Security Bulletin 23 Mar 2022 | #macos | #macsecurity | #education | #technology | #infosec



CVE Number Description Base Score Reference CVE-2020-3425 Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3425 CVE-2021-20083 Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) in jquery-plugin-query-object 2.2.3 allows a malicious user to inject properties into Object.prototype. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-20083 CVE-2021-29256 . The Arm Mali GPU kernel driver allows an unprivileged user to achieve access to freed memory, leading to information disclosure or root privilege escalation. This affects Bifrost r16p0 through r29p0 before r30p0, Valhall r19p0 through r29p0 before r30p0, and Midgard r28p0 through r30p0. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29256 CVE-2021-29970 A malicious webpage could have triggered a use-after-free, memory corruption, and a potentially exploitable crash. *This bug could only be triggered when accessibility was enabled.*. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29970 CVE-2021-29972 A use-after-free vulnerability was found via testing, and traced to an out-of-date Cairo library. Updating the library resolved the issue, and may have remediated other, unknown security vulnerabilities as well. This vulnerability affects Firefox < 90. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29972 CVE-2021-29976 Mozilla developers reported memory safety bugs present in code shared between Firefox and Thunderbird. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.12, Firefox ESR < 78.12, and Firefox < 90. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29976 CVE-2021-29977 Mozilla developers reported memory safety bugs present in Firefox 89. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 90. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29977 CVE-2021-29980 Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29980 CVE-2021-29981 An issue present in lowering/register allocation could have led to obscure but deterministic register confusion failures in JITted code that would lead to a potentially exploitable crash. This vulnerability affects Firefox < 91 and Thunderbird < 91. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29981 CVE-2021-29984 Instruction reordering resulted in a sequence of instructions that would cause an object to be incorrectly considered during garbage collection. This led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29984 CVE-2021-29985 A use-after-free vulnerability in media channels could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29985 CVE-2021-29988 Firefox incorrectly treated an inline list-item element as a block element, resulting in an out of bounds read or memory corruption, and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29988 CVE-2021-29989 Mozilla developers reported memory safety bugs present in Firefox 90 and Firefox ESR 78.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.13, Firefox ESR < 78.13, and Firefox < 91. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29989 CVE-2021-29990 Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 91. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29990 CVE-2021-38493 Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.14, Thunderbird < 78.14, and Firefox < 92. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38493 CVE-2021-38495 Mozilla developers reported memory safety bugs present in Thunderbird 78.13.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 91.1 and Firefox ESR < 91.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38495 CVE-2021-38496 During operations on MessageTasks, a task may have been removed while it was still scheduled, resulting in memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38496 CVE-2021-38500 Mozilla developers reported memory safety bugs present in Firefox 92 and Firefox ESR 91.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 78.15, Thunderbird < 91.2, Firefox ESR < 91.2, Firefox ESR < 78.15, and Firefox < 93. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38500 CVE-2021-38504 When interacting with an HTML input element’s file picker dialog with webkitdirectory set, a use-after-free could have resulted, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38504 CVE-2021-43534 Mozilla developers and community members reported memory safety bugs present in Firefox 93 and Firefox ESR 91.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43534 CVE-2021-43535 A use-after-free could have occured when an HTTP2 session object was released on a different thread, leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 93, Thunderbird < 91.3, and Firefox ESR < 91.3. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43535 CVE-2021-43537 An incorrect type conversion of sizes from 64bit to 32bit integers allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43537 CVE-2021-43539 Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43539 CVE-2021-45960 In Expat (aka libexpat) before 2.4.3, a left shift by 29 (or more) places in the storeAtts function in xmlparse.c can lead to realloc misbehavior (e.g., allocating too few bytes, or only freeing memory). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45960 CVE-2022-22990 A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices. Addressed this vulnerability by changing access token validation logic and rewriting rule logic on PHP scripts. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22990 CVE-2021-44737 PJL directory traversal vulnerability in Lexmark devices through 2021-12-07 that can be leveraged to overwrite internal configuration files. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44737 CVE-2021-25076 The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due to the lack of sanitisation and escaping, this could also lead to Reflected Cross-Site Scripting 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25076 CVE-2022-22993 A limited SSRF vulnerability was discovered on Western Digital My Cloud devices that could allow an attacker to impersonate a server and reach any page on the server by bypassing access controls. The vulnerability was addressed by creating a whitelist for valid parameters. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22993 CVE-2022-0306 Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0306 CVE-2022-24508 Windows SMBv3 Client/Server Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24508 CVE-2022-24512 .NET and Visual Studio Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24512 CVE-2022-24732 Maddy Mail Server is an open source SMTP compatible email server. Versions of maddy prior to 0.5.4 do not implement password expiry or account expiry checking when authenticating using PAM. Users are advised to upgrade. Users unable to upgrade should manually remove expired accounts via existing filtering mechanisms. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24732 CVE-2022-0204 A heap overflow vulnerability was found in bluez in versions prior to 5.63. An attacker with local network access could pass specially crafted files causing an application to halt or crash, leading to a denial of service. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0204 CVE-2022-23940 SuiteCRM through 7.12.1 and 8.x through 8.0.1 allows Remote Code Execution. Authenticated users with access to the Scheduled Reports module can achieve this by leveraging PHP deserialization in the email_recipients property. By using a crafted request, they can create a malicious report, containing a PHP-deserialization payload in the email_recipients field. Once someone accesses this report, the backend will deserialize the content of the email_recipients field and the payload gets executed. Project dependencies include a number of interesting PHP deserialization gadgets (e.g., Monolog/RCE1 from phpggc) that can be used for Code Execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23940 CVE-2022-24644 ZZ Inc. KeyMouse Windows 3.08 and prior is affected by a remote code execution vulnerability during an unauthenticated update. To exploit this vulnerability, a user must trigger an update of an affected installation of KeyMouse. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24644 CVE-2022-24915 The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24915 CVE-2022-26846 SPIP before 3.2.14 and 4.x before 4.0.5 allows remote authenticated editors to execute arbitrary code. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26846 CVE-2021-44673 A Remote Code Execution (RCE) vulnerability exists in Croogo 3.0.2via admin/file-manager/attachments, which lets a malicoius user upload a web shell script. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44673 CVE-2021-39022 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 saves user-provided information into a Comma-Separated Value (CSV) file, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as a command when the file is opened by spreadsheet software. IBM X-Force ID: 213858. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39022 CVE-2022-25510 FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25510 CVE-2022-21808 Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21808 CVE-2022-22729 CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22729 CVE-2022-25600 Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25600 CVE-2021-45886 An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45886 CVE-2021-24959 The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24959 CVE-2022-0165 The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0165 CVE-2022-0478 The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0478 CVE-2022-22735 The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22735 CVE-2022-22346 IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22346 CVE-2021-43304 Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43304 CVE-2021-43305 Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43305 CVE-2021-45010 A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45010 CVE-2022-22771 The Server component of TIBCO Software Inc.’s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22771 CVE-2022-27223 In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27223 CVE-2020-25721 Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25721 CVE-2019-1737 A vulnerability in the processing of IP Service Level Agreement (SLA) packets by Cisco IOS Software and Cisco IOS XE software could allow an unauthenticated, remote attacker to cause an interface wedge and an eventual denial of service (DoS) condition on the affected device. The vulnerability is due to improper socket resources handling in the IP SLA responder application code. An attacker could exploit this vulnerability by sending crafted IP SLA packets to an affected device. An exploit could allow the attacker to cause an interface to become wedged, resulting in an eventual denial of service (DoS) condition on the affected device. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2019-1737 CVE-2019-1740 A vulnerability in the Network-Based Application Recognition (NBAR) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload. This vulnerability are due to a parsing issue on DNS packets. An attacker could exploit this vulnerability by sending crafted DNS packets through routers that are running an affected version and have NBAR enabled. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2019-1740 CVE-2022-22351 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged trusted host user to exploit a vulnerability in the nimsh daemon to cause a denial of service in the nimsh daemon on another trusted host. IBM X-Force ID: 220396 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-22351 CVE-2022-22706 An Arm product family through 2022-01-03 has an Exposed Dangerous Method or Function. 8.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22706 CVE-2022-25219 A null byte interaction error has been discovered in the code that the telnetd_startup daemon uses to construct a pair of ephemeral passwords that allow a user to spawn a telnet service on the router, and to ensure that the telnet service persists upon reboot. By means of a crafted exchange of UDP packets, an unauthenticated attacker on the local network can leverage this null byte interaction error in such a way as to make those ephemeral passwords predictable (with 1-in-94 odds). Since the attacker must manipulate data processed by the OpenSSL function RSA_public_decrypt(), successful exploitation of this vulnerability depends on the use of an unpadded RSA cipher (CVE-2022-25218). 8.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25219 CVE-2021-44224 A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 CVE-2022-23924 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23924 CVE-2022-23925 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23925 CVE-2022-23926 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23926 CVE-2022-23927 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23927 CVE-2022-23928 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23928 CVE-2022-23929 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23929 CVE-2022-23930 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23930 CVE-2022-23931 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23931 CVE-2022-23932 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23932 CVE-2022-23933 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23933 CVE-2022-23934 Potential vulnerabilities have been identified in the system BIOS of certain HP PC products which may allow Escalation of Privilege, Arbitrary Code Execution, Unauthorized Code Execution, Denial of Service, and Information Disclosure. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-23934 CVE-2022-24743 Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `Sylius\\Bundle\\ApiBundle\\CommandHandler\\ResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-24743 CVE-2018-10887 A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn leads to an out of bound read, allowing to read before the base object. An attacker may use this flaw to leak memory addresses or cause a Denial of Service. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2018-10887 CVE-2021-29986 A suspected race condition when calling getaddrinfo led to memory corruption and a potentially exploitable crash. *Note: This issue only affected Linux operating systems. Other operating systems are unaffected.* This vulnerability affects Thunderbird < 78.13, Thunderbird < 91, Firefox ESR < 78.13, and Firefox < 91. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29986 CVE-2021-3935 When PgBouncer is configured to use “cert” authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of TLS certificate verification and encryption. This flaw affects PgBouncer versions prior to 1.16.1. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3935 CVE-2022-25090 Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25090 CVE-2022-25218 The use of the RSA algorithm without OAEP, or any other padding scheme, in telnetd_startup, allows an unauthenticated attacker on the local area network to achieve a significant degree of control over the “plaintext” to which an arbitrary blob of ciphertext will be decrypted by OpenSSL’s RSA_public_decrypt() function. This weakness allows the attacker to manipulate the various iterations of the telnetd startup state machine and eventually obtain a root shell on the device, by means of an exchange of crafted UDP packets. In all versions but K2 22.5.9.163 and K3C 32.1.15.93 a successful attack also requires the exploitation of a null-byte interaction error (CVE-2022-25219). 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25218 CVE-2022-21177 There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21177 CVE-2022-22145 CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22145 CVE-2022-22151 CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22151 CVE-2021-42387 Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42387 CVE-2021-42388 Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42388 CVE-2022-24128 Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.) 8 https://nvd.nist.gov/vuln/detail/CVE-2022-24128 CVE-2017-4966 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser’s local storage without expiration, making it possible to retrieve them using a chained attack. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-4966 CVE-2020-3265 A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to elevate privileges to root on the underlying operating system. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain root-level privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2020-3265 CVE-2021-3708 D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to OS command injection. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3707, to execute any OS commands on the vulnerable device. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3708 CVE-2021-42726 Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42726 CVE-2021-42721 Acrobat Bridge versions 11.1.1 and earlier are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42721 CVE-2021-42723 Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted SGI file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42723 CVE-2021-42725 Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42725 CVE-2021-42727 Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42727 CVE-2022-21137 Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21137 CVE-2022-0392 Heap-based Buffer Overflow in GitHub repository vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0392 CVE-2022-0407 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0407 CVE-2022-21999 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21999 CVE-2021-3760 A flaw was found in the Linux kernel. A use-after-free vulnerability in the NFC stack can lead to a threat to confidentiality, integrity, and system availability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3760 CVE-2022-25265 In the Linux kernel through 5.16.10, certain binary files may have the exec-all attribute if they were built in approximately 2003 (e.g., with GCC 3.2.2 and Linux kernel 2.4.20). This can cause execution of bytes located in supposedly non-executable regions of a file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25265 CVE-2022-0646 A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0646 CVE-2022-24048 MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24048 CVE-2022-24050 MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24050 CVE-2022-24051 MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24051 CVE-2022-24052 MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24052 CVE-2021-46162 A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15048) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46162 CVE-2021-46699 A vulnerability has been identified in Simcenter Femap (All versions < V2022.1.1). Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15061) 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46699 CVE-2021-3762 A directory traversal vulnerability was found in the ClairCore engine of Clair. An attacker can exploit this by supplying a crafted container image which, when scanned by Clair, allows for arbitrary file write on the filesystem, potentially allowing for remote code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3762 CVE-2022-26490 st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26490 CVE-2022-26337 Trend Micro Password Manager (Consumer) installer version 5.0.0.1262 and below is vulnerable to an Uncontrolled Search Path Element vulnerability that could allow an attacker to use a specially crafted file to exploit the vulnerability and escalate local privileges on the affected machine. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26337 CVE-2022-24507 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24507 CVE-2022-24509 Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24510. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24509 CVE-2022-24510 Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-24461, CVE-2022-24509. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24510 CVE-2021-32025 An elevation of privilege vulnerability in the QNX Neutrino Kernel of affected versions of QNX Software Development Platform version(s) 6.4.0 to 7.0, QNX Momentics all 6.3.x versions, QNX OS for Safety versions 1.0.0 to 1.0.2, QNX OS for Safety versions 2.0.0 to 2.0.1, QNX for Medical versions 1.0.0 to 1.1.1, and QNX OS for Medical version 2.0.0 could allow an attacker to potentially access data, modify behavior, or permanently crash the system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-32025 CVE-2021-40376 otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40376 CVE-2022-0516 A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0516 CVE-2022-20048 In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917502; Issue ID: ALPS05917502. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20048 CVE-2022-20053 In ims service, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219097; Issue ID: ALPS06219097. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20053 CVE-2022-20054 In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID: ALPS06219083. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20054 CVE-2022-21124 Out-of-bounds write vulnerability in CX-Programmer v9.76.1 and earlier which is a part of CX-One (v4.60) suite allows an attacker to cause information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. This vulnerability is different from CVE-2022-25234. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21124 CVE-2022-24285 Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority called ACCsvc through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24285 CVE-2022-24286 Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local privilege escalation vulnerability. The user process communicates with a service of system authority through a named pipe. In this case, the Named Pipe is also given Read and Write rights to the general user. In addition, the service program does not verify the user when communicating. A thread may exist with a specific command. When the path of the program to be executed is sent, there is a local privilege escalation in which the service program executes the path with system privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24286 CVE-2022-24396 The Simple Diagnostics Agent – versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24396 CVE-2022-24618 Heimdal.Wizard.exe installer in Heimdal Premium Security 2.5.395 and earlier has insecure permissions, which allows unprivileged local users to elevate privileges to SYSTEM via the “Browse For Folder” window accessible by triggering a “Repair” on the MSI package located in C:\\Windows\\Installer. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24618 CVE-2022-24928 Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24928 CVE-2022-24931 Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24931 CVE-2022-24960 A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24960 CVE-2022-25217 Use of a hard-coded cryptographic key pair by the telnetd_startup service allows an attacker on the local area network to obtain a root shell on the device over telnet. The builds of telnetd_startup included in the version 22.5.9.163 of the K2 firmware, and version 32.1.15.93 of the K3C firmware (possibly amongst many other releases) included both the private and public RSA keys. The remaining versions cited here redacted the private key, but left the public key unchanged. An attacker in possession of the leaked private key may, through a scripted exchange of UDP packets, instruct telnetd_startup to spawn an unauthenticated telnet shell as root, by means of which they can then obtain complete control of the device. A consequence of the limited availablility of firmware images for testing is that models and versions not listed here may share this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25217 CVE-2022-25294 Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected. Proofpoint has released fixed software version 7.12.1. The fixed software versions are available through the customer support portal. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25294 CVE-2022-25814 PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25814 CVE-2022-25815 PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25815 CVE-2022-24750 UltraVNC is a free and open source remote pc access software. A vulnerability has been found in versions prior to 1.3.8.0 in which the DSM plugin module, which allows a local authenticated user to achieve local privilege escalation (LPE) on a vulnerable system. The vulnerability has been fixed to allow loading of plugins from the installed directory. Affected users should upgrade their UltraVNC to 1.3.8.0. Users unable to upgrade should not install and run UltraVNC server as a service. It is advisable to create a scheduled task on a low privilege account to launch WinVNC.exe instead. There are no known workarounds if wincnc needs to be started as a service. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24750 CVE-2022-22141 ‘Long-term Data Archive Package’ service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22141 CVE-2022-22148 ‘Root Service’ service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22148 CVE-2022-23401 The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23401 CVE-2021-33658 atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33658 CVE-2022-23187 Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23187 CVE-2022-23731 V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23731 CVE-2022-24094 Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24094 CVE-2022-24095 Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24095 CVE-2022-24096 Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24096 CVE-2022-24097 Adobe After Effects versions 22.2 (and earlier) and 18.4.4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24097 CVE-2022-24415 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24415 CVE-2022-24416 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24416 CVE-2022-24419 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24419 CVE-2022-24420 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24420 CVE-2022-24421 Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24421 CVE-2021-41850 An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41850 CVE-2022-26967 GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26967 CVE-2022-24696 Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24696 CVE-2022-26981 Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26981 CVE-2022-24575 GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24575 CVE-2022-24577 GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen (). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24577 CVE-2022-20001 fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker’s control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20001 CVE-2022-24578 GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24578 CVE-2022-0943 Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0943 CVE-2022-21946 A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21946 CVE-2021-0957 In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-0957 CVE-2021-40734 Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40734 CVE-2021-40735 Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40735 CVE-2021-40736 Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40736 CVE-2021-40738 Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40738 CVE-2021-40739 Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40739 CVE-2021-40740 Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40740 CVE-2021-40763 Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40763 CVE-2021-40764 Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40764 CVE-2021-40765 Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40765 CVE-2021-40777 Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40777 CVE-2021-40779 Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40779 CVE-2021-40780 Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40780 CVE-2021-40786 Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40786 CVE-2021-40787 Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40787 CVE-2021-40792 Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40792 CVE-2021-40793 Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40793 CVE-2021-40794 Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-40794 CVE-2021-42526 Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42526 CVE-2021-42527 Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42527 CVE-2021-42533 Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42533 CVE-2021-42719 Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42719 CVE-2021-42720 Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42720 CVE-2021-42722 Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42722 CVE-2021-42724 Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42724 CVE-2021-42728 Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42728 CVE-2021-42729 Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42729 CVE-2021-42730 Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PSD file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42730 CVE-2022-24092 Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24092 CVE-2022-21819 NVIDIA distributions of Jetson Linux contain a vulnerability where an error in the IOMMU configuration may allow an unprivileged attacker with physical access to the board direct read/write access to the entire system address space through the PCI bus. Such an attack could result in denial of service, code execution, escalation of privileges, and impact to data integrity and confidentiality. The scope impact may extend to other components. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2022-21819 CVE-2018-15501 In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol “ng” packet that lacks a ‘\\0’ byte to trigger an out-of-bounds read that leads to DoS. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-15501 CVE-2019-11287 Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain a web management plugin that is vulnerable to a denial of service attack. The “X-Reason” HTTP Header can be leveraged to insert a malicious Erlang format string that will expand and consume the heap, resulting in the server crashing. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-11287 CVE-2021-37419 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to SSRF. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37419 CVE-2021-24917 The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24917 CVE-2021-44878 Pac4j v5.1 and earlier allows (by default) clients to accept and successfully validate ID Tokens with “none” algorithm (i.e., tokens with no signature) which is not secure and violates the OpenID Core Specification. The “none” algorithm does not require any signature verification when validating the ID tokens, which allows the attacker to bypass the token validation by injecting a malformed ID token using “none” as the value of “alg” key in the header with an empty signature value. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44878 CVE-2021-22570 Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file’s name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22570 CVE-2021-46667 MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46667 CVE-2022-24683 HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24683 CVE-2022-23648 containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd’s CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23648 CVE-2022-23327 A design flaw in Go-Ethereum 1.10.12 and older versions allows an attacker node to send 5120 future transactions with a high gas price in one message, which can purge all of pending transactions in a victim node’s memory pool, causing a denial of service (DoS). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23327 CVE-2022-23328 A design flaw in all versions of Go-Ethereum allows an attacker node to send 5120 pending transactions of a high gas price from one account that all fully spend the full balance of the account to a victim Geth node, which can purge all of pending transactions in a victim node’s memory pool and then occupy the memory pool to prevent new transactions from entering the pool, resulting in a denial of service (DoS). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23328 CVE-2021-46378 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46378 CVE-2021-25087 The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in some of the REST API endpoints, allowing unauthenticated attackers to call them, which could lead to sensitive information disclosure, such as posts passwords (fixed in 3.2.24) and files Master Keys (fixed in 3.2.25). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25087 CVE-2022-24713 regex is an implementation of regular expressions for the Rust language. The regex crate features built-in mitigations to prevent denial of service attacks caused by untrusted regexes, or untrusted input matched by trusted regexes. Those (tunable) mitigations already provide sane defaults to prevent attacks. This guarantee is documented and it’s considered part of the crate’s API. Unfortunately a bug was discovered in the mitigations designed to prevent untrusted regexes to take an arbitrary amount of time during parsing, and it’s possible to craft regexes that bypass such mitigations. This makes it possible to perform denial of service attacks by sending specially crafted regexes to services accepting user-controlled, untrusted regexes. All versions of the regex crate before or equal to 1.5.4 are affected by this issue. The fix is include starting from regex 1.5.5. All users accepting user-controlled regexes are recommended to upgrade immediately to the latest version of the regex crate. Unfortunately there is no fixed set of problematic regexes, as there are practically infinite regexes that could be crafted to exploit this vulnerability. Because of this, it us not recommend to deny known problematic regexes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24713 CVE-2022-24464 .NET and Visual Studio Denial of Service Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24464 CVE-2022-24748 Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In versions prior to 6.4.8.2 it is possible to modify customers and to create orders without App Permission. This issue is a result of improper api route checking. Users are advised to upgrade to version 6.4.8.2. There are no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24748 CVE-2022-0618 A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS or HTTP/2 PUSH_PROMISE frame where the frame contains padding information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame or PUSH_PROMISE frame with HTTP/2 padding information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0618 CVE-2022-0725 A flaw was found in KeePass. The vulnerability occurs due to logging the plain text passwords in the system log and leads to an Information Exposure vulnerability. This flaw allows an attacker to interact and read sensitive passwords and logs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0725 CVE-2022-22547 Simple Diagnostics Agent – versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22547 CVE-2022-24601 Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24601 CVE-2022-25556 Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42E328. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25556 CVE-2022-25560 Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_4327CC. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25560 CVE-2022-25561 Tenda AX12 v22.03.01.21 was discovered to contain a stack overflow in the function sub_42DE00. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25561 CVE-2022-26311 Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26311 CVE-2022-26662 An XML Entity Expansion (XEE) issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An unauthenticated user can send a crafted XML-RPC message to consume all the resources of the server. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26662 CVE-2022-24726 Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, istiod, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing when the validating webhook for a cluster is exposed publicly. This endpoint is served over TLS port 15017, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [external istiod](https://istio.io/latest/docs/setup/install/external-controlplane/) topologies, this port is exposed over the public internet. This issue has been patched in versions 1.13.2, 1.12.5 and 1.11.8. Users are advised to upgrade. Users unable to upgrade should disable access to a validating webhook that is exposed to the public internet or restrict the set of IP addresses that can query it to a set of known, trusted entities. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24726 CVE-2022-25508 An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service (DoS) via an unusually large amount of created routes, or create unsafe or false routes for legitimate users. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25508 CVE-2022-25512 FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25512 CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36518 CVE-2022-0913 Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0913 CVE-2021-23246 In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-23246 CVE-2021-32476 A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32476 CVE-2022-0853 A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0853 CVE-2022-25216 An absolute path traversal vulnerability allows a remote attacker to download any file on the Windows file system for which the user account running DVDFab 12 Player (recently renamed PlayerFab) has read-access, by means of an HTTP GET request to http://<IP_ADDRESS>:32080/download/<URL_ENCODED_PATH>. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25216 CVE-2021-42577 An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42577 CVE-2022-22719 A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 CVE-2022-22354 IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22354 CVE-2022-24740 Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user’s account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24740 CVE-2022-26779 Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26779 CVE-2022-0778 The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: – TLS clients consuming server certificates – TLS servers consuming client certificates – Hosting providers taking certificates or private keys from customers – Certificate authorities parsing certification requests from subscribers – Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0778 CVE-2021-45848 Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45848 CVE-2021-43957 Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43957 CVE-2021-20299 A flaw was found in OpenEXR’s Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20299 CVE-2021-39716 Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39716 CVE-2022-25514 stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25514 CVE-2022-25515 stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25515 CVE-2022-25516 stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25516 CVE-2022-21822 NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21822 CVE-2021-32998 The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. INIT START/restore from backup required. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-32998 CVE-2022-23607 treq is an HTTP library inspired by requests but written on top of Twisted’s Agents. Treq’s request methods (`treq.get`, `treq.post`, etc.) and `treq.client.HTTPClient` constructor accept cookies as a dictionary. Such cookies are not bound to a single domain, and are therefore sent to *every* domain (“supercookies”). This can potentially cause sensitive information to leak upon an HTTP redirect to a different domain., e.g. should `https://example.com` redirect to `http://cloudstorageprovider.com` the latter will receive the cookie `session`. Treq 2021.1.0 and later bind cookies given to request methods (`treq.request`, `treq.get`, `HTTPClient.request`, `HTTPClient.get`, etc.) to the origin of the *url* parameter. Users are advised to upgrade. For users unable to upgrade Instead of passing a dictionary as the *cookies* argument, pass a `http.cookiejar.CookieJar` instance with properly domain- and scheme-scoped cookies in it. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23607 CVE-2022-24738 Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. In versions of evmos prior to 2.0.1 attackers are able to drain unclaimed funds from user addresses. To do this an attacker must create a new chain which does not enforce signature verification and connects it to the target evmos instance. The attacker can use this joined chain to transfer unclaimed funds. Users are advised to upgrade. There are no known workarounds for this issue. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24738 CVE-2022-25214 Improper access control on the LocalClientList.asp interface allows an unauthenticated remote attacker to obtain sensitive information concerning devices on the local area network, including IP and MAC addresses. Improper access control on the wirelesssetup.asp interface allows an unauthenticated remote attacker to obtain the WPA passphrases for the 2.4GHz and 5.0GHz wireless networks. This is particularly dangerous given that the K2G setup wizard presents the user with the option of using the same password for the 2.4Ghz network and the administrative interface, by clicking a checkbox. When Remote Managment is enabled, these endpoints are exposed to the WAN. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25214 CVE-2022-24751 Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24751 CVE-2022-0815 Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0815 CVE-2021-35244 The “Log alert to a file” action within action management enables any Orion Platform user with Orion alert management rights to write to any file. An attacker with Orion alert management rights could use this vulnerability to perform an unrestricted file upload causing a remote code execution. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-35244 CVE-2022-0557 OS Command Injection in Packagist microweber/microweber prior to 1.2.11. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-0557 CVE-2022-21828 A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21828 CVE-2022-0440 The Catch Themes Demo Import WordPress plugin before 2.1.1 does not validate one of the file to be imported, which could allow high privivilege admin to upload an arbitrary PHP file and gain RCE even in the case of an hardened blog (ie DISALLOW_UNFILTERED_HTML, DISALLOW_FILE_EDIT and DISALLOW_FILE_MODS constants set to true) 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-0440 CVE-2022-24506 Azure Site Recovery Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-24469, CVE-2022-24515, CVE-2022-24518, CVE-2022-24519. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-24506 CVE-2022-25225 Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in ‘/api/eventinstance’ via the ‘sqlparameter’ JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-25225 CVE-2022-26521 Abantecart through 1.3.2 allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Catalog>Media Manager>Images settings can be changed by an administrator (e.g., by configuring .php to be a valid image file type). 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26521 CVE-2021-32474 An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-32474 CVE-2022-24387 With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-24387 CVE-2022-0944 Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-0944 CVE-2020-3264 A vulnerability in Cisco SD-WAN Solution software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted traffic to an affected device. A successful exploit could allow the attacker to gain access to information that they are not authorized to access and make changes to the system that they are not authorized to make. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2020-3264 CVE-2021-3752 A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-3752 CVE-2021-4090 An out-of-bounds (OOB) memory write flaw was found in the NFSD in the Linux kernel. Missing sanity may lead to a write beyond bmval[bmlen-1] in nfsd4_decode_bitmap4 in fs/nfsd/nfs4xdr.c. In this flaw, a local attacker with user privilege may gain access to out-of-bounds memory, leading to a system integrity and confidentiality threat. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2021-4090 CVE-2022-0905 Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0905 CVE-2022-25821 Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25821 CVE-2021-4083 A read-after-free memory flaw was found in the Linux kernel’s garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-4083 CVE-2021-3640 A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-3640 CVE-2022-24505 Windows ALPC Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23283, CVE-2022-23287. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-24505 CVE-2022-26488 In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-26488 CVE-2022-23036 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23036 CVE-2022-23037 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23037 CVE-2022-23038 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23038 CVE-2022-23039 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23039 CVE-2022-23040 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23040 CVE-2022-23041 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23041 CVE-2022-23042 Linux PV device frontends vulnerable to attacks by backends T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Several Linux PV device frontends are using the grant table interfaces for removing access rights of the backends in ways being subject to race conditions, resulting in potential data leaks, data corruption by malicious backends, and denial of service triggered by malicious backends: blkfront, netfront, scsifront and the gntalloc driver are testing whether a grant reference is still in use. If this is not the case, they assume that a following removal of the granted access will always succeed, which is not true in case the backend has mapped the granted page between those two operations. As a result the backend can keep access to the memory page of the guest no matter how the page will be used after the frontend I/O has finished. The xenbus driver has a similar problem, as it doesn’t check the success of removing the granted access of a shared ring buffer. blkfront: CVE-2022-23036 netfront: CVE-2022-23037 scsifront: CVE-2022-23038 gntalloc: CVE-2022-23039 xenbus: CVE-2022-23040 blkfront, netfront, scsifront, usbfront, dmabuf, xenbus, 9p, kbdfront, and pvcalls are using a functionality to delay freeing a grant reference until it is no longer in use, but the freeing of the related data page is not synchronized with dropping the granted access. As a result the backend can keep access to the memory page even after it has been freed and then re-used for a different purpose. CVE-2022-23041 netfront will fail a BUG_ON() assertion if it fails to revoke access in the rx path. This will result in a Denial of Service (DoS) situation of the guest which can be triggered by the backend. CVE-2022-23042 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23042 CVE-2022-20055 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160830. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20055 CVE-2022-25213 Improper physical access control and use of hard-coded credentials in /etc/passwd permits an attacker with physical access to obtain a root shell via an unprotected UART port on the device. The same port exposes an unauthenticated Das U-Boot BIOS shell. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25213 CVE-2021-33150 Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33150 CVE-2020-5419 RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2020-5419 CVE-2022-22943 VMware Tools for Windows (11.x.y and 10.x.y prior to 12.0.0) contains an uncontrolled search path vulnerability. A malicious actor with local administrative privileges in the Windows guest OS, where VMware Tools is installed, may be able to execute code with system privileges in the Windows guest OS due to an uncontrolled search path element. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-22943 CVE-2022-20049 In vpu, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05954679; Issue ID: ALPS05954679. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20049 CVE-2022-20050 In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID: ALPS06335038. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20050 CVE-2022-0921 Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-0921 CVE-2021-39719 In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-39719 CVE-2022-20056 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160820. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-20056 CVE-2022-20058 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-20058 CVE-2022-20059 In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-20059 CVE-2022-20060 In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-20060 CVE-2018-8098 Integer overflow in the index.c:read_entry() function while decompressing a compressed prefix length in libgit2 before v0.26.2 allows an attacker to cause a denial of service (out-of-bounds read) via a crafted repository index file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8098 CVE-2018-8099 Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-8099 CVE-2018-10888 A flaw was found in libgit2 before version 0.27.3. A missing check in git_delta_apply function in delta.c file, may lead to an out-of-bound read while reading a binary delta file. An attacker may use this flaw to cause a Denial of Service. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2018-10888 CVE-2021-29975 Through a series of DOM manipulations, a message, over which the attacker had control of the text but not HTML or formatting, could be overlaid on top of another domain (with the new domain correctly shown in the address bar) resulting in possible user confusion. This vulnerability affects Firefox < 90. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29975 CVE-2021-29982 Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. This vulnerability affects Firefox < 91 and Thunderbird < 91. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29982 CVE-2021-29987 After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. *This bug only affects Firefox on Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 91 and Thunderbird < 91. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-29987 CVE-2021-40964 A Path Traversal vulnerability exists in TinyFileManager all version up to and including 2.4.6 that allows attackers to upload a file (with Admin credentials or with the CSRF vulnerability) with the “fullpath” parameter containing path traversal strings (../ and ..\\) in order to escape the server’s intended working directory and write malicious files onto any directory on the computer. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40964 CVE-2021-37420 Zoho ManageEngine ADSelfService Plus before 6112 is vulnerable to mail spoofing. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37420 CVE-2021-41125 Scrapy is a high-level web crawling and scraping framework for Python. If you use `HttpAuthMiddleware` (i.e. the `http_user` and `http_pass` spider attributes) for HTTP authentication, all requests will expose your credentials to the request target. This includes requests generated by Scrapy components, such as `robots.txt` requests sent by Scrapy when the `ROBOTSTXT_OBEY` setting is set to `True`, or as requests reached through redirects. Upgrade to Scrapy 2.5.1 and use the new `http_auth_domain` spider attribute to control which domains are allowed to receive the configured HTTP authentication credentials. If you are using Scrapy 1.8 or a lower version, and upgrading to Scrapy 2.5.1 is not an option, you may upgrade to Scrapy 1.8.1 instead. If you cannot upgrade, set your HTTP authentication credentials on a per-request basis, using for example the `w3lib.http.basic_auth_header` function to convert your credentials into a value that you can assign to the `Authorization` header of your request, instead of defining your credentials globally using `HttpAuthMiddleware`. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41125 CVE-2021-38491 Mixed-content checks were unable to analyze opaque origins which led to some mixed content being loaded. This vulnerability affects Firefox < 92. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38491 CVE-2021-38507 The Opportunistic Encryption feature of HTTP2 (RFC 8164) allows a connection to be transparently upgraded to TLS while retaining the visual properties of an HTTP connection, including being same-origin with unencrypted connections on port 80. However, if a second encrypted port on the same IP address (e.g. port 8443) did not opt-in to opportunistic encryption; a network attacker could forward a connection from the browser to port 443 to port 8443, causing the browser to treat the content of port 8443 as same-origin with HTTP. This was resolved by disabling the Opportunistic Encryption feature, which had low usage. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38507 CVE-2021-43528 Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43528 CVE-2021-43536 Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43536 CVE-2021-43540 WebExtensions with the correct permissions were able to create and install ServiceWorkers for third-party websites that would not have been uninstalled with the extension. This vulnerability affects Firefox < 95. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43540 CVE-2021-43541 When invoking protocol handlers for external protocols, a supplied parameter URL containing spaces was not properly escaped. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43541 CVE-2021-43542 Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-43542 CVE-2022-0273 Improper Access Control in Pypi calibreweb prior to 0.6.16. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0273 CVE-2021-24761 The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24761 CVE-2021-25097 The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in place when deleting publications, allowing any authenticated users, such as subscriber to delete arbitrary publication 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25097 CVE-2022-24684 HashiCorp Nomad and Nomad Enterprise before 1.0.17, 1.1.x before 1.1.12, and 1.2.x before 1.2.6 has Uncontrolled Resource Consumption. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24684 CVE-2022-0577 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0577 CVE-2022-24737 HTTPie is a command-line HTTP client. HTTPie has the practical concept of sessions, which help users to persistently store some of the state that belongs to the outgoing requests and incoming responses on the disk for further usage. Before 3.1.0, HTTPie didn‘t distinguish between cookies and hosts they belonged. This behavior resulted in the exposure of some cookies when there are redirects originating from the actual host to a third party website. Users are advised to upgrade. There are no known workarounds. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24737 CVE-2022-26319 An installer search patch element vulnerability in Trend Micro Portable Security 3.0 Pro, 3.0 and 2.0 could allow a local attacker to place an arbitrarily generated DLL file in an installer folder to elevate local privileges. Please note: an attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26319 CVE-2022-24502 Windows HTML Platforms Security Feature Bypass Vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24502 CVE-2022-24741 Nextcloud server is an open source, self hosted cloud style services platform. In affected versions an attacker can cause a denial of service by uploading specially crafted files which will cause the server to allocate too much memory / CPU. It is recommended that the Nextcloud Server is upgraded to 21.0.8 , 22.2.4 or 23.0.1. Users unable to upgrade should disable preview generation with the `’enable_previews’` config flag. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24741 CVE-2022-24745 Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions guest sessions are shared between customers when HTTP cache is enabled. This can lead to inconsistent experiences for guest users. Setups with Varnish are not affected by this issue. This issue has been resolved in version 6.4.8.2. Users unable to upgrade should disable the HTTP Cache. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24745 CVE-2021-28488 Ericsson Network Manager (ENM) before 21.2 has incorrect access-control behavior (that only affects the level of access available to persons who were already granted a highly privileged role). Users in the same AMOS authorization group can retrieve managed-network data that was not set to be accessible to the entire group (i.e., was only set to be accessible to a subset of that group). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28488 CVE-2021-32436 An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32436 CVE-2021-41657 SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41657 CVE-2022-20057 In btif, there is a possible memory corruption due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06271186; Issue ID: ALPS06271186. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20057 CVE-2022-24398 Under certain conditions SAP Business Objects Business Intelligence Platform – versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24398 CVE-2022-25243 “Vault and Vault Enterprise 1.8.0 through 1.8.8, and 1.9.3 allowed the PKI secrets engine under certain configurations to issue wildcard certificates to authorized users for a specified domain, even if the PKI role policy attribute allow_subdomains is set to false. Fixed in Vault Enterprise 1.8.9 and 1.9.4. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25243 CVE-2022-25244 Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25244 CVE-2022-26652 NATS nats-server before 2.7.4 allows Directory Traversal (with write access) via an element in a ZIP archive for JetStream streams. nats-streaming-server before 0.24.3 is also affected. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26652 CVE-2022-26661 An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26661 CVE-2022-26778 Veritas System Recovery (VSR) 18 and 21 stores a network destination password in the Windows registry during configuration of the backup configuration. This could allow a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26778 CVE-2022-0821 Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0821 CVE-2022-25506 FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25506 CVE-2022-25511 An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25511 CVE-2022-0932 Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0932 CVE-2021-26341 Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26341 CVE-2022-0001 Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0001 CVE-2022-0002 Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0002 CVE-2022-23625 Wire-ios is a messaging application using the wire protocol on apple’s ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23625 CVE-2021-42262 An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42262 CVE-2022-24385 A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24385 CVE-2021-24692 The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-24692 CVE-2022-0593 The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0593 CVE-2021-39051 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-39051 CVE-2022-22353 IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22353 CVE-2021-42389 Divide-by-zero in Clickhouse’s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42389 CVE-2021-42390 Divide-by-zero in Clickhouse’s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42390 CVE-2021-42391 Divide-by-zero in Clickhouse’s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42391 CVE-2022-24762 sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24762 CVE-2022-27201 Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27201 CVE-2022-27208 Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27208 CVE-2022-27210 A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27210 CVE-2022-27225 Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27225 CVE-2021-20257 An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20257 CVE-2021-3700 A use-after-free vulnerability was found in usbredir in versions prior to 0.11.0 in the usbredirparser_serialize() in usbredirparser/usbredirparser.c. This issue occurs when serializing large amounts of buffered write data in the case of a slow or blocked destination. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-3700 CVE-2021-24982 The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard 6.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24982 CVE-2022-0280 A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0280 CVE-2021-44964 Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. 6.3 https://nvd.nist.gov/vuln/detail/CVE-2021-44964 CVE-2022-25822 An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. 6.2 https://nvd.nist.gov/vuln/detail/CVE-2022-25822 CVE-2017-4965 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2017-4965 CVE-2017-4967 An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2017-4967 CVE-2021-43543 Documents loaded with the CSP sandbox directive could have escaped the sandbox’s script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43543 CVE-2021-42063 A security vulnerability has been discovered in the SAP Knowledge Warehouse – versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42063 CVE-2022-23397 The Cedar Gate EZ-NET portal 6.5.5 6.8.0 Internet portal has a call to display messages to users which does not properly sanitize data sent in through a URL parameter. This leads to a Reflected Cross-Site Scripting vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23397 CVE-2021-46379 DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through URL redirection to untrusted site. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46379 CVE-2022-24746 Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions it is possible to inject code via the voucher code form. This issue has been patched in version 6.4.8.1. There are no known workarounds for this issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24746 CVE-2022-24177 A cross-site scripting (XSS) vulnerability in the component cgi-bin/ej.cgi of Ex libris ALEPH 500 v18.1 and v20 allows attackers to execute arbitrary web scripts or HTML. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24177 CVE-2022-24395 SAP NetWeaver Enterprise Portal – versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24395 CVE-2022-24397 SAP NetWeaver Enterprise Portal – versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of victim’s web browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24397 CVE-2022-24399 The SAP Focused Run (Real User Monitoring) – versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24399 CVE-2022-24608 Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24608 CVE-2022-26101 Fiori launchpad – versions 754, 755, 756, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26101 CVE-2021-44585 A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44585 CVE-2022-0820 Cross-site Scripting (XSS) – Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0820 CVE-2021-46708 The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim’s click actions and possibly launch further attacks against the victim. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46708 CVE-2021-27414 An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-27414 CVE-2021-32009 Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32009 CVE-2021-32478 The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32478 CVE-2022-25601 Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25601 CVE-2021-44667 A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-44667 CVE-2022-26533 Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26533 CVE-2022-0929 XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0929 CVE-2021-46709 phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-46709 CVE-2022-24384 Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24384 CVE-2021-24940 The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24940 CVE-2021-24996 The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24996 CVE-2021-25006 The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25006 CVE-2022-0147 The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0147 CVE-2022-0230 The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0230 CVE-2022-0248 The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0248 CVE-2022-0321 The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0321 CVE-2022-0327 The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0327 CVE-2022-0399 The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action’s response, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0399 CVE-2022-0449 The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0449 CVE-2022-0503 The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0503 CVE-2022-0601 The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0601 CVE-2022-0648 The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0648 CVE-2022-22734 The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22734 CVE-2022-22344 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22344 CVE-2022-24733 Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker’s page overlays the target application’s interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: “sameorigin“. To achieve that, add a new `subscriber` in the app. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24733 CVE-2022-24749 Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24749 CVE-2022-0951 File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0951 CVE-2021-43956 The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43956 CVE-2021-42552 Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim’s browser. This issue affects all ArchivistaBox versions prior to 2022/I. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-42552 CVE-2022-0986 Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0986 CVE-2021-3607 An integer overflow was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-3607 CVE-2021-3608 A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-3608 CVE-2021-38502 Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication method was configured, the MITM could obtain the authentication credentials, too. This vulnerability affects Thunderbird < 91.2. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-38502 CVE-2021-4160 There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-4160 CVE-2022-24686 HashiCorp Nomad and Nomad Enterprise 0.3.0 through 1.0.17, 1.1.11, and 1.2.5 artifact download functionality has a race condition such that the Nomad client agent could download the wrong artifact into the wrong destination. Fixed in 1.0.18, 1.1.12, and 1.2.6 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-24686 CVE-2021-26401 LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. 5.6 https://nvd.nist.gov/vuln/detail/CVE-2021-26401 CVE-2022-23960 Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. 5.6 https://nvd.nist.gov/vuln/detail/CVE-2022-23960 CVE-2021-0561 In append_to_verify_fifo_interleaved_ of stream_encoder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-174302683 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-0561 CVE-2021-3707 D-Link router DSL-2750U with firmware vME1.16 or prior versions is vulnerable to unauthorized configuration modification. An unauthenticated attacker on the local network may exploit this, with CVE-2021-3708, to execute any OS commands on the vulnerable device. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3707 CVE-2021-42733 Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42733 CVE-2021-45958 UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45958 CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0561 CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0562 CVE-2021-3947 A stack-buffer-overflow was found in QEMU in the NVME component. The flaw lies in nvme_changed_nslist() where a malicious guest controlling certain input can read out of bounds memory. A malicious user could use this flaw leading to disclosure of sensitive information. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3947 CVE-2022-24725 Shescape is a shell escape package for JavaScript. An issue in versions 1.4.0 to 1.5.1 allows for exposure of the home directory on Unix systems when using Bash with the `escape` or `escapeAll` functions from the _shescape_ API with the `interpolation` option set to `true`. Other tested shells, Dash and Zsh, are not affected. Depending on how the output of _shescape_ is used, directory traversal may be possible in the application using _shescape_. The issue was patched in version 1.5.1. As a workaround, manually escape all instances of the tilde character (`~`) using `arg.replace(/~/g, “\\\\~”)`. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24725 CVE-2022-22946 In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22946 CVE-2022-26336 A shortcoming in the HMEF package of poi-scratchpad (Apache POI) allows an attacker to cause an Out of Memory exception. This package is used to read TNEF files (Microsoft Outlook and Microsoft Exchange Server). If an application uses poi-scratchpad to parse TNEF files and the application allows untrusted users to supply them, then a carefully crafted file can cause an Out of Memory exception. This issue affects poi-scratchpad version 5.2.0 and prior versions. Users are recommended to upgrade to poi-scratchpad 5.2.1. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26336 CVE-2021-20300 A flaw was found in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20300 CVE-2021-20302 A flaw was found in OpenEXR’s TiledInputFile functionality. This flaw allows an attacker who can submit a crafted single-part non-image to be processed by OpenEXR, to trigger a floating-point exception error. The highest threat from this vulnerability is to system availability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20302 CVE-2021-38988 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212950. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38988 CVE-2021-38989 IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX kernel to cause a denial of service. IBM X-Force ID: 212951. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38989 CVE-2022-24511 Microsoft Office Word Tampering Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24511 CVE-2022-0890 NULL Pointer Dereference in GitHub repository mruby/mruby prior to 3.2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0890 CVE-2021-32434 abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32434 CVE-2021-32435 Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32435 CVE-2022-0433 A NULL pointer dereference flaw was found in the Linux kernel’s BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0433 CVE-2022-20051 In ims service, there is a possible unexpected application behavior due to incorrect privilege assignment. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219127; Issue ID: ALPS06219127. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20051 CVE-2022-25819 OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25819 CVE-2022-25825 Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25825 CVE-2022-26878 drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket buffers have memory allocated but not freed). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26878 CVE-2022-0907 Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0907 CVE-2022-0908 Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0908 CVE-2022-0909 Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0909 CVE-2022-0924 Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0924 CVE-2022-24090 Adobe Photoshop versions 23.1.1 (and earlier) and 22.5.5 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24090 CVE-2021-41849 An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user’s list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41849 CVE-2022-26966 An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26966 CVE-2022-24574 GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24574 CVE-2022-24576 GPAC 1.0.1 is affected by Use After Free through MP4Box. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24576 CVE-2021-25026 The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field “Custom Patreon Page name”, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25026 CVE-2022-24742 Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24742 CVE-2022-27193 CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27193 CVE-2022-0961 The microweber application allows large characters to insert in the input field “post title” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0961 CVE-2022-0968 The microweber application allows large characters to insert in the input field “fist & last name” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0968 CVE-2021-46705 A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46705 CVE-2022-21945 A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21945 CVE-2021-20180 A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-20180 CVE-2021-40737 Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40737 CVE-2021-40741 Adobe Audition version 14.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40741 CVE-2021-40742 Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40742 CVE-2021-40750 Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40750 CVE-2021-40762 Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40762 CVE-2021-40767 Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40767 CVE-2021-40768 Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40768 CVE-2021-40778 Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40778 CVE-2021-40781 Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40781 CVE-2021-40782 Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40782 CVE-2021-40785 Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40785 CVE-2021-40788 Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40788 CVE-2021-40789 Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40789 CVE-2021-40796 Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40796 CVE-2021-42263 Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42263 CVE-2021-42264 Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42264 CVE-2022-22511 Various configuration pages of the device are vulnerable to reflected XSS (Cross-Site Scripting) attacks. An authorized attacker with user privileges may use this to gain access to confidential information on a PC that connects to the WBM after it has been compromised. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22511 CVE-2022-24432 Persistent cross-site scripting (XSS) in the web interface of ipDIO allows an authenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into specific fields. The XSS payload will be executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services). 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24432 CVE-2022-26102 Due to missing authorization check, SAP NetWeaver Application Server for ABAP – versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn’t authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26102 CVE-2022-25507 FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Callsign parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-25507 CVE-2022-0822 Cross-site Scripting (XSS) – Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0822 CVE-2022-26874 lib/Horde/Mime/Viewer/Ooo.php in Horde Mime_Viewer before 2.2.4 allows XSS via an OpenOffice document, leading to account takeover in Horde Groupware Webmail Edition. This occurs after XSLT rendering. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26874 CVE-2022-0928 Cross-site Scripting (XSS) – Stored in GitHub repository microweber/microweber prior to 1.2.12. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0928 CVE-2021-27416 An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-27416 CVE-2021-32475 ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-32475 CVE-2022-0880 Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0880 CVE-2021-45889 An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-45889 CVE-2022-0937 Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0937 CVE-2022-0341 Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.12. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0341 CVE-2022-0938 Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0938 CVE-2022-0940 Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0940 CVE-2022-0941 Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0941 CVE-2022-24386 Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24386 CVE-2022-0946 Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0946 CVE-2021-24897 The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24897 CVE-2021-24950 The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24950 CVE-2021-24958 The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin’s settings and put Cross-Site Scripting payloads in them 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-24958 CVE-2022-0960 Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0960 CVE-2022-0962 Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0962 CVE-2021-39055 IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-39055 CVE-2022-0945 Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0945 CVE-2022-0950 Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0950 CVE-2022-0893 Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0893 CVE-2022-0894 Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0894 CVE-2022-0954 Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop’s Other Settings, Shop’s Autorespond E-mail Settings and Shops’ Payments Methods in GitHub repository microweber/microweber prior to 1.2.11. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0954 CVE-2022-0956 Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0956 CVE-2022-0957 Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0957 CVE-2022-0942 Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0942 CVE-2022-0963 Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0963 CVE-2022-0964 Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0964 CVE-2022-0965 Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0965 CVE-2022-0966 Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0966 CVE-2022-0967 Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0967 CVE-2022-0970 Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0970 CVE-2022-27212 Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the ‘List Git branches (and more)’ parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-27212 CVE-2022-0911 Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0911 CVE-2022-0704 Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0704 CVE-2022-0705 Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0705 CVE-2021-45787 There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-45787 CVE-2021-33853 A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-33853 CVE-2019-1551 There is an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against 2-prime RSA1024, 3-prime RSA1536, and DSA1024 as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH512 are considered just feasible. However, for an attack the target would have to re-use the DH512 private key, which is not recommended anyway. Also applications directly using the low level API BN_mod_exp may be affected if they use BN_FLG_CONSTTIME. Fixed in OpenSSL 1.1.1e (Affected 1.1.1-1.1.1d). Fixed in OpenSSL 1.0.2u (Affected 1.0.2-1.0.2t). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2019-1551 CVE-2020-13956 Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-13956 CVE-2021-25009 The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly accessible, and contain sensitive information such as sender/receiver names, phone numbers, physical and email addresses 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-25009 CVE-2022-24503 Remote Desktop Protocol Client Information Disclosure Vulnerability. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24503 CVE-2022-24747 Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. Affected versions of shopware do no properly set sensitive HTTP headers to be non-cacheable. If there is an HTTP cache between the server and client then headers may be exposed via HTTP caches. This issue has been resolved in version 6.4.8.2. There are no known workarounds. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24747 CVE-2022-25215 Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote attacker to add (or remove) client MAC addresses to (or from) a list of banned hosts. Clients with those MAC addresses are then prevented from accessing either the WAN or the router itself. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25215 CVE-2022-26103 Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) – version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26103 CVE-2022-26104 SAP Financial Consolidation – version 10.1, does not perform necessary authorization checks for updating homepage messages, resulting for an unauthorized user to alter the maintenance system message. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26104 CVE-2022-26847 SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about editorial objects. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26847 CVE-2021-38910 IBM DataPower Gateway V10CD, 10.0.1, and 2108.4.1 could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. By sending a specially crafted JSON message, an attacker could exploit this vulnerability to modify structure and fields. IBM X-Force ID: 209824. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-38910 CVE-2021-39025 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address information when the web backend is down. IBM X-Force 213863. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-39025 CVE-2021-41233 Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of “File Drop”. For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41233 CVE-2022-0870 Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0870 CVE-2021-32473 It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32473 CVE-2022-25839 The package url-js before 2.1.0 are vulnerable to Improper Input Validation due to improper parsing, which makes it is possible for the hostname to be spoofed. http://\\\\\\\\\\\\\\\\localhost and http://localhost are the same URL. However, the hostname is not parsed as localhost, and the backslash is reflected as it is. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25839 CVE-2022-26276 An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-26276 CVE-2021-29134 The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29134 CVE-2021-45852 An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-45852 CVE-2021-43774 A risky-algorithm issue was discovered on Fujifilm DocuCentre-VI C4471 1.8 devices. An attacker that obtained access to the administrative web interface of a printer (e.g., by using the default credentials) can download the address book file, which contains the list of users (domain users, FTP users, etc.) stored on the printer, together with their encrypted passwords. The passwords are protected by a weak cipher, such as ROT13, which requires minimal effort to instantly retrieve the original password, giving the attacker a list of valid domain or FTP usernames and passwords. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-43774 CVE-2021-24966 The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-24966 CVE-2021-38971 IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-38971 CVE-2020-36519 Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.) 4.9 https://nvd.nist.gov/vuln/detail/CVE-2020-36519 CVE-2022-0906 Unrestricted file upload leads to stored XSS in GitHub repository microweber/microweber prior to 1.1.12. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0906 CVE-2022-0912 Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0912 CVE-2022-0926 File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0926 CVE-2022-0930 File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0930 CVE-2021-45888 An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45888 CVE-2021-24895 The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24895 CVE-2021-24995 The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24995 CVE-2021-41952 Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim’s cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41952 CVE-2022-0659 The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0659 CVE-2022-0674 The Kunze Law WordPress plugin before 2.1 does not escape its ‘E-Mail Error “From” Address’ settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0674 CVE-2022-0684 The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0684 CVE-2022-0700 The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0700 CVE-2022-0701 The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0701 CVE-2022-0702 The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0702 CVE-2022-0703 The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0703 CVE-2022-27200 Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27200 CVE-2022-25368 Spectre BHB is a variant of Spectre-v2 in which malicious code uses the shared branch history (stored in the CPU BHB) to influence mispredicted branches in the victim’s hardware context. Speculation caused by these mispredicted branches can then potentially be used to cause cache allocation, which can then be used to infer information that should be protected. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-25368 CVE-2022-24932 Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-24932 CVE-2022-25816 Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-25816 CVE-2022-25820 A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-25820 CVE-2021-4002 A memory leak flaw in the Linux kernel’s hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-4002 CVE-2022-24349 An authenticated user can create a link with reflected XSS payload for actions’ pages, and send it to other users. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim. This attack can be implemented with the help of social engineering and expiration of a number of factors – an attacker should have authorized access to the Zabbix Frontend and allowed network connection between a malicious server and victim’s computer, understand attacked infrastructure, be recognized by the victim as a trustee and use trusted communication channel. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24349 CVE-2022-24917 An authenticated user can create a link with reflected Javascript code inside it for services’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24917 CVE-2022-24918 An authenticated user can create a link with reflected Javascript code inside it for items’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24918 CVE-2022-24919 An authenticated user can create a link with reflected Javascript code inside it for graphs’ page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict. Malicious code has access to all the same objects as the rest of the web page and can make arbitrary modifications to the contents of the page being displayed to a victim during social engineering attacks. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24919 CVE-2022-26355 Citrix Federated Authentication Service (FAS) 7.17 – 10.6 causes deployments that have been configured to store a registration authority certificate’s private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificate’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26355 CVE-2021-39722 In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-39722 CVE-2021-39724 In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A 4.4 https://nvd.nist.gov/vuln/detail/CVE-2021-39724 CVE-2021-29974 When network partitioning was enabled, e.g. as a result of Enhanced Tracking Protection settings, a TLS error page would allow the user to override an error on a domain which had specified HTTP Strict Transport Security (which implies that the error should not be override-able.) This issue did not affect the network connections, and they were correctly upgraded to HTTPS automatically. This vulnerability affects Firefox < 90. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29974 CVE-2021-38508 By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the user potentially being tricked into granting the permission. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-38508 CVE-2021-38509 Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker’s choosing. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-38509 CVE-2021-43538 By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for spoofing attacks. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43538 CVE-2021-43546 It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43546 CVE-2022-0414 Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0414 CVE-2022-23708 A flaw was discovered in Elasticsearch 7.17.0’s upgrade assistant, in which upgrading from version 6.x to 7.x would disable the in-built protections on the security index, allowing authenticated users with “*” index permissions access to this index. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23708 CVE-2022-23709 A flaw was discovered in Kibana in which users with Read access to the Uptime feature could modify alerting rules. A user with this privilege would be able to create new alerting rules or overwrite existing ones. However, any new or modified rules would not be enabled, and a user with this privilege could not modify alerting connectors. This effectively means that Read users could disable existing alerting rules. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-23709 CVE-2021-24824 The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This could lead to sensitive data disclosure, for example when used in combination with WooCommerce, the email address of orders can be retrieved 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24824 CVE-2021-24825 The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display arbitrary files from the filesystem (such as logs, .htaccess etc), as well as perform Local File Inclusion attacks as PHP files will be executed. Please note that such attack is still possible by admin+ in single site blogs by default (but won’t be when either the unfiltered_html or file_edit is disallowed) 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24825 CVE-2021-32006 This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32006 CVE-2018-25031 Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2018-25031 CVE-2021-32472 Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32472 CVE-2021-32477 The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-32477 CVE-2021-43954 The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have ‘can add repository permission’, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43954 CVE-2020-4989 IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-4989 CVE-2022-27199 A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27199 CVE-2022-27214 A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27214 CVE-2021-43955 The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-43955 CVE-2020-9488 Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1 3.7 https://nvd.nist.gov/vuln/detail/CVE-2020-9488 CVE-2022-21170 Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21170 CVE-2019-11291 Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.16.7 and 1.17.x versions prior to 1.17.4, contain two endpoints, federation and shovel, which do not properly sanitize user input. A remote authenticated malicious user with administrative access could craft a cross site scripting attack via the vhost or node name fields that could grant access to virtual hosts and policy management information. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2019-11291 CVE-2022-24744 Shopware is an open commerce platform based on the Symfony php Framework and the Vue javascript framework. In affected versions user sessions are not logged out if the password is reset via password recovery. This issue has been resolved in version 6.4.8.1. For older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. 3.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24744 CVE-2020-8908 A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime’s java.io.tmpdir system property to point to a location whose permissions are appropriately configured. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-8908 CVE-2022-24929 Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24929 CVE-2022-24930 An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24930 CVE-2022-25817 Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25817 CVE-2022-25823 Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25823 CVE-2022-25824 Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25824 CVE-2022-25826 Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25826 CVE-2022-25827 Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25827 CVE-2022-25828 Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25828 CVE-2022-25829 Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25829 CVE-2022-25830 Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-25830 CVE-2021-40766 Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40766 CVE-2021-40769 Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2021-40769 CVE-2022-22348 IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22348 CVE-2013-3523 SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 allows remote to execute arbitrary SQL commands via vectors related to op=page&id= in the URL. – https://nvd.nist.gov/vuln/detail/CVE-2013-3523 CVE-2014-9649 Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message. – https://nvd.nist.gov/vuln/detail/CVE-2014-9649 CVE-2014-9650 CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions. – https://nvd.nist.gov/vuln/detail/CVE-2014-9650 CVE-2022-27195 Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-27195 CVE-2022-27196 Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. – https://nvd.nist.gov/vuln/detail/CVE-2022-27196 CVE-2022-27197 Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet’s Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. – https://nvd.nist.gov/vuln/detail/CVE-2022-27197 CVE-2022-27198 A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. – https://nvd.nist.gov/vuln/detail/CVE-2022-27198 CVE-2022-27202 Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-27202 CVE-2022-27203 Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. – https://nvd.nist.gov/vuln/detail/CVE-2022-27203 CVE-2022-27204 A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. – https://nvd.nist.gov/vuln/detail/CVE-2022-27204 CVE-2022-27205 A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. – https://nvd.nist.gov/vuln/detail/CVE-2022-27205 CVE-2022-27206 Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-27206 CVE-2022-27207 Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the ‘Global Build Stats’ page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-27207 CVE-2022-27209 A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. – https://nvd.nist.gov/vuln/detail/CVE-2022-27209 CVE-2022-27211 A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. – https://nvd.nist.gov/vuln/detail/CVE-2022-27211 CVE-2022-27213 Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. – https://nvd.nist.gov/vuln/detail/CVE-2022-27213 CVE-2022-27215 A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-27215 CVE-2022-27216 Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-27216 CVE-2022-27217 Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-27217 CVE-2022-27218 Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. – https://nvd.nist.gov/vuln/detail/CVE-2022-27218 CVE-2022-25485 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25485 CVE-2022-25486 CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25486 CVE-2022-25487 Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25487 CVE-2022-25488 Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25488 CVE-2022-25489 Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the “A” parameter in /widgets/debug.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25489 CVE-2022-25490 HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25490 CVE-2022-25491 HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25491 CVE-2022-25492 HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25492 CVE-2022-25493 HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25493 CVE-2022-25494 Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25494 CVE-2022-25495 The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. – https://nvd.nist.gov/vuln/detail/CVE-2022-25495 CVE-2022-25497 CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25497 CVE-2022-25498 CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25498 CVE-2022-23989 In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. – https://nvd.nist.gov/vuln/detail/CVE-2022-23989 CVE-2022-26995 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-26995 CVE-2022-26996 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-26996 CVE-2022-26997 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-26997 CVE-2022-26998 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-26998 CVE-2022-26999 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-26999 CVE-2022-27000 Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-27000 CVE-2022-27001 Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-27001 CVE-2022-27002 Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-27002 CVE-2021-45851 A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server’s internal environment and services, often potentially leading to the attacker executing commands on the server. – https://nvd.nist.gov/vuln/detail/CVE-2021-45851 CVE-2021-39624 In Package Manger, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-67862680 – https://nvd.nist.gov/vuln/detail/CVE-2021-39624 CVE-2021-39667 In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093 – https://nvd.nist.gov/vuln/detail/CVE-2021-39667 CVE-2021-39685 In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2021-39685 CVE-2021-39686 In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2021-39686 CVE-2021-39689 In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206090748 – https://nvd.nist.gov/vuln/detail/CVE-2021-39689 CVE-2021-39690 In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204316511 – https://nvd.nist.gov/vuln/detail/CVE-2021-39690 CVE-2021-39692 In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 – https://nvd.nist.gov/vuln/detail/CVE-2021-39692 CVE-2021-39693 In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208662370 – https://nvd.nist.gov/vuln/detail/CVE-2021-39693 CVE-2021-39694 In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327 – https://nvd.nist.gov/vuln/detail/CVE-2021-39694 CVE-2021-39695 In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944 – https://nvd.nist.gov/vuln/detail/CVE-2021-39695 CVE-2021-39697 In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547 – https://nvd.nist.gov/vuln/detail/CVE-2021-39697 CVE-2021-39698 In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2021-39698 CVE-2021-39701 In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 – https://nvd.nist.gov/vuln/detail/CVE-2021-39701 CVE-2021-39702 In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380 – https://nvd.nist.gov/vuln/detail/CVE-2021-39702 CVE-2021-39703 In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-207057578 – https://nvd.nist.gov/vuln/detail/CVE-2021-39703 CVE-2021-39704 In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481 – https://nvd.nist.gov/vuln/detail/CVE-2021-39704 CVE-2021-39705 In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-186026746 – https://nvd.nist.gov/vuln/detail/CVE-2021-39705 CVE-2021-39706 In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168 – https://nvd.nist.gov/vuln/detail/CVE-2021-39706 CVE-2021-39707 In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991 – https://nvd.nist.gov/vuln/detail/CVE-2021-39707 CVE-2021-39708 In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341 – https://nvd.nist.gov/vuln/detail/CVE-2021-39708 CVE-2021-39709 In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208817618 – https://nvd.nist.gov/vuln/detail/CVE-2021-39709 CVE-2021-39710 Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39710 CVE-2021-39711 In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2021-39711 CVE-2021-39712 In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39712 CVE-2021-39714 In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2021-39714 CVE-2021-39715 In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2021-39715 CVE-2021-39717 In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39717 CVE-2021-39718 In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39718 CVE-2021-39720 Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39720 CVE-2021-39721 In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39721 CVE-2021-39725 In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39725 CVE-2021-39726 In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39726 CVE-2021-39727 In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39727 CVE-2021-39729 In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39729 CVE-2021-39730 In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39730 CVE-2021-39731 In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39731 CVE-2021-39732 In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39732 CVE-2021-39733 In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39733 CVE-2021-39734 In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39734 CVE-2021-39735 In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39735 CVE-2021-39736 In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39736 CVE-2021-39737 Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39737 CVE-2021-39792 In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2021-39792 CVE-2021-39793 In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2021-39793 CVE-2021-41987 In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must control the SCEP server for a valid certificate. This affects mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10. – https://nvd.nist.gov/vuln/detail/CVE-2021-41987 CVE-2021-45821 A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server. – https://nvd.nist.gov/vuln/detail/CVE-2021-45821 CVE-2022-0811 A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. – https://nvd.nist.gov/vuln/detail/CVE-2022-0811 CVE-2022-0918 A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. – https://nvd.nist.gov/vuln/detail/CVE-2022-0918 CVE-2022-0959 When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. – https://nvd.nist.gov/vuln/detail/CVE-2022-0959 CVE-2022-0982 The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-0982 CVE-2022-23234 SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-23234 CVE-2022-25246 Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. – https://nvd.nist.gov/vuln/detail/CVE-2022-25246 CVE-2022-25247 Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-25247 CVE-2022-25248 When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. – https://nvd.nist.gov/vuln/detail/CVE-2022-25248 CVE-2022-25249 When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. – https://nvd.nist.gov/vuln/detail/CVE-2022-25249 CVE-2022-25250 When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. – https://nvd.nist.gov/vuln/detail/CVE-2022-25250 CVE-2022-25251 When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. – https://nvd.nist.gov/vuln/detail/CVE-2022-25251 CVE-2022-25252 When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product. – https://nvd.nist.gov/vuln/detail/CVE-2022-25252 CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-26353 CVE-2022-26354 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-26354 CVE-2022-26660 RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used. – https://nvd.nist.gov/vuln/detail/CVE-2022-26660 CVE-2021-23648 The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. – https://nvd.nist.gov/vuln/detail/CVE-2021-23648 CVE-2021-45822 A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the “n” (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code. – https://nvd.nist.gov/vuln/detail/CVE-2021-45822 CVE-2022-21164 The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check. – https://nvd.nist.gov/vuln/detail/CVE-2022-21164 CVE-2022-24728 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24728 CVE-2022-24729 CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24729 CVE-2022-23610 wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possible to create new accounts with fake SAML credentials. Under certain conditions that can be established by an attacker, an upstream library for parsing, rendering, signing, and validating SAML XML data was accepting public keys as trusted that were provided by the attacker in the signature. As a consequence, the attacker could login as any user in any Wire team with SAML SSO enabled. If SCIM was not enabled, the attacker could also create new users with new SAML NameIDs. In order to exploit this vulnerability, the attacker needs to know the SSO login code (distributed to all team members with SAML credentials and visible in the Team Management app), the SAML EntityID identifying the IdP (a URL not considered sensitive, but usually hard to guess, also visible in Team Management), and the SAML NameID of the user (usually an email address or a nick). The issue has been fixed in wire-server `2022-01-27` and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to `2022-01-27`, so that their backends are no longer affected. There are currently no known workarounds. More detailed information about how to reproduce the vulnerability and mitigation strategies is available in the GitHub Security Advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-23610 CVE-2022-26293 Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-26293 CVE-2022-26295 A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field. – https://nvd.nist.gov/vuln/detail/CVE-2022-26295 CVE-2021-42219 Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go. – https://nvd.nist.gov/vuln/detail/CVE-2021-42219 CVE-2022-26300 EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. – https://nvd.nist.gov/vuln/detail/CVE-2022-26300 CVE-2022-26534 FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks. – https://nvd.nist.gov/vuln/detail/CVE-2022-26534 CVE-2022-24072 The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. – https://nvd.nist.gov/vuln/detail/CVE-2022-24072 CVE-2022-24073 The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. – https://nvd.nist.gov/vuln/detail/CVE-2022-24073 CVE-2022-24074 Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises. – https://nvd.nist.gov/vuln/detail/CVE-2022-24074 CVE-2022-24075 Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. – https://nvd.nist.gov/vuln/detail/CVE-2022-24075 CVE-2021-45791 Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. – https://nvd.nist.gov/vuln/detail/CVE-2021-45791 CVE-2021-45792 Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. – https://nvd.nist.gov/vuln/detail/CVE-2021-45792 CVE-2022-1000 Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. – https://nvd.nist.gov/vuln/detail/CVE-2022-1000 CVE-2021-23632 All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require(“git”).Git; var repo = new Git(“repo-test”); var user_input = “version; date”; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work. – https://nvd.nist.gov/vuln/detail/CVE-2021-23632 CVE-2021-44908 SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules(). – https://nvd.nist.gov/vuln/detail/CVE-2021-44908 CVE-2021-45793 Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. – https://nvd.nist.gov/vuln/detail/CVE-2021-45793 CVE-2021-45794 Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. – https://nvd.nist.gov/vuln/detail/CVE-2021-45794 CVE-2022-0748 The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. – https://nvd.nist.gov/vuln/detail/CVE-2022-0748 CVE-2022-0749 This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. – https://nvd.nist.gov/vuln/detail/CVE-2022-0749 CVE-2022-25760 All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package’s exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on. – https://nvd.nist.gov/vuln/detail/CVE-2022-25760 CVE-2021-44259 A vulnerability is in the ‘wx.html’ page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner. – https://nvd.nist.gov/vuln/detail/CVE-2021-44259 CVE-2021-44260 A vulnerability is in the ‘live_mfg.html’ page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. – https://nvd.nist.gov/vuln/detail/CVE-2021-44260 CVE-2021-44261 A vulnerability is in the ‘BRS_top.html’ page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. – https://nvd.nist.gov/vuln/detail/CVE-2021-44261 CVE-2021-44262 A vulnerability is in the ‘MNU_top.htm’ page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. – https://nvd.nist.gov/vuln/detail/CVE-2021-44262 CVE-2022-24761 Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python’s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead. – https://nvd.nist.gov/vuln/detail/CVE-2022-24761 CVE-2020-15591 fexsrv in F*EX (aka Frams’ Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). – https://nvd.nist.gov/vuln/detail/CVE-2020-15591 CVE-2021-44906 Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). – https://nvd.nist.gov/vuln/detail/CVE-2021-44906 CVE-2022-26526 Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.) – https://nvd.nist.gov/vuln/detail/CVE-2022-26526 CVE-2022-24759 `@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24759 CVE-2022-25364 In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) – https://nvd.nist.gov/vuln/detail/CVE-2022-25364 CVE-2022-26503 Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-26503 CVE-2022-25949 The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. – https://nvd.nist.gov/vuln/detail/CVE-2022-25949 CVE-2022-25969 The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. – https://nvd.nist.gov/vuln/detail/CVE-2022-25969 CVE-2022-26081 The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. – https://nvd.nist.gov/vuln/detail/CVE-2022-26081 CVE-2022-26511 WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(‘current directory type’ DLL loading). – https://nvd.nist.gov/vuln/detail/CVE-2022-26511 CVE-2021-44907 A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior. – https://nvd.nist.gov/vuln/detail/CVE-2021-44907 CVE-2021-45040 The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. – https://nvd.nist.gov/vuln/detail/CVE-2021-45040 CVE-2021-46107 Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. – https://nvd.nist.gov/vuln/detail/CVE-2021-46107 CVE-2022-24770 `gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer’s computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user’s computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs. – https://nvd.nist.gov/vuln/detail/CVE-2022-24770 CVE-2022-26500 Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2022-26500 CVE-2022-26501 Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). – https://nvd.nist.gov/vuln/detail/CVE-2022-26501 CVE-2022-26504 Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe – https://nvd.nist.gov/vuln/detail/CVE-2022-26504 CVE-2021-43961 Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. – https://nvd.nist.gov/vuln/detail/CVE-2021-43961 CVE-2021-44087 A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. – https://nvd.nist.gov/vuln/detail/CVE-2021-44087 CVE-2021-44088 An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. – https://nvd.nist.gov/vuln/detail/CVE-2021-44088 CVE-2022-24302 In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. – https://nvd.nist.gov/vuln/detail/CVE-2022-24302 CVE-2022-0237 Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. – https://nvd.nist.gov/vuln/detail/CVE-2022-0237 CVE-2022-0757 Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the “ANY” and “OR” operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. – https://nvd.nist.gov/vuln/detail/CVE-2022-0757 CVE-2022-0758 Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130. – https://nvd.nist.gov/vuln/detail/CVE-2022-0758 CVE-2021-45966 An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters. – https://nvd.nist.gov/vuln/detail/CVE-2021-45966 CVE-2021-45967 An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. – https://nvd.nist.gov/vuln/detail/CVE-2021-45967 CVE-2021-45968 An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394. – https://nvd.nist.gov/vuln/detail/CVE-2021-45968 CVE-2022-27240 scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. – https://nvd.nist.gov/vuln/detail/CVE-2022-27240 CVE-2021-45868 In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. – https://nvd.nist.gov/vuln/detail/CVE-2021-45868 CVE-2022-26965 In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-26965 CVE-2022-27191 golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey. – https://nvd.nist.gov/vuln/detail/CVE-2022-27191 CVE-2021-22571 A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. – https://nvd.nist.gov/vuln/detail/CVE-2021-22571 CVE-2021-45834 An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product’s environment or lead to arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-45834 CVE-2021-45835 The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-45835 CVE-2022-24655 A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. – https://nvd.nist.gov/vuln/detail/CVE-2022-24655 CVE-2022-0742 Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. – https://nvd.nist.gov/vuln/detail/CVE-2022-0742 CVE-2022-24595 Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required. – https://nvd.nist.gov/vuln/detail/CVE-2022-24595 CVE-2022-24771 Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24771 CVE-2022-24772 Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24772 CVE-2022-24773 Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24773 CVE-2021-29899 IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. – https://nvd.nist.gov/vuln/detail/CVE-2021-29899 CVE-2021-39046 IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. – https://nvd.nist.gov/vuln/detail/CVE-2021-39046 CVE-2022-24637 Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ‘<?php (instead of the intended “<?php sequence) aren’t handled by the PHP interpreter. – https://nvd.nist.gov/vuln/detail/CVE-2022-24637 CVE-2020-15388 A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. – https://nvd.nist.gov/vuln/detail/CVE-2020-15388 CVE-2020-16232 In Yokogawa WideField3 R1.01 – R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file. – https://nvd.nist.gov/vuln/detail/CVE-2020-16232 CVE-2020-25176 Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. – https://nvd.nist.gov/vuln/detail/CVE-2020-25176 CVE-2020-25178 ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. – https://nvd.nist.gov/vuln/detail/CVE-2020-25178 CVE-2020-25180 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. – https://nvd.nist.gov/vuln/detail/CVE-2020-25180 CVE-2020-25182 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. – https://nvd.nist.gov/vuln/detail/CVE-2020-25182 CVE-2020-25184 Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. – https://nvd.nist.gov/vuln/detail/CVE-2020-25184 CVE-2020-25193 By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. – https://nvd.nist.gov/vuln/detail/CVE-2020-25193 CVE-2020-25197 A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. – https://nvd.nist.gov/vuln/detail/CVE-2020-25197 CVE-2021-23150 Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31). – https://nvd.nist.gov/vuln/detail/CVE-2021-23150 CVE-2021-23209 Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). – https://nvd.nist.gov/vuln/detail/CVE-2021-23209 CVE-2021-27789 The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program’s standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials. – https://nvd.nist.gov/vuln/detail/CVE-2021-27789 CVE-2021-30771 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-30771 CVE-2021-44760 Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). – https://nvd.nist.gov/vuln/detail/CVE-2021-44760 CVE-2021-4031 Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification. – https://nvd.nist.gov/vuln/detail/CVE-2021-4031 CVE-2022-0547 OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-0547 CVE-2022-1002 Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations. – https://nvd.nist.gov/vuln/detail/CVE-2022-1002 CVE-2022-1003 One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. – https://nvd.nist.gov/vuln/detail/CVE-2022-1003 CVE-2022-1011 A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too. – https://nvd.nist.gov/vuln/detail/CVE-2022-1011 CVE-2022-22578 A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22578 CVE-2022-22579 An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22579 CVE-2022-22583 A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files. – https://nvd.nist.gov/vuln/detail/CVE-2022-22583 CVE-2022-22584 A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22584 CVE-2022-22585 An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user’s files. – https://nvd.nist.gov/vuln/detail/CVE-2022-22585 CVE-2022-22586 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22586 CVE-2022-22587 A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. – https://nvd.nist.gov/vuln/detail/CVE-2022-22587 CVE-2022-22588 A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. – https://nvd.nist.gov/vuln/detail/CVE-2022-22588 CVE-2022-22589 A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. – https://nvd.nist.gov/vuln/detail/CVE-2022-22589 CVE-2022-22590 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22590 CVE-2022-22591 A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22591 CVE-2022-22592 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. – https://nvd.nist.gov/vuln/detail/CVE-2022-22592 CVE-2022-22593 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22593 CVE-2022-22594 A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. – https://nvd.nist.gov/vuln/detail/CVE-2022-22594 CVE-2022-22596 A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22596 CVE-2022-22597 A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22597 CVE-2022-22598 An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access. – https://nvd.nist.gov/vuln/detail/CVE-2022-22598 CVE-2022-22599 Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen. – https://nvd.nist.gov/vuln/detail/CVE-2022-22599 CVE-2022-22600 The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences. – https://nvd.nist.gov/vuln/detail/CVE-2022-22600 CVE-2022-22601 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22601 CVE-2022-22602 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22602 CVE-2022-22603 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22603 CVE-2022-22604 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22604 CVE-2022-22605 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22605 CVE-2022-22606 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22606 CVE-2022-22607 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22607 CVE-2022-22608 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22608 CVE-2022-22609 The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications’ settings. – https://nvd.nist.gov/vuln/detail/CVE-2022-22609 CVE-2022-22611 An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22611 CVE-2022-22612 A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption. – https://nvd.nist.gov/vuln/detail/CVE-2022-22612 CVE-2022-22613 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22613 CVE-2022-22614 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22614 CVE-2022-22615 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22615 CVE-2022-22617 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22617 CVE-2022-22618 This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. – https://nvd.nist.gov/vuln/detail/CVE-2022-22618 CVE-2022-22620 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. – https://nvd.nist.gov/vuln/detail/CVE-2022-22620 CVE-2022-22621 This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. – https://nvd.nist.gov/vuln/detail/CVE-2022-22621 CVE-2022-22622 This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. – https://nvd.nist.gov/vuln/detail/CVE-2022-22622 CVE-2022-22623 Multiple issues were addressed by updating to curl version 7.79.1. This issue is fixed in macOS Monterey 12.3. Multiple issues in curl. – https://nvd.nist.gov/vuln/detail/CVE-2022-22623 CVE-2022-22625 An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. – https://nvd.nist.gov/vuln/detail/CVE-2022-22625 CVE-2022-22626 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. – https://nvd.nist.gov/vuln/detail/CVE-2022-22626 CVE-2022-22627 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. – https://nvd.nist.gov/vuln/detail/CVE-2022-22627 CVE-2022-22631 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22631 CVE-2022-22632 A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22632 CVE-2022-22633 A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22633 CVE-2022-22634 A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22634 CVE-2022-22635 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22635 CVE-2022-22636 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22636 CVE-2022-22638 A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. – https://nvd.nist.gov/vuln/detail/CVE-2022-22638 CVE-2022-22639 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22639 CVE-2022-22640 A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22640 CVE-2022-22641 A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22641 CVE-2022-22642 This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. – https://nvd.nist.gov/vuln/detail/CVE-2022-22642 CVE-2022-22643 This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. – https://nvd.nist.gov/vuln/detail/CVE-2022-22643 CVE-2022-22644 A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user’s contacts. – https://nvd.nist.gov/vuln/detail/CVE-2022-22644 CVE-2022-22647 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window. – https://nvd.nist.gov/vuln/detail/CVE-2022-22647 CVE-2022-22648 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory. – https://nvd.nist.gov/vuln/detail/CVE-2022-22648 CVE-2022-22650 This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application’s permissions and access user data. – https://nvd.nist.gov/vuln/detail/CVE-2022-22650 CVE-2022-22651 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. – https://nvd.nist.gov/vuln/detail/CVE-2022-22651 CVE-2022-22652 The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. – https://nvd.nist.gov/vuln/detail/CVE-2022-22652 CVE-2022-22653 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. – https://nvd.nist.gov/vuln/detail/CVE-2022-22653 CVE-2022-22654 A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. – https://nvd.nist.gov/vuln/detail/CVE-2022-22654 CVE-2022-22656 An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. – https://nvd.nist.gov/vuln/detail/CVE-2022-22656 CVE-2022-22657 A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22657 CVE-2022-22659 A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information. – https://nvd.nist.gov/vuln/detail/CVE-2022-22659 CVE-2022-22660 This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. – https://nvd.nist.gov/vuln/detail/CVE-2022-22660 CVE-2022-22661 A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22661 CVE-2022-22664 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-22664 CVE-2022-22665 A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22665 CVE-2022-22666 A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. – https://nvd.nist.gov/vuln/detail/CVE-2022-22666 CVE-2022-22667 A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22667 CVE-2022-22669 A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-22669 CVE-2022-22670 An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. – https://nvd.nist.gov/vuln/detail/CVE-2022-22670 CVE-2022-22671 An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. – https://nvd.nist.gov/vuln/detail/CVE-2022-22671 CVE-2022-24091 Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. – https://nvd.nist.gov/vuln/detail/CVE-2022-24091 CVE-2022-25602 Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). – https://nvd.nist.gov/vuln/detail/CVE-2022-25602 CVE-2022-25603 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). – https://nvd.nist.gov/vuln/detail/CVE-2022-25603 CVE-2022-25604 Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). – https://nvd.nist.gov/vuln/detail/CVE-2022-25604 CVE-2022-25605 Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. – https://nvd.nist.gov/vuln/detail/CVE-2022-25605 CVE-2022-25607 Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). – https://nvd.nist.gov/vuln/detail/CVE-2022-25607 CVE-2022-27243 An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. – https://nvd.nist.gov/vuln/detail/CVE-2022-27243 CVE-2022-27244 An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. – https://nvd.nist.gov/vuln/detail/CVE-2022-27244 CVE-2022-27245 An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. – https://nvd.nist.gov/vuln/detail/CVE-2022-27245 CVE-2022-27246 An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. – https://nvd.nist.gov/vuln/detail/CVE-2022-27246 CVE-2022-25427 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25427 CVE-2022-25428 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25428 CVE-2022-25429 Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25429 CVE-2022-25431 Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25431 CVE-2022-25433 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25433 CVE-2022-25434 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25434 CVE-2022-25435 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25435 CVE-2022-25437 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25437 CVE-2022-25438 Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25438 CVE-2022-25439 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25439 CVE-2022-25440 Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25440 CVE-2022-25441 Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25441 CVE-2022-25445 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25445 CVE-2022-25446 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25446 CVE-2022-25447 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25447 CVE-2022-25448 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25448 CVE-2022-25449 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25449 CVE-2022-25450 Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25450 CVE-2022-25451 Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25451 CVE-2022-25452 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25452 CVE-2022-25453 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25453 CVE-2022-25454 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25454 CVE-2022-25455 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25455 CVE-2022-25456 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25456 CVE-2022-25457 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25457 CVE-2022-25458 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25458 CVE-2022-25459 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25459 CVE-2022-25460 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25460 CVE-2022-25461 Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function. – https://nvd.nist.gov/vuln/detail/CVE-2022-25461 CVE-2022-27250 The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device’s screen, record video of the device’s physical environment, or modify data. – https://nvd.nist.gov/vuln/detail/CVE-2022-27250 CVE-2022-25389 DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25389 CVE-2022-25390 DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25390 CVE-2022-25578 taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. – https://nvd.nist.gov/vuln/detail/CVE-2022-25578 CVE-2022-25581 Classcms v2.5 and below contains an arbitrary file upload via the component \\class\\classupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. – https://nvd.nist.gov/vuln/detail/CVE-2022-25581 CVE-2022-26265 Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-26265 CVE-2022-26266 Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-26266 CVE-2022-26267 Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-26267 CVE-2022-27226 A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor’s defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router’s default credentials aren’t rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. – https://nvd.nist.gov/vuln/detail/CVE-2022-27226 CVE-2022-0991 Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. – https://nvd.nist.gov/vuln/detail/CVE-2022-0991 CVE-2022-24126 A buffer overflow in the NRSessionSearchResult parser in Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allows remote attackers to execute arbitrary code via matchmaking servers, a different vulnerability than CVE-2021-34170. – https://nvd.nist.gov/vuln/detail/CVE-2022-24126 CVE-2022-24125 The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted on the client side, and can thus be bypassed with a modified client. – https://nvd.nist.gov/vuln/detail/CVE-2022-24125 CVE-2021-44345 Beijing Wisdom Vision Technology Industry Co., Ltd One Card Integrated Management System 3.0 is vulnerable to SQL Injection. – https://nvd.nist.gov/vuln/detail/CVE-2021-44345 CVE-2022-25464 A stored cross-site scripting (XSS) vulnerability in the component /admin/contenttemp of DoraCMS v2.1.8 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-25464 CVE-2022-26246 TMS v2.28.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /TMS/admin/setting/mail/createorupdate. – https://nvd.nist.gov/vuln/detail/CVE-2022-26246 CVE-2022-26247 TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password. – https://nvd.nist.gov/vuln/detail/CVE-2022-26247 CVE-2022-26555 A stored cross-site scripting (XSS) vulnerability in the Add a Button function of Eova v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the button name text box. – https://nvd.nist.gov/vuln/detail/CVE-2022-26555 CVE-2022-25462 Yafu v2.0 contains a segmentation fault via the component /factor/avx-ecm/vecarith52.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. – https://nvd.nist.gov/vuln/detail/CVE-2022-25462 CVE-2020-26007 An arbitrary file upload vulnerability in the upload payment plugin of ShopXO v1.9.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. – https://nvd.nist.gov/vuln/detail/CVE-2020-26007 CVE-2020-26008 The PluginsUpload function in application/service/PluginsAdminService.php of ShopXO v1.9.0 contains an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via uploading a crafted PHP file. – https://nvd.nist.gov/vuln/detail/CVE-2020-26008 CVE-2021-39383 DWSurvey v3.2.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /sysuser/SysPropertyAction.java. – https://nvd.nist.gov/vuln/detail/CVE-2021-39383 CVE-2021-39384 DWSurvey v3.2.0 was discovered to contain an arbitrary file write vulnerability via the component /utils/ToHtmlServlet.java. – https://nvd.nist.gov/vuln/detail/CVE-2021-39384 CVE-2021-42194 The wechat_return function in /controller/Index.php of EyouCms V1.5.4-UTF8-SP3 passes the user’s input directly into the simplexml_ load_ String function, which itself does not prohibit external entities, triggering a XML external entity (XXE) injection vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2021-42194 CVE-2022-25481 ThinkPHP Framework v5.0.24 was discovered to be configured without the PATHINFO parameter. This allows attackers to access all system environment parameters from index.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25481 CVE-2022-25505 Taocms v3.0.2 was discovered to contain a SQL injection vulnerability via the id parameter in \\include\\Model\\Category.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-25505 CVE-2021-36100 Specially crafted string in OTRS system configuration can allow the execution of any system command. – https://nvd.nist.gov/vuln/detail/CVE-2021-36100 CVE-2022-0475 Malicious translator is able to inject JavaScript code in few translatable strings (where HTML is allowed). The code could be executed in the Package manager. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.32 and prior versions, 8.0.x version: 8.0.19 and prior versions. – https://nvd.nist.gov/vuln/detail/CVE-2022-0475 CVE-2022-1004 Accounted time is shown in the Ticket Detail View (External Interface), even if ExternalFrontend::TicketDetailView###AccountedTimeDisplay is disabled. – https://nvd.nist.gov/vuln/detail/CVE-2022-1004 CVE-2021-45876 Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by unauthenticated command injection. The url parameter of the function module downloadAndUpdate is vulnerable to an command Injection. Unfiltered user input is used to generate code which then gets executed when downloading new firmware. – https://nvd.nist.gov/vuln/detail/CVE-2021-45876 CVE-2021-45877 Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by hard coded credentials. A hardcoded credential exist in /etc/tomcat8/tomcat-user.xml, which allows attackers to gain authorized access and control the tomcat completely on port 8000 in the tomcat manger page. – https://nvd.nist.gov/vuln/detail/CVE-2021-45877 CVE-2021-45878 Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of access control on the web manger pages allows any user to view and modify information. – https://nvd.nist.gov/vuln/detail/CVE-2021-45878 CVE-2022-0415 Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6. – https://nvd.nist.gov/vuln/detail/CVE-2022-0415 CVE-2022-24656 HexoEditor 1.1.8 is affected by Cross Site Scripting (XSS). By putting a common XSS payload in a markdown file, if opened with the app, will execute several times. – https://nvd.nist.gov/vuln/detail/CVE-2022-24656 CVE-2022-1035 Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV. – https://nvd.nist.gov/vuln/detail/CVE-2022-1035 CVE-2022-25570 In Click Studios (SA) Pty Ltd Passwordstate 9435, users with access to a passwordlist can gain access to additional password lists without permissions. Specifically, an authenticated user who has write permissions to a password list in one folder (with the default permission model) can extend his permissions to all other password lists in the same folder. – https://nvd.nist.gov/vuln/detail/CVE-2022-25570 CVE-2020-24772 In Dreamacro 1.1.0, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking). – https://nvd.nist.gov/vuln/detail/CVE-2020-24772 CVE-2021-45117 The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. – https://nvd.nist.gov/vuln/detail/CVE-2021-45117 CVE-2022-26494 An XSS was identified in the Admin Web interface of PrimeKey SignServer before 5.8.1. JavaScript code must be used in a worker name before a Generate CSR request. Only an administrator can update a worker name. – https://nvd.nist.gov/vuln/detail/CVE-2022-26494 CVE-2022-22394 The IBM Spectrum Protect 8.1.14.000 server could allow a remote attacker to bypass security restrictions, caused by improper enforcement of access controls. By signing in, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrator or node access to the vulnerable server. – https://nvd.nist.gov/vuln/detail/CVE-2022-22394 CVE-2022-26960 connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. – https://nvd.nist.gov/vuln/detail/CVE-2022-26960 CVE-2022-24235 A Cross-Site Request Forgery (CSRF) in the management portal of Snapt Aria v12.8 allows attackers to escalate privileges and execute arbitrary code via unspecified vectors. – https://nvd.nist.gov/vuln/detail/CVE-2022-24235 CVE-2022-24236 An insecure permissions vulnerability in Snapt Aria v12.8 allows unauthenticated attackers to send e-mails from spoofed users’ accounts. – https://nvd.nist.gov/vuln/detail/CVE-2022-24236 CVE-2022-24237 The snaptPowered2 component of Snapt Aria v12.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands. – https://nvd.nist.gov/vuln/detail/CVE-2022-24237 CVE-2022-25766 The package ungit before 1.5.20 are vulnerable to Remote Code Execution (RCE) via argument injection. The issue occurs when calling the /api/fetch endpoint. User controlled values (remote and ref) are passed to the git fetch command. By injecting some git options it was possible to get arbitrary command execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-25766 CVE-2021-24905 The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted, allowing any authenticated user to delete arbitrary files on the web server. For example, removing the wp-config.php allows attackers to trigger WordPress setup again, gain administrator privileges and execute arbitrary code or display arbitrary content to the users. – https://nvd.nist.gov/vuln/detail/CVE-2021-24905 CVE-2021-25019 The SEO Plugin by Squirrly SEO WordPress plugin before 11.1.12 does not escape the type parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting – https://nvd.nist.gov/vuln/detail/CVE-2021-25019 CVE-2022-0229 The miniOrange’s Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable. – https://nvd.nist.gov/vuln/detail/CVE-2022-0229 CVE-2022-0364 The Modern Events Calendar Lite WordPress plugin before 6.4.0 does not sanitize and escape some of the Hourly Schedule parameters which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks – https://nvd.nist.gov/vuln/detail/CVE-2022-0364 CVE-2022-0423 The 3D FlipBook WordPress plugin before 1.12.1 does not have authorisation and CSRF checks when updating its settings, and does not have any sanitisation/escaping, allowing any authenticated users, such as subscriber to put Cross-Site Scripting payloads in all pages with a 3d flipbook. – https://nvd.nist.gov/vuln/detail/CVE-2022-0423 CVE-2022-0514 Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. – https://nvd.nist.gov/vuln/detail/CVE-2022-0514 CVE-2022-0515 Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. – https://nvd.nist.gov/vuln/detail/CVE-2022-0515 CVE-2022-0590 The BulletProof Security WordPress plugin before 5.8 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. – https://nvd.nist.gov/vuln/detail/CVE-2022-0590 CVE-2022-0591 The FormCraft WordPress plugin before 3.8.28 does not validate the URL parameter in the formcraft3_get AJAX action, leading to SSRF issues exploitable by unauthenticated users – https://nvd.nist.gov/vuln/detail/CVE-2022-0591 CVE-2022-0616 The Amelia WordPress plugin before 1.0.47 does not have CSRF check in place when deleting customers, which could allow attackers to make a logged in admin delete arbitrary customers via a CSRF attack – https://nvd.nist.gov/vuln/detail/CVE-2022-0616 CVE-2022-0627 The Amelia WordPress plugin before 1.0.47 does not sanitize and escape the code parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. – https://nvd.nist.gov/vuln/detail/CVE-2022-0627 CVE-2022-0628 The Mega Menu WordPress plugin before 3.0.8 does not sanitize and escape the _wpnonce parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. – https://nvd.nist.gov/vuln/detail/CVE-2022-0628 CVE-2022-0640 The Pricing Table Builder WordPress plugin before 1.1.5 does not sanitize and escape the postid parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. – https://nvd.nist.gov/vuln/detail/CVE-2022-0640 CVE-2022-0681 The Simple Membership WordPress plugin before 4.1.0 does not have CSRF check in place when deleting Transactions, which could allow attackers to make a logged in admin delete arbitrary transactions via a CSRF attack – https://nvd.nist.gov/vuln/detail/CVE-2022-0681 CVE-2022-0687 The Amelia WordPress plugin before 1.0.47 stores image blobs into actual files whose extension is controlled by the user, which may lead to PHP backdoors being uploaded onto the site. This vulnerability can be exploited by logged-in users with the custom “Amelia Manager” role. – https://nvd.nist.gov/vuln/detail/CVE-2022-0687 CVE-2022-0694 The Advanced Booking Calendar WordPress plugin before 1.7.0 does not validate and escape the calendar parameter before using it in a SQL statement via the abc_booking_getSingleCalendar AJAX action (available to both unauthenticated and authenticated users), leading to an unauthenticated SQL injection – https://nvd.nist.gov/vuln/detail/CVE-2022-0694 CVE-2022-0739 The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection – https://nvd.nist.gov/vuln/detail/CVE-2022-0739 CVE-2022-0747 The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the post_id parameter before using it in a SQL statement via the qcld_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection – https://nvd.nist.gov/vuln/detail/CVE-2022-0747 CVE-2022-0760 The Simple Link Directory WordPress plugin before 7.7.2 does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL Injection – https://nvd.nist.gov/vuln/detail/CVE-2022-0760 CVE-2022-24766 mitmproxy is an interactive, SSL/TLS-capable intercepting proxy. In mitmproxy 7.0.4 and below, a malicious client or server is able to perform HTTP request smuggling attacks through mitmproxy. This means that a malicious client/server could smuggle a request/response through mitmproxy as part of another request/response’s HTTP message body. While mitmproxy would only see one request, the target server would see multiple requests. A smuggled request is still captured as part of another request’s body, but it does not appear in the request list and does not go through the usual mitmproxy event hooks, where users may have implemented custom access control checks or input sanitization. Unless mitmproxy is used to protect an HTTP/1 service, no action is required. The vulnerability has been fixed in mitmproxy 8.0.0 and above. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24766 CVE-2022-24775 guzzlehttp/psr7 is a PSR-7 HTTP message library. Versions prior to 1.8.4 and 2.1.1 are vulnerable to improper header parsing. An attacker could sneak in a new line character and pass untrusted values. The issue is patched in 1.8.4 and 2.1.1. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24775 CVE-2021-46390 An access control issue in the authentication module of Lexar_F35 v1.0.34 allows attackers to access sensitive data and cause a Denial of Service (DoS). An attacker without access to securely protected data on a secure USB flash drive can bypass user authentication without having any information related to the password of the registered user. The secure USB flash drive transmits the password entered by the user to the authentication module in the drive after the user registers a password, and then the input password is compared with the registered password stored in the authentication module. Subsequently, the module returns the comparison result for the authentication decision. Therefore, an attacker can bypass password authentication by analyzing the functions that return the password verification or comparison results and manipulate the authentication result values. Accordingly, even if attackers enter an incorrect password, they can be authenticated as a legitimate user and can therefore exploit functions of the secure USB flash drive by manipulating the authentication result values. – https://nvd.nist.gov/vuln/detail/CVE-2021-46390 CVE-2022-23345 BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. – https://nvd.nist.gov/vuln/detail/CVE-2022-23345 CVE-2022-23346 BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues. – https://nvd.nist.gov/vuln/detail/CVE-2022-23346 CVE-2022-23347 BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks. – https://nvd.nist.gov/vuln/detail/CVE-2022-23347 CVE-2022-23348 BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes. – https://nvd.nist.gov/vuln/detail/CVE-2022-23348 CVE-2022-23349 BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF). – https://nvd.nist.gov/vuln/detail/CVE-2022-23349 CVE-2022-23350 BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-23350 CVE-2022-23352 An issue in BigAnt Software BigAnt Server v5.6.06 can lead to a Denial of Service (DoS). – https://nvd.nist.gov/vuln/detail/CVE-2022-23352 CVE-2022-26148 An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the api_jsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in api_jsonrpc.php to discover the Zabbix account password and URL address. – https://nvd.nist.gov/vuln/detail/CVE-2022-26148 CVE-2021-38745 Chamilo LMS v1.11.14 was discovered to contain a zero click code injection vulnerability which allows attackers to execute arbitrary code via a crafted plugin. This vulnerability is triggered through user interaction with the attacker’s profile page. – https://nvd.nist.gov/vuln/detail/CVE-2021-38745 CVE-2021-40662 A Cross-Site Request Forgery (CSRF) in Chamilo LMS 1.11.14 allows attackers to execute arbitrary commands on victim hosts via user interaction with a crafted URL. – https://nvd.nist.gov/vuln/detail/CVE-2021-40662 CVE-2022-26174 A remote code execution (RCE) vulnerability in Beekeeper Studio v3.2.0 allows attackers to execute arbitrary code via a crafted payload injected into the display fields. – https://nvd.nist.gov/vuln/detail/CVE-2022-26174 CVE-2022-26183 PNPM v6.15.1 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute PNPM commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. – https://nvd.nist.gov/vuln/detail/CVE-2022-26183 CVE-2022-26184 Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS. – https://nvd.nist.gov/vuln/detail/CVE-2022-26184 CVE-2022-27090 Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the backurl parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-27090 CVE-2022-27333 idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. – https://nvd.nist.gov/vuln/detail/CVE-2022-27333 CVE-2022-26283 Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the view_plan endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests. – https://nvd.nist.gov/vuln/detail/CVE-2022-26283 CVE-2022-26284 Simple Client Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the manage_client endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests. – https://nvd.nist.gov/vuln/detail/CVE-2022-26284 CVE-2022-26285 Simple Subscription Website v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the apply endpoint. This vulnerability allows attackers to dump the application’s database via crafted HTTP requests. – https://nvd.nist.gov/vuln/detail/CVE-2022-26285 CVE-2022-27607 Bento4 1.6.0-639 has a heap-based buffer over-read in the AP4_HvccAtom class, a different issue than CVE-2018-14531. – https://nvd.nist.gov/vuln/detail/CVE-2022-27607 CVE-2022-0386 A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710. – https://nvd.nist.gov/vuln/detail/CVE-2022-0386 CVE-2022-0652 Confd log files contain local users’, including root’s, SHA512crypt password hashes with insecure access permissions. This allows a local attacker to attempt off-line brute-force attacks against these password hashes in Sophos UTM before version 9.710. – https://nvd.nist.gov/vuln/detail/CVE-2022-0652 CVE-2022-1034 There is a Unrestricted Upload of File vulnerability in ShowDoc v2.10.3 in GitHub repository star7th/showdoc prior to 2.10.4. – https://nvd.nist.gov/vuln/detail/CVE-2022-1034 CVE-2021-45809 Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `–script=–redacted– versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `–script=<script>` parameter – https://nvd.nist.gov/vuln/detail/CVE-2021-45809 CVE-2021-45810 Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host’s traffic via their own server. – https://nvd.nist.gov/vuln/detail/CVE-2021-45810 CVE-2022-0667 When the vulnerability is triggered the BIND process will exit. BIND 9.18.0 – https://nvd.nist.gov/vuln/detail/CVE-2022-0667 CVE-2022-1036 Able to create an account with long password leads to memory corruption / Integer Overflow in GitHub repository microweber/microweber prior to 1.2.12. – https://nvd.nist.gov/vuln/detail/CVE-2022-1036 CVE-2021-43650 WebRun 3.6.0.42 is vulnerable to SQL Injection via the P_0 parameter used to set the username during the login process. – https://nvd.nist.gov/vuln/detail/CVE-2021-43650 CVE-2022-21718 Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` allows renderers to obtain access to a bluetooth device via the web bluetooth API if the app has not configured a custom `select-bluetooth-device` event handler. This has been patched and Electron versions `17.0.0-alpha.6`, `16.0.6`, `15.3.5`, `14.2.4`, and `13.6.6` contain the fix. Code from the GitHub Security Advisory can be added to the app to work around the issue. – https://nvd.nist.gov/vuln/detail/CVE-2022-21718 CVE-2022-24764 PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or `pjmedia_sdp_media_print()` should not be affected. A patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. There are currently no known workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-24764 CVE-2022-24774 CycloneDX BOM Repository Server is a bill of materials (BOM) repository server for distributing CycloneDX BOMs. CycloneDX BOM Repository Server before version 2.0.1 has an improper input validation vulnerability leading to path traversal. A malicious user may potentially exploit this vulnerability to create arbitrary directories or a denial of service by deleting arbitrary directories. The vulnerability is resolved in version 2.0.1. The vulnerability is not exploitable with the default configuration with the post and delete methods disabled. This can be configured by modifying the `appsettings.json` file, or alternatively, setting the environment variables `ALLOWEDMETHODS__POST` and `ALLOWEDMETHODS__DELETE` to `false`. – https://nvd.nist.gov/vuln/detail/CVE-2022-24774 CVE-2022-25484 tcpprep v4.4.1 has a reachable assertion (assert(l2len > 0)) in packet2tree() at tree.c in tcpprep v4.4.1. – https://nvd.nist.gov/vuln/detail/CVE-2022-25484 CVE-2021-41736 Faust v2.35.0 was discovered to contain a heap-buffer overflow in the function realPropagate() at propagate.cpp. – https://nvd.nist.gov/vuln/detail/CVE-2021-41736 CVE-2022-27228 In the vote (aka “Polls, Votes”) module before 21.0.100 of Bitrix Site Manager, a remote unauthenticated attacker can execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2022-27228 CVE-2022-25517 MyBatis plus v3.4.3 was discovered to contain a SQL injection vulnerability via the Column parameter in /core/conditions/AbstractWrapper.java. – https://nvd.nist.gov/vuln/detail/CVE-2022-25517 CVE-2022-26260 Simple-Plist v1.3.0 was discovered to contain a prototype pollution vulnerability via .parse(). – https://nvd.nist.gov/vuln/detail/CVE-2022-26260 CVE-2022-1031 Use After Free in op_is_set_bp in GitHub repository radareorg/radare2 prior to 5.6.6. – https://nvd.nist.gov/vuln/detail/CVE-2022-1031 CVE-2021-33961 A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. – https://nvd.nist.gov/vuln/detail/CVE-2021-33961 CVE-2022-26186 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the exportOvpn interface at cstecgi.cgi. – https://nvd.nist.gov/vuln/detail/CVE-2022-26186 CVE-2022-26187 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the pingCheck function. – https://nvd.nist.gov/vuln/detail/CVE-2022-26187 CVE-2022-26188 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via /setting/NTPSyncWithHost. – https://nvd.nist.gov/vuln/detail/CVE-2022-26188 CVE-2022-26189 TOTOLINK N600R V4.3.0cu.7570_B20200620 was discovered to contain a command injection vulnerability via the langType parameter in the login interface. – https://nvd.nist.gov/vuln/detail/CVE-2022-26189 CVE-2022-25518 In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table. – https://nvd.nist.gov/vuln/detail/CVE-2022-25518



Source link