39709
In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208817618
In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39711
CVE-2021-39712
In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39712
CVE-2021-39714
In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39714
CVE-2021-39715
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39715
CVE-2021-39717
In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39717
CVE-2021-39718
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A
In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39721
CVE-2021-39725
In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39725
CVE-2021-39726
In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39726
CVE-2021-39727
In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39727
CVE-2021-39729
In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39729
CVE-2021-39730
In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39730
CVE-2021-39731
In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39731
CVE-2021-39732
In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39732
CVE-2021-39733
In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39733
CVE-2021-39734
In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39734
CVE-2021-39735
In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39735
CVE-2021-39736
In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A
In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39792
CVE-2021-39793
In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39793
CVE-2021-41987
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must control the SCEP server for a valid certificate. This affects mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-41987
CVE-2021-45821
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45821
CVE-2022-0811
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0811
CVE-2022-0918
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0918
CVE-2022-0959
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0959
CVE-2022-0982
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0982
CVE-2022-23234
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23234
CVE-2022-25246
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25246
CVE-2022-25247
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25247
CVE-2022-25248
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25248
CVE-2022-25249
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server..
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25249
CVE-2022-25250
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25250
CVE-2022-25251
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25251
CVE-2022-25252
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25252
CVE-2022-26353
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26353
CVE-2022-26354
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26354
CVE-2022-26660
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26660
CVE-2021-23648
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-23648
CVE-2021-45822
A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the “n” (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45822
CVE-2022-21164
The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-21164
CVE-2022-24728
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24728
CVE-2022-24729
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24729
CVE-2022-23610
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possible to create new accounts with fake SAML credentials. Under certain conditions that can be established by an attacker, an upstream library for parsing, rendering, signing, and validating SAML XML data was accepting public keys as trusted that were provided by the attacker in the signature. As a consequence, the attacker could login as any user in any Wire team with SAML SSO enabled. If SCIM was not enabled, the attacker could also create new users with new SAML NameIDs. In order to exploit this vulnerability, the attacker needs to know the SSO login code (distributed to all team members with SAML credentials and visible in the Team Management app), the SAML EntityID identifying the IdP (a URL not considered sensitive, but usually hard to guess, also visible in Team Management), and the SAML NameID of the user (usually an email address or a nick). The issue has been fixed in wire-server `2022-01-27` and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to `2022-01-27`, so that their backends are no longer affected. There are currently no known workarounds. More detailed information about how to reproduce the vulnerability and mitigation strategies is available in the GitHub Security Advisory.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23610
CVE-2022-26293
Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26293
CVE-2022-26295
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26295
CVE-2021-42219
Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-42219
CVE-2022-26300
EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26300
CVE-2022-26534
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26534
CVE-2022-24072
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24072
CVE-2022-24073
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24073
CVE-2022-24074
Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24074
CVE-2022-24075
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24075
CVE-2021-45791
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45791
CVE-2021-45792
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45792
CVE-2022-1000
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1000
CVE-2021-23632
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require(“git”).Git; var repo = new Git(“repo-test”); var user_input = “version; date”; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-23632
CVE-2021-44908
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules().
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44908
CVE-2021-45793
Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45793
CVE-2021-45794
Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45794
CVE-2022-0748
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0748
CVE-2022-0749
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0749
CVE-2022-25760
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package’s exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25760
CVE-2021-44259
A vulnerability is in the ‘wx.html’ page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44259
CVE-2021-44260
A vulnerability is in the ‘live_mfg.html’ page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44260
CVE-2021-44261
A vulnerability is in the ‘BRS_top.html’ page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44261
CVE-2021-44262
A vulnerability is in the ‘MNU_top.htm’ page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44262
CVE-2022-24761
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python’s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24761
CVE-2020-15591
fexsrv in F*EX (aka Frams’ Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution).
–
https://nvd.nist.gov/vuln/detail/CVE-2020-15591
CVE-2021-44906
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44906
CVE-2022-26526
Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.)
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26526
CVE-2022-24759
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24759
CVE-2022-25364
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.)
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25364
CVE-2022-26503
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26503
CVE-2022-25949
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25949
CVE-2022-25969
The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25969
CVE-2022-26081
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer.
A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44907
CVE-2021-45040
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45040
CVE-2021-46107
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-46107
CVE-2022-24770
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer’s computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user’s computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24770
CVE-2022-26500
Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26500
CVE-2022-26501
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26501
CVE-2022-26504
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26504
CVE-2021-43961
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-43961
CVE-2021-44087
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44087
CVE-2021-44088
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44088
CVE-2022-24302
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24302
CVE-2022-0237
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0237
CVE-2022-0757
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the “ANY” and “OR” operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0757
CVE-2022-0758
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0758
CVE-2021-45966
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45966
CVE-2021-45967
An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45967
CVE-2021-45968
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45968
CVE-2022-27240
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27240
CVE-2021-45868
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45868
CVE-2022-26965
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26965
CVE-2022-27191
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27191
CVE-2021-22571
A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-22571
CVE-2021-45834
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product’s environment or lead to arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45834
CVE-2021-45835
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45835
CVE-2022-24655
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24655
CVE-2022-0742
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0742
CVE-2022-24595
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24595
CVE-2022-24771
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24771
CVE-2022-24772
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24772
CVE-2022-24773
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24773
CVE-2021-29899
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-29899
CVE-2021-39046
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39046
CVE-2022-24637
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ‘<?php (instead of the intended “<?php sequence) aren’t handled by the PHP interpreter.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24637
CVE-2020-15388
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-15388
CVE-2020-16232
In Yokogawa WideField3 R1.01 – R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-16232
CVE-2020-25176
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-25176
CVE-2020-25178
ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-25178
CVE-2020-25180
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-25180
CVE-2020-25182
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-25182
CVE-2020-25184
Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-25184
CVE-2020-25193
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-25193
CVE-2020-25197
A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-25197
CVE-2021-23150
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31).
–
https://nvd.nist.gov/vuln/detail/CVE-2021-23150
CVE-2021-23209
Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32).
–
https://nvd.nist.gov/vuln/detail/CVE-2021-23209
CVE-2021-27789
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program’s standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-27789
CVE-2021-30771
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution.
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-4031
CVE-2022-0547
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0547
CVE-2022-1002
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1002
CVE-2022-1003
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1003
CVE-2022-1011
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1011
CVE-2022-22578
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22578
CVE-2022-22579
An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22579
CVE-2022-22583
A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22583
CVE-2022-22584
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22584
CVE-2022-22585
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user’s files.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22585
CVE-2022-22586
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22586
CVE-2022-22587
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22587
CVE-2022-22588
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22588
CVE-2022-22589
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22589
CVE-2022-22590
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22590
CVE-2022-22591
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22591
CVE-2022-22592
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22592
CVE-2022-22593
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22593
CVE-2022-22594
A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22594
CVE-2022-22596
A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22596
CVE-2022-22597
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22597
CVE-2022-22598
An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22598
CVE-2022-22599
Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22599
CVE-2022-22600
The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22600
CVE-2022-22601
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22601
CVE-2022-22602
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22602
CVE-2022-22603
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22603
CVE-2022-22604
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22604
CVE-2022-22605
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22605
CVE-2022-22606
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22606
CVE-2022-22607
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22607
CVE-2022-22608
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22608
CVE-2022-22609
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications’ settings.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22609
CVE-2022-22611
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22611
CVE-2022-22612
A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22612
CVE-2022-22613
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22613
CVE-2022-22614
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22614
CVE-2022-22615
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22615
CVE-2022-22617
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22617
CVE-2022-22618
This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22618
CVE-2022-22620
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22620
CVE-2022-22621
This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22621
CVE-2022-22622
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22622
CVE-2022-22623
Multiple issues were addressed by updating to curl version 7.79.1. This issue is fixed in macOS Monterey 12.3. Multiple issues in curl.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22623
CVE-2022-22625
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22625
CVE-2022-22626
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22626
CVE-2022-22627
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22627
CVE-2022-22631
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22631
CVE-2022-22632
A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22632
CVE-2022-22633
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22633
CVE-2022-22634
A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22634
CVE-2022-22635
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22635
CVE-2022-22636
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22636
CVE-2022-22638
A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22638
CVE-2022-22639
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22639
CVE-2022-22640
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22640
CVE-2022-22641
A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22641
CVE-2022-22642
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22642
CVE-2022-22643
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22643
CVE-2022-22644
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user’s contacts.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22644
CVE-2022-22647
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22647
CVE-2022-22648
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22648
CVE-2022-22650
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application’s permissions and access user data.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22650
CVE-2022-22651
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22651
CVE-2022-22652
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22652
CVE-2022-22653
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22653
CVE-2022-22654
A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22654
CVE-2022-22656
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22656
CVE-2022-22657
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22657
CVE-2022-22659
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22659
CVE-2022-22660
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22660
CVE-2022-22661
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22661
CVE-2022-22664
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22664
CVE-2022-22665
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22665
CVE-2022-22666
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22666
CVE-2022-22667
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22667
CVE-2022-22669
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22669
CVE-2022-22670
An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22670
CVE-2022-22671
An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22671
CVE-2022-24091
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24091
CVE-2022-25602
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7).
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25602
CVE-2022-25603
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5).
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25603
CVE-2022-25604
Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2).
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727).
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25607
CVE-2022-27243
An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27243
CVE-2022-27244
An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27244
CVE-2022-27245
An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27245
CVE-2022-27246
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27246
CVE-2022-25427
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25427
CVE-2022-25428
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25428
CVE-2022-25429
Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25429
CVE-2022-25431
Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25431
CVE-2022-25433
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25433
CVE-2022-25434
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25434
CVE-2022-25435
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25435
CVE-2022-25437
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25437
CVE-2022-25438
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25438
CVE-2022-25439
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25439
CVE-2022-25440
Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25440
CVE-2022-25441
Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25441
CVE-2022-25445
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25445
CVE-2022-25446
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25446
CVE-2022-25447
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25447
CVE-2022-25448
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25448
CVE-2022-25449
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25449
CVE-2022-25450
Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25450
CVE-2022-25451
Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25451
CVE-2022-25452
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25452
CVE-2022-25453
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25453
CVE-2022-25454
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25454
CVE-2022-25455
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25455
CVE-2022-25456
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25456
CVE-2022-25457
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25457
CVE-2022-25458
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25458
CVE-2022-25459
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25459
CVE-2022-25460
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25460
CVE-2022-25461
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25461
CVE-2022-27250
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device’s screen, record video of the device’s physical environment, or modify data.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27250
CVE-2022-25389
DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25389
CVE-2022-25390
DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25390
CVE-2022-25578
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25578
CVE-2022-25581
Classcms v2.5 and below contains an arbitrary file upload via the component \\class\\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25581
CVE-2022-26265
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26265
CVE-2022-26266
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26266
CVE-2022-26267
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26267
CVE-2022-27226
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor’s defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router’s default credentials aren’t rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27226
CVE-2022-0991
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0991
CVE-2022-24126
A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24126
CVE-2022-24125
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24125
CVE-2021-44345
Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-44345
CVE-2022-25464
A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25464
CVE-2022-26246
TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26246
CVE-2022-26247
TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26247
CVE-2022-26555
A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26555
CVE-2022-25462
Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25462
CVE-2020-26007
An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-26007
CVE-2020-26008
The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file.
–
https://nvd.nist.gov/vuln/detail/CVE-2020-26008
CVE-2021-39383
DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39383
CVE-2021-39384
DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-39384
CVE-2021-42194
The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user’s input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-42194
CVE-2022-25481
ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25481
CVE-2022-25505
Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \\include\\Model\\Category.php.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25505
CVE-2021-36100
Specially crafted string in OTRS system configuration can allow the execution of any system command.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-36100
CVE-2022-0475
Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0475
CVE-2022-1004
Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1004
CVE-2021-45876
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45876
CVE-2021-45877
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45877
CVE-2021-45878
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45878
CVE-2022-0415
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0415
CVE-2022-24656
HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24656
CVE-2022-1035
Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1035
CVE-2022-25570
In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25570
CVE-2020-24772
In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).
–
https://nvd.nist.gov/vuln/detail/CVE-2020-24772
CVE-2021-45117
The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45117
CVE-2022-26494
An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26494
CVE-2022-22394
The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-22394
CVE-2022-26960
connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26960
CVE-2022-24235
A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24235
CVE-2022-24236
An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users’ accounts.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24236
CVE-2022-24237
The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24237
CVE-2022-25766
The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25766
CVE-2021-24905
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-24905
CVE-2021-25019
The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
–
https://nvd.nist.gov/vuln/detail/CVE-2021-25019
CVE-2022-0229
The miniOrange’s Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0229
CVE-2022-0364
The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0364
CVE-2022-0423
The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0423
CVE-2022-0514
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0514
CVE-2022-0515
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0515
CVE-2022-0590
The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0590
CVE-2022-0591
The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0591
CVE-2022-0616
The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0616
CVE-2022-0627
The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0627
CVE-2022-0628
The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0628
CVE-2022-0640
The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0640
CVE-2022-0681
The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0681
CVE-2022-0687
The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom “Amelia Manager” role.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0687
CVE-2022-0694
The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0694
CVE-2022-0739
The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0739
CVE-2022-0747
The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0747
CVE-2022-0760
The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0760
CVE-2022-24766
mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response’s HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request’s body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24766
CVE-2022-24775
guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24775
CVE-2021-46390
An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module in the drive after the user registers a password, and then the input password is compared with the registered password stored in the authentication module. Subsequently, the module returns the comparison result for the authentication decision. Therefore, an attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. Accordingly, even if attackers enter an incorrect password, they can be authenticated as a legitimate user and can therefore exploit functions of the secure USB flash drive by manipulating the authentication result values.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-46390
CVE-2022-23345
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23345
CVE-2022-23346
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23346
CVE-2022-23347
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23347
CVE-2022-23348
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23348
CVE-2022-23349
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23349
CVE-2022-23350
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23350
CVE-2022-23352
An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS).
–
https://nvd.nist.gov/vuln/detail/CVE-2022-23352
CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26148
CVE-2021-38745
Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker’s profile page.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-38745
CVE-2021-40662
A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-40662
CVE-2022-26174
A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26174
CVE-2022-26183
PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26183
CVE-2022-26184
Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26184
CVE-2022-27090
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27090
CVE-2022-27333
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27333
CVE-2022-26283
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26283
CVE-2022-26284
Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26284
CVE-2022-26285
Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26285
CVE-2022-27607
Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27607
CVE-2022-0386
A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0386
CVE-2022-0652
Confd log files contain local users’, including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0652
CVE-2022-1034
There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1034
CVE-2021-45809
Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `–script=–redacted– versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `–script=<script>` parameter
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45809
CVE-2021-45810
Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host’s traffic via their own server.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-45810
CVE-2022-0667
When the vulnerability is triggered the BIND process will exit. BIND 9.18.0
–
https://nvd.nist.gov/vuln/detail/CVE-2022-0667
CVE-2022-1036
Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1036
CVE-2021-43650
WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-43650
CVE-2022-21718
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-21718
CVE-2022-24764
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24764
CVE-2022-24774
CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability to create arbitrary directories or a denial of service by deleting arbitrary directories. The vulnerability is resolved in version 2.0.1. The vulnerability is not exploitable with the default configuration with the post and delete methods disabled. This can be configured by modifying the `appsettings.json` file, or alternatively, setting the environment variables `ALLOWEDMETHODS__POST` and `ALLOWEDMETHODS__DELETE` to `false`.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-24774
CVE-2022-25484
tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25484
CVE-2021-41736
Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-41736
CVE-2022-27228
In the vote (aka “Polls, Votes”) module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-27228
CVE-2022-25517
MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-25517
CVE-2022-26260
Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse().
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26260
CVE-2022-1031
Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-1031
CVE-2021-33961
A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter.
–
https://nvd.nist.gov/vuln/detail/CVE-2021-33961
CVE-2022-26186
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26186
CVE-2022-26187
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26187
CVE-2022-26188
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26188
CVE-2022-26189
TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface.
–
https://nvd.nist.gov/vuln/detail/CVE-2022-26189
CVE-2022-25518
In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table.
