Original release date: February 14, 2022
High Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
[gwa]_autoresponder_project — [gwa]_autoresponder | Unauthenticated SQL Injection (SQLi) vulnerability discovered in [GWA] AutoResponder WordPress plugin (versions <= 2.3), vulnerable at (&listid). No patched version available, plugin closed. | 2022-02-04 | 7.5 | CVE-2021-44779 CONFIRM CONFIRM |
advantech — adam-3600_firmware | The affected product has a hardcoded private key available inside the project folder, which may allow an attacker to achieve Web Server login and perform further actions. | 2022-02-04 | 7.5 | CVE-2022-22987 CONFIRM |
apache — gobblin | Apache Gobblin trusts all certificates used for LDAP connections in Gobblin-as-a-Service. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. | 2022-02-04 | 7.5 | CVE-2021-36152 MISC |
debian — perm | perM 0.4.0 has a Buffer Overflow related to strncpy. (Debian initially fixed this in 0.4.0-7.) | 2022-02-05 | 7.5 | CVE-2021-38172 MISC MISC MISC CONFIRM MISC |
dlink — di-7200g_v2_firmware | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function proxy_client.asp. This vulnerability allows attackers to execute arbitrary commands via the proxy_srv, proxy_srvport, proxy_lanip, proxy_lanport parameters. | 2022-02-04 | 7.5 | CVE-2021-46227 MISC MISC |
dlink — di-7200g_v2_firmware | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function usb_paswd.asp. This vulnerability allows attackers to execute arbitrary commands via the name parameter. | 2022-02-04 | 7.5 | CVE-2021-46229 MISC MISC |
dlink — di-7200g_v2_firmware | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function msp_info.htm. This vulnerability allows attackers to execute arbitrary commands via the cmd parameter. | 2022-02-04 | 7.5 | CVE-2021-46233 MISC MISC |
dlink — di-7200g_v2_firmware | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function version_upgrade.asp. This vulnerability allows attackers to execute arbitrary commands via the path parameter. | 2022-02-04 | 7.5 | CVE-2021-46232 MISC MISC |
dlink — di-7200g_v2_firmware | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function urlrd_opt.asp. This vulnerability allows attackers to execute arbitrary commands via the url_en parameter. | 2022-02-04 | 7.5 | CVE-2021-46231 MISC MISC |
dlink — di-7200g_v2_firmware | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function wget_test.asp. This vulnerability allows attackers to execute arbitrary commands via the url parameter. | 2022-02-04 | 7.5 | CVE-2021-46226 MISC MISC |
dlink — di-7200g_v2_firmware | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function upgrade_filter. This vulnerability allows attackers to execute arbitrary commands via the path and time parameters. | 2022-02-04 | 7.5 | CVE-2021-46230 MISC MISC |
dlink — di-7200g_v2_firmware | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a command injection vulnerability in the function httpd_debug.asp. This vulnerability allows attackers to execute arbitrary commands via the time parameter. | 2022-02-04 | 7.5 | CVE-2021-46228 MISC MISC |
dlink — dir-823_pro_firmware | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStationSettings. This vulnerability allows attackers to execute arbitrary commands via the station_access_enable parameter. | 2022-02-04 | 7.5 | CVE-2021-46455 MISC MISC |
dlink — dir-823_pro_firmware | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNetworkTomographySettings. This vulnerability allows attackers to execute arbitrary commands via the tomography_ping_address, tomography_ping_number, tomography_ping_size, tomography_ping_timeout, and tomography_ping_ttl parameters. | 2022-02-04 | 7.5 | CVE-2021-46452 MISC MISC |
dlink — dir-823_pro_firmware | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function ChgSambaUserSettings. This vulnerability allows attackers to execute arbitrary commands via the samba_name parameter. | 2022-02-04 | 7.5 | CVE-2021-46457 MISC MISC |
dlink — dir-823_pro_firmware | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanACLSettings. This vulnerability allows attackers to execute arbitrary commands via the wl(0).(0)_maclist parameter. | 2022-02-04 | 7.5 | CVE-2021-46456 MISC MISC |
dlink — dir-823_pro_firmware | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetStaticRouteSettings. This vulnerability allows attackers to execute arbitrary commands via the staticroute_list parameter. | 2022-02-04 | 7.5 | CVE-2021-46453 MISC MISC |
dlink — dir-823_pro_firmware | D-Link device D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetWLanApcliSettings. This vulnerability allows attackers to execute arbitrary commands via the ApCliKeyStr parameter. | 2022-02-04 | 7.5 | CVE-2021-46454 MISC MISC |
dlink — dir-878_firmware | D-Link devices DIR_878 DIR_878_FW1.30B08_Hotfix_02 and DIR_882 DIR_882_FW1.30B06_Hotfix_02 were discovered to contain a command injection vulnerability in the system function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | 2022-02-04 | 10 | CVE-2021-44880 MISC MISC |
dlink — dir-878_firmware | D-Link device DIR_878_FW1.30B08_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | 2022-02-04 | 10 | CVE-2021-44882 MISC MISC |
dlink — dir-882_firmware | D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the LocalIPAddress parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | 2022-02-04 | 7.5 | CVE-2021-45998 MISC MISC |
dlink — dir-882_firmware | D-Link device DIR_882 DIR_882_FW1.30B06_Hotfix_02 was discovered to contain a command injection vulnerability in the twsystem function. This vulnerability allows attackers to execute arbitrary commands via a crafted HNAP1 POST request. | 2022-02-04 | 10 | CVE-2021-44881 MISC MISC |
emlog — emlog | Emlog v6.0 was discovered to contain a SQL injection vulnerability via the $TagID parameter of getblogidsfromtagid(). | 2022-02-04 | 7.5 | CVE-2022-23379 MISC |
eset — endpoint_antivirus | ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can be leveraged by attacker to escalate privileges in the context of NT AUTHORITYSYSTEM. | 2022-02-09 | 7.2 | CVE-2021-37852 MISC MISC |
gitea — gitea | Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code. | 2022-02-08 | 7.5 | CVE-2021-45327 MISC MISC MISC MISC |
globalnorthstar — northstar_club_management | Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication. | 2022-02-04 | 7.5 | CVE-2021-29396 MISC MISC |
globalnorthstar — northstar_club_management | Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled “command” and “commandvalues” parameters. | 2022-02-04 | 10 | CVE-2021-29393 MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow is vulnerable to an integer overflow during cost estimation for crop and resize. Since the cropping parameters are user controlled, a malicious person can trigger undefined behavior. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 7.5 | CVE-2022-23587 MISC MISC CONFIRM |
hyphp — hybbs2 | Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. | 2022-02-09 | 7.5 | CVE-2022-24677 MISC |
idreamsoft — icms | iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | 2022-02-04 | 7.5 | CVE-2021-44978 MISC MISC |
itunesrpc-remastered_project — itunesrpc-remastered | iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize image file paths leading to OS level command injection. This issue has been patched in commit cdcd48b. Users are advised to upgrade. | 2022-02-04 | 7.5 | CVE-2022-23611 CONFIRM MISC |
joplin_project — joplin | Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results. | 2022-02-08 | 7.5 | CVE-2022-23340 MISC |
korenix — jetwave_2212s_firmware | Certain Korenix JetWave devices allow authenticated users to execute arbitrary code as root via /syscmd.asp. This affects 2212X before 1.9.1, 2212S before 1.9.1, 2212G before 1.8, 3220 V3 before 1.5.1, 3420 V3 before 1.5.1, and 2311 through 2022-01-31. | 2022-02-06 | 9 | CVE-2021-39280 MISC MISC |
linux — linux_kernel | A use-after-free flaw was found in cgroup1_parse_param in kernel/cgroup/cgroup-v1.c in the Linux kernel’s cgroup v1 parser. A local attacker with a user privilege could cause a privilege escalation by exploiting the fsconfig syscall parameter leading to a container breakout and a denial of service on the system. | 2022-02-04 | 7.2 | CVE-2021-4154 MISC MISC |
mruby — mruby | NULL Pointer Dereference in Homebrew mruby prior to 3.2. | 2022-02-04 | 7.8 | CVE-2022-0481 CONFIRM MISC |
nats — nats_server | NATS nats-server before 2.7.2 has Incorrect Access Control. Any authenticated user can obtain the privileges of the System account by misusing the “dynamically provisioned sandbox accounts” feature. | 2022-02-08 | 9 | CVE-2022-24450 MISC CONFIRM |
neutrinolabs — xrdp | xrdp is an open source remote desktop protocol (RDP) server. In affected versions an integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is able to locally access a sesman server to execute code as root. This vulnerability has been patched in version 0.9.18.1 and above. Users are advised to upgrade. There are no known workarounds. | 2022-02-07 | 7.2 | CVE-2022-23613 MISC CONFIRM |
putil-merge_project — putil-merge | This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include the constructor property. Note: This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-PUTILMERGE-1317077 | 2022-02-04 | 7.5 | CVE-2021-23470 CONFIRM CONFIRM |
radare — radare2 | Use After Free in GitHub repository radareorg/radare2 prior to 5.6.0. | 2022-02-08 | 7.5 | CVE-2022-0139 MISC CONFIRM |
riconmobile — s9922l_firmware | The affected product is vulnerable to an authenticated OS command injection, which may allow an attacker to inject and execute arbitrary shell commands as the Admin (root) user. | 2022-02-04 | 10 | CVE-2022-0365 CONFIRM |
sap — content_server | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim’s request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system. | 2022-02-09 | 10 | CVE-2022-22536 MISC MISC |
sap — netweaver_application_server_java | In SAP NetWeaver Application Server Java – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an unauthenticated attacker could submit a crafted HTTP server request which triggers improper shared memory buffer handling. This could allow the malicious payload to be executed and hence execute functions that could be impersonating the victim or even steal the victim’s logon session. | 2022-02-09 | 7.5 | CVE-2022-22532 MISC MISC |
schneider-electric — easergy_p3_firmware | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P3 (All versions prior to V30.205) | 2022-02-04 | 8.3 | CVE-2022-22725 MISC |
schneider-electric — easergy_p5_firmware | A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could lead to a buffer overflow causing program crashes and arbitrary code execution when specially crafted packets are sent to the device over the network. Protection functions and tripping function via GOOSE can be impacted. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) | 2022-02-04 | 8.3 | CVE-2022-22723 MISC |
schneider-electric — ecostruxure_power_monitoring_expert | A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user?s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | 2022-02-04 | 9.3 | CVE-2022-22727 MISC |
sealevel — seaconnect_370w_firmware | A stack-based buffer overflow vulnerability exists in both the LLMNR functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2022-02-04 | 7.5 | CVE-2021-21960 MISC |
sealevel — seaconnect_370w_firmware | A stack-based buffer overflow vulnerability exists in the NBNS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted network packet can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | 2022-02-04 | 7.5 | CVE-2021-21961 MISC |
sealevel — seaconnect_370w_firmware | A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 2022-02-04 | 7.1 | CVE-2021-21964 MISC |
servisnet — tessa | An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request. | 2022-02-06 | 10 | CVE-2022-22832 MISC MISC MISC MISC |
servisnet — tessa | An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header. | 2022-02-06 | 7.5 | CVE-2022-22831 MISC MISC MISC MISC |
set_project — set | This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-STRIKEENTCOSET-1038821 | 2022-02-04 | 7.5 | CVE-2021-23497 CONFIRM CONFIRM CONFIRM |
silabs — zgm130s037hgn_firmware | Z-Wave devices from Sierra Designs (circa 2013) and Silicon Labs (using S0 security) may use a known, shared network key of all zeros, allowing an attacker within radio range to spoof Z-Wave traffic. | 2022-02-04 | 7.9 | CVE-2013-20003 MISC MISC MISC |
skratchdot — object-path-set | The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix in https://security.snyk.io/vuln/SNYK-JS-OBJECTPATHSET-607908 | 2022-02-04 | 7.5 | CVE-2021-23507 CONFIRM CONFIRM CONFIRM CONFIRM |
starwindsoftware — iscsi_san | StarWind iSCSI SAN before 6.0 build 2013-03-20 allows a memory leak. | 2022-02-06 | 7.5 | CVE-2013-20004 MISC |
starwindsoftware — nas | StarWind SAN and NAS before 0.2 build 1685 allows remote code execution via a virtual disk management command. | 2022-02-06 | 10 | CVE-2022-24552 MISC |
starwindsoftware — nas | StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users’ passwords. | 2022-02-06 | 9 | CVE-2022-24551 MISC |
strangerstudios — paid_memberships_pro | The Paid Memberships Pro WordPress plugin before 2.6.7 does not escape the discount_code in one of its REST route (available to unauthenticated users) before using it in a SQL statement, leading to a SQL injection | 2022-02-07 | 7.5 | CVE-2021-25114 MISC MISC |
symfony — twig | Twig is an open source template language for PHP. When in a sandbox mode, the `arrow` parameter of the `sort` filter must be a closure to avoid attackers being able to run arbitrary PHP functions. In affected versions this constraint was not properly enforced and could lead to code injection of arbitrary PHP code. Patched versions now disallow calling non Closure in the `sort` filter as is the case for some other filters. Users are advised to upgrade. | 2022-02-04 | 7.5 | CVE-2022-23614 MISC MISC CONFIRM FEDORA FEDORA FEDORA FEDORA |
synology — diskstation_manager | Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | 2022-02-07 | 7.5 | CVE-2021-43925 CONFIRM |
synology — diskstation_manager | Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Log Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | 2022-02-07 | 7.5 | CVE-2021-43926 CONFIRM |
synology — diskstation_manager | Improper neutralization of special elements used in an SQL command (‘SQL Injection’) vulnerability in Security Management functionality in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to inject SQL commands via unspecified vectors. | 2022-02-07 | 7.5 | CVE-2021-43927 CONFIRM |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function WanParameterSetting. This vulnerability allows attackers to execute arbitrary commands via the gateway, dns1, and dns2 parameters. | 2022-02-04 | 7.5 | CVE-2022-24144 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetRouteStatic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | 2022-02-04 | 7.8 | CVE-2022-24152 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function mDMZSetCfg. This vulnerability allows attackers to execute arbitrary commands via the dmzIp parameter. | 2022-02-04 | 7.5 | CVE-2022-24148 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a command injection vulnerability in the function formSetSafeWanWebMan. This vulnerability allows attackers to execute arbitrary commands via the remoteIp parameter. | 2022-02-04 | 7.5 | CVE-2022-24150 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetFirewallCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the firewallEn parameter. | 2022-02-04 | 7.8 | CVE-2022-24142 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formWifiBasicSet. This vulnerability allows attackers to cause a Denial of Service (DoS) via the security and security_5g parameters. | 2022-02-04 | 7.8 | CVE-2022-24145 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetQosBand. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | 2022-02-04 | 7.8 | CVE-2022-24146 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wanMTU, wanSpeed, cloneType, mac, and serviceName parameters. | 2022-02-04 | 7.8 | CVE-2022-24147 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWirelessRepeat. This vulnerability allows attackers to cause a Denial of Service (DoS) via the wpapsk_crypto parameter. | 2022-02-04 | 7.8 | CVE-2022-24149 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS) via the shareSpeed parameter. | 2022-02-04 | 7.8 | CVE-2022-24151 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN and AX12 22.03.01.2_CN was discovered to contain a stack overflow in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. | 2022-02-04 | 7.8 | CVE-2022-24143 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formAddMacfilterRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. | 2022-02-04 | 7.8 | CVE-2022-24153 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetMacFilterCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the deviceList parameter. | 2022-02-04 | 7.8 | CVE-2022-24157 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetDeviceName. This vulnerability allows attackers to cause a Denial of Service (DoS) via the devName parameter. | 2022-02-04 | 7.8 | CVE-2022-24160 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | 2022-02-04 | 7.8 | CVE-2022-24158 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mac parameter. | 2022-02-04 | 7.8 | CVE-2022-24161 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function saveParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter. | 2022-02-04 | 7.8 | CVE-2022-24162 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetRebootTimer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the rebootTime parameter. | 2022-02-04 | 7.8 | CVE-2022-24154 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetPPTPServer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the startIp and endIp parameters. | 2022-02-04 | 7.8 | CVE-2022-24159 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the list parameter. | 2022-02-04 | 7.8 | CVE-2022-24156 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the timeZone parameter. | 2022-02-04 | 7.8 | CVE-2022-24163 MISC |
tenda — ax3_firmware | Tenda AX3 v16.03.12.10_CN was discovered to contain a heap overflow in the function setSchedWifi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the schedStartTime and schedEndTime parameters. | 2022-02-04 | 7.8 | CVE-2022-24155 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetPppoeServer. This vulnerability allows attackers to execute arbitrary commands via the pppoeServerIP, pppoeServerStartIP, and pppoeServerEndIP parameters. | 2022-02-04 | 7.5 | CVE-2022-24171 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpGroup. This vulnerability allows attackers to execute arbitrary commands via the IPGroupStartIP and IPGroupEndIP parameters. | 2022-02-04 | 7.5 | CVE-2022-24168 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetDMZ. This vulnerability allows attackers to execute arbitrary commands via the dmzHost1 parameter. | 2022-02-04 | 7.5 | CVE-2022-24167 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetQvlanList. This vulnerability allows attackers to execute arbitrary commands via the qvlanIP parameter. | 2022-02-04 | 7.5 | CVE-2022-24165 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetVirtualSer. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsHijackRule parameter. | 2022-02-04 | 7.8 | CVE-2022-24164 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the manualTime parameter. | 2022-02-04 | 7.8 | CVE-2022-24166 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetIpSecTunnel. This vulnerability allows attackers to execute arbitrary commands via the IPsecLocalNet and IPsecRemoteNet parameters. | 2022-02-04 | 7.5 | CVE-2022-24170 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDnsForward. This vulnerability allows attackers to cause a Denial of Service (DoS) via the DnsForwardRule parameter. | 2022-02-04 | 7.8 | CVE-2021-45988 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function guestWifiRuleRefresh. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qosGuestUpstream and qosGuestDownstream parameters. | 2022-02-04 | 7.8 | CVE-2021-45989 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetStaticRoute. This vulnerability allows attackers to cause a Denial of Service (DoS) via the staticRouteNet, staticRouteMask, and staticRouteGateway parameters. | 2022-02-04 | 7.8 | CVE-2021-45995 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function uploadPicture. This vulnerability allows attackers to execute arbitrary commands via the pic_name parameter. | 2022-02-04 | 7.5 | CVE-2021-45990 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetNetCheckTools. This vulnerability allows attackers to execute arbitrary commands via the hostName parameter. | 2022-02-04 | 7.5 | CVE-2021-45987 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a command injection vulnerability in the function formSetUSBShareInfo. This vulnerability allows attackers to execute arbitrary commands via the usbOrdinaryUserName parameter. | 2022-02-04 | 7.5 | CVE-2021-45986 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddDhcpBindRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the addDhcpRules parameter. | 2022-02-04 | 7.8 | CVE-2022-24172 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | 2022-02-04 | 7.8 | CVE-2021-45997 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetPortMapping. This vulnerability allows attackers to cause a Denial of Service (DoS) via the portMappingServer, portMappingProtocol, portMappingWan, porMappingtInternal, and portMappingExternal parameters. | 2022-02-04 | 7.8 | CVE-2021-45996 MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formDelDhcpRule. This vulnerability allows attackers to cause a Denial of Service (DoS) via the delDhcpIndex parameter. | 2022-02-04 | 7.8 | CVE-2021-45994 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindModify. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRuleIP and IPMacBindRuleMac parameters. | 2022-02-04 | 7.8 | CVE-2021-45993 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formSetQvlanList. This vulnerability allows attackers to cause a Denial of Service (DoS) via the qvlanName parameter. | 2022-02-04 | 7.8 | CVE-2021-45992 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formAddVpnUsers. This vulnerability allows attackers to cause a Denial of Service (DoS) via the vpnUsers parameter. | 2022-02-04 | 7.8 | CVE-2021-45991 MISC MISC |
tendacn — g1_firmware | Tenda routers G1 and G3 v15.11.0.17(9502)_CN were discovered to contain a stack overflow in the function formIPMacBindAdd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IPMacBindRule parameter. | 2022-02-04 | 7.8 | CVE-2022-24169 MISC |
totolink — a720r_firmware | Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain a stack overflow in the function setNoticeCfg. This vulnerability allows attackers to cause a Denial of Service (DoS) via the IpTo parameter. | 2022-02-04 | 7.8 | CVE-2021-44246 MISC |
totolink — a720r_firmware | Totolink devices A3100R v4.1.2cu.5050_B20200504, A830R v5.9c.4729_B20191112, and A720R v4.1.5cu.470_B20200911 were discovered to contain command injection vulnerability in the function setNoticeCfg. This vulnerability allows attackers to execute arbitrary commands via the IpFrom parameter. | 2022-02-04 | 7.5 | CVE-2021-44247 MISC |
ujcms — jspxcms | A vulnerability in ${“freemarker.template.utility.Execute”?new() of UJCMS Jspxcms v10.2.0 allows attackers to execute arbitrary commands via uploading malicious files. | 2022-02-04 | 7.5 | CVE-2022-23329 MISC |
voipmonitor — voipmonitor | An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows unauthenticated attackers to escalate privileges via a crafted request. | 2022-02-04 | 7.5 | CVE-2022-24259 MISC |
voipmonitor — voipmonitor | A SQL injection vulnerability in Voipmonitor GUI before v24.96 allows attackers to escalate privileges to the Administrator level. | 2022-02-04 | 10 | CVE-2022-24260 MISC |
zephyrproject — zephyr | The RNDIS USB device class includes a buffer overflow vulnerability. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hvfp-w4h8-gxvj | 2022-02-07 | 7.2 | CVE-2021-3861 N/A |
Medium Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
abb — opc_server_for_ac_800m | Incorrect Permission Assignment for Critical Resource vulnerability in OPC Server for AC 800M allows an attacker to execute arbitrary code in the node running the AC800M OPC Server. | 2022-02-04 | 6.5 | CVE-2021-22284 MISC |
abb — pni800_firmware | Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | 2022-02-04 | 5 | CVE-2021-22286 MISC |
abb — pni800_firmware | Improper Handling of Exceptional Conditions, Improper Check for Unusual or Exceptional Conditions vulnerability in the ABB SPIET800 and PNI800 module that allows an attacker to cause the denial of service or make the module unresponsive. | 2022-02-04 | 5 | CVE-2021-22285 MISC |
abb — pni800_firmware | Improper Input Validation vulnerability in the ABB SPIET800 and PNI800 module allows an attacker to cause the denial of service or make the module unresponsive. | 2022-02-04 | 5 | CVE-2021-22288 MISC |
acronis — agent | Local privilege escalation due to excessive permissions assigned to child processes. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | 2022-02-04 | 4.6 | CVE-2022-24113 MISC |
acronis — true_image | Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | 2022-02-04 | 4.6 | CVE-2021-44204 MISC |
acronis — true_image | Local privilege escalation due to DLL hijacking vulnerability in Acronis Media Builder service. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | 2022-02-04 | 4.4 | CVE-2021-44206 MISC |
acronis — true_image | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287 | 2022-02-04 | 4.4 | CVE-2021-44205 MISC |
acronis — true_image | Local privilege escalation due to unrestricted loading of unsigned libraries. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 | 2022-02-04 | 4.6 | CVE-2022-24115 MISC |
acronis — true_image | Local privilege escalation due to race condition on application startup. The following products are affected: Acronis Cyber Protect Home Office (macOS) before build 39605, Acronis True Image 2021 (macOS) before build 39287 | 2022-02-04 | 4.4 | CVE-2022-24114 MISC |
amd — radeon_pro_software | AMD Radeon Software may be vulnerable to DLL Hijacking through path variable. An unprivileged user may be able to drop its malicious DLL file in any location which is in path environment variable. | 2022-02-04 | 4.4 | CVE-2020-12891 MISC |
amd — ryzen_pro_5650g_firmware | When combined with specific software sequences, AMD CPUs may transiently execute non-canonical loads and store using only the lower 48 address bits potentially resulting in data leakage. | 2022-02-04 | 5 | CVE-2020-12965 MISC |
apache — activemq_artemis | In Apache ActiveMQ Artemis prior to 2.20.0 or 2.19.1, an attacker could partially disrupt availability (DoS) through uncontrolled resource consumption of memory. | 2022-02-04 | 5 | CVE-2022-23913 MISC |
apache — traffic_control | In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request to /user/login/oauth to scan a port of a server that Traffic Ops can reach. | 2022-02-06 | 5 | CVE-2022-23206 MISC |
arangodb — arangodb | In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests performed internally, which can be abused by a highly-privileged attacker to perform blind SSRF and send internal requests to localhost. | 2022-02-09 | 4 | CVE-2021-25939 MISC MISC MISC |
arista — eos | The impact of this vulnerability is that Arista’s EOS eAPI may skip re-evaluating user credentials when certificate based authentication is used, which allows remote attackers to access the device via eAPI. | 2022-02-04 | 6.8 | CVE-2021-28503 MISC |
atftp_project — atftp | options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client. | 2022-02-04 | 5 | CVE-2021-46671 MISC MISC |
beanstalk_console_project — beanstalk_console | Cross-site Scripting (XSS) – Reflected in Packagist ptrofimov/beanstalk_console prior to 1.7.12. | 2022-02-05 | 4.3 | CVE-2022-0501 MISC CONFIRM |
blog_project — blog | m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | 2022-02-08 | 6.5 | CVE-2022-23626 CONFIRM MISC |
bracketspace — advanced_cron_manager | The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress plugin before 2.5.3 does not have authorisation checks in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example | 2022-02-07 | 4 | CVE-2021-25084 MISC |
broadcom — ca_harvest_software_change_manager | CA Harvest Software Change Manager versions 13.0.3, 13.0.4, 14.0.0, and 14.0.1, contain a vulnerability in the CSV export functionality, due to insufficient input validation, that can allow a privileged user to potentially execute arbitrary code or commands. | 2022-02-04 | 6.5 | CVE-2022-22689 MISC |
chatwoot — chatwoot | Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | 2022-02-09 | 4.3 | CVE-2022-0527 MISC CONFIRM |
chatwoot — chatwoot | Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | 2022-02-09 | 4 | CVE-2021-3813 MISC CONFIRM |
chatwoot — chatwoot | Cross-site Scripting (XSS) – Stored in GitHub repository chatwoot/chatwoot prior to 2.2.0. | 2022-02-09 | 4.3 | CVE-2022-0526 CONFIRM MISC |
codemiq — wordpress_email_template_designer | The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the ~/includes/class-template-designer.php file, in versions up to and including 3.0.9. This makes it possible for attackers with no privileges to execute the endpoint and add malicious JavaScript to a vulnerable WordPress site. | 2022-02-04 | 4.3 | CVE-2022-0218 MISC MISC |
codex_project — codex | A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. | 2022-02-04 | 4.3 | CVE-2021-43635 MISC MISC MISC |
dataease_project — dataease | In DataEase v1.6.1, an authenticated user can gain unauthorized access to all user information and can change the administrator password. | 2022-02-08 | 6.5 | CVE-2022-23331 MISC |
dounokouno — transmitmail | Cross-site scripting vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | 2022-02-08 | 4.3 | CVE-2022-22146 MISC MISC |
dounokouno — transmitmail | Directory traversal vulnerability in TransmitMail 2.5.0 to 2.6.1 allows a remote unauthenticated attacker to obtain an arbitrary file on the server via unspecified vectors. | 2022-02-08 | 5 | CVE-2022-21193 MISC MISC |
econosys-system — php_mailform | Reflected cross-site scripting vulnerability in the checkbox of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | 2022-02-08 | 4.3 | CVE-2022-22142 MISC MISC |
econosys-system — php_mailform | Reflected cross-site scripting vulnerability in the attached file name of php_mailform versions prior to Version 1.40 allows a remote unauthenticated attacker to inject an arbitrary script via unspecified vectors. | 2022-02-08 | 4.3 | CVE-2022-21805 MISC MISC |
embed_swagger_project — embed_swagger | The Embed Swagger WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping/sanitization and validation via the url parameter found in the ~/swagger-iframe.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 1.0.0. | 2022-02-04 | 4.3 | CVE-2022-0381 MISC MISC MISC |
etoilewebdesign — ultimate_product_catalog | The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin’s settings for example | 2022-02-07 | 4 | CVE-2021-24993 CONFIRM MISC |
f-secure — atlant | A vulnerability affecting F-Secure antivirus engine before Capricorn update 2022-02-01_01 was discovered whereby decompression of ACE file causes the scanner service to stop. The vulnerability can be exploited remotely by an attacker. A successful attack will result in denial-of-service of the antivirus engine. | 2022-02-09 | 5 | CVE-2021-40837 MISC MISC |
ffjpeg_project — ffjpeg | Two Heap based buffer overflow vulnerabilities exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23852. Issues that are in the jfif_decode function at ffjpeg/src/jfif.c (line 552) could cause a Denial of Service by using a crafted jpeg file. | 2022-02-08 | 4.3 | CVE-2021-44956 MISC |
ffjpeg_project — ffjpeg | Global buffer overflow vulnerability exist in ffjpeg through 01.01.2021. It is similar to CVE-2020-23705. Issue is in the jfif_encode function at ffjpeg/src/jfif.c (line 708) could cause a Denial of Service by using a crafted jpeg file. | 2022-02-08 | 4.3 | CVE-2021-44957 MISC |
filebrowser — filebrowser | A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE. | 2022-02-04 | 6.8 | CVE-2021-46398 MISC MISC MISC MISC MISC |
fisco-bcos — fisco-bcos | FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks. | 2022-02-07 | 5 | CVE-2021-46359 MISC |
follow-redirects_project — follow-redirects | Exposure of Sensitive Information to an Unauthorized Actor in NPM follow-redirects prior to 1.14.8. | 2022-02-09 | 4.3 | CVE-2022-0536 CONFIRM MISC |
fotobook_project — fotobook | The Fotobook WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient escaping and the use of $_SERVER[‘PHP_SELF’] found in the ~/options-fotobook.php file which allows attackers to inject arbitrary web scripts onto the page, in versions up to and including 3.2.3. | 2022-02-04 | 4.3 | CVE-2022-0380 MISC MISC |
foxit — pdf_reader | A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | 2022-02-04 | 6.8 | CVE-2021-40420 MISC |
foxit — pdf_reader | A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. | 2022-02-04 | 6.8 | CVE-2022-22150 MISC |
frourio — frourio | Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | 2022-02-07 | 6.5 | CVE-2022-23623 CONFIRM MISC |
frourio — frourio-express | Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`. | 2022-02-07 | 6.5 | CVE-2022-23624 MISC CONFIRM |
gerbv_project — gerbv | A use-after-free vulnerability exists in the RS-274X aperture definition tokenization functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and Gerbv forked 2.7.1. A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-02-04 | 6.8 | CVE-2021-40401 MISC |
gerbv_project — gerbv | An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. | 2022-02-04 | 4.3 | CVE-2021-40403 MISC |
gitea — gitea | Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site (‘Open Redirect’) via internal URLs. | 2022-02-08 | 5.8 | CVE-2021-45328 MISC MISC |
gitea — gitea | Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | 2022-02-08 | 5 | CVE-2021-45325 MISC MISC |
gitea — gitea | Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | 2022-02-08 | 4.3 | CVE-2021-45329 MISC MISC |
gitea — gitea | Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | 2022-02-08 | 6.8 | CVE-2021-45326 MISC MISC MISC |
globalnorthstar — northstar_club_management | Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application. | 2022-02-04 | 5 | CVE-2021-29395 MISC MISC |
globalnorthstar — northstar_club_management | Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP. | 2022-02-04 | 5 | CVE-2021-29397 MISC MISC |
globalnorthstar — northstar_club_management | Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled “userID” parameter of the HTTP POST request. | 2022-02-04 | 4 | CVE-2021-29394 MISC MISC |
globalnorthstar — northstar_club_management | Directory traversal in /northstar/Common/NorthFileManager/fileManagerObjects.jsp Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to browse and list the directories across the entire filesystem of the host of the web application. | 2022-02-04 | 5 | CVE-2021-29398 MISC MISC |
google — android | In fb driver, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05850708; Issue ID: ALPS05850708. | 2022-02-09 | 4.6 | CVE-2022-20031 MISC |
google — android | In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837793; Issue ID: ALPS05837793. | 2022-02-09 | 4.6 | CVE-2022-20030 MISC |
google — android | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06198663; Issue ID: ALPS06198663. | 2022-02-09 | 4.6 | CVE-2022-20028 MISC |
google — android | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832. | 2022-02-09 | 4.6 | CVE-2022-20025 MISC |
google — android | In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160806. | 2022-02-09 | 4.6 | CVE-2022-20034 MISC |
google — android | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126827; Issue ID: ALPS06126827. | 2022-02-09 | 4.6 | CVE-2022-20026 MISC |
google — android | In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126826; Issue ID: ALPS06126826. | 2022-02-09 | 4.6 | CVE-2022-20027 MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The `GraphDef` format in TensorFlow does not allow self recursive functions. The runtime assumes that this invariant is satisfied. However, a `GraphDef` containing a fragment such as the following can be consumed when loading a `SavedModel`. This would result in a stack overflow during execution as resolving each `NodeDef` means resolving the function itself and its nodes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 5 | CVE-2022-23591 MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, TensorFlow might do a null-dereference if attributes of some mutable arguments to some operations are missing from the proto. This is guarded by a `DCHECK`. However, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the dereferencing of the null pointer, whereas in the second case it results in a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23570 MISC CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. When decoding a tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments, if the tensors have an invalid `dtype` and 0 elements or an invalid shape. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23571 MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23572 MISC CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateTensorSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve a tensor with large enough number of elements. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23575 MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The implementation of `OpLevelCostEstimator::CalculateOutputSize` is vulnerable to an integer overflow if an attacker can create an operation which would involve tensors with large enough number of elements. We can have a large enough number of dimensions in `output_shape.dim()` or just a small number of dimensions being large enough to cause an overflow in the multiplication. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23576 MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `SafeToRemoveIdentity` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 5 | CVE-2022-23579 MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 5 | CVE-2022-23580 MISC CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The Grappler optimizer in TensorFlow can be used to cause a denial of service by altering a `SavedModel` such that `IsSimplifiableReshape` would trigger `CHECK` failures. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 5 | CVE-2022-23581 CONFIRM MISC MISC MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The implementation of `GetInitOp` is vulnerable to a crash caused by dereferencing a null pointer. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23577 MISC CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The `simplifyBroadcast` function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault (hence, denial of service), if called with scalar shapes. If all shapes are scalar, then `maxRank` is 0, so we build an empty `SmallVector`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. | 2022-02-04 | 5 | CVE-2022-23593 MISC CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. When decoding a resource handle tensor from protobuf, a TensorFlow process can encounter cases where a `CHECK` assertion is invalidated based on user controlled arguments. This allows attackers to cause denial of services in TensorFlow processes. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23564 MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. If a graph node is invalid, TensorFlow can leak memory in the implementation of `ImmutableExecutorState::Initialize`. Here, we set `item->kernel` to `nullptr` but it is a simple `OpKernel*` pointer so the memory that was previously allocated to it would leak. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23578 CONFIRM MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23582 CONFIRM MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don’t match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23583 MISC CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a use after free behavior when decoding PNG images. After `png::CommonFreeDecode(&decode)` gets called, the values of `decode.width` and `decode.height` are in an unspecified state. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23584 MISC CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. When decoding PNG images TensorFlow can produce a memory leak if the image is invalid. After calling `png::CommonInitDecode(…, &decode)`, the `decode` value contains allocated buffers which can only be freed by calling `png::CommonFreeDecode(&decode)`. However, several error case in the function implementation invoke the `OP_REQUIRES` macro which immediately terminates the execution of the function, without allowing for the memory free to occur. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23585 CONFIRM MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that assertions in `function.cc` would be falsified and crash the Python interpreter. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23586 MISC MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that Grappler optimizer would attempt to build a tensor using a reference `dtype`. This would result in a crash due to a `CHECK`-fail in the `Tensor` constructor as reference types are not allowed. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23588 MISC CONFIRM MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, Grappler component of TensorFlow can trigger a null pointer dereference. There are 2 places where this can occur, for the same malicious alteration of a `SavedModel` file (fixing the first one would trigger the same dereference in the second place). First, during constant folding, the `GraphDef` might not have the required nodes for the binary operation. If a node is missing, the correposning `mul_*child` would be null, and the dereference in the subsequent line would be incorrect. We have a similar issue during `IsIdentityConsumingSwitch`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23589 CONFIRM MISC MISC MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. When building an XLA compilation cache, if default settings are used, TensorFlow triggers a null pointer dereference. In the default scenario, all devices are allowed, so `flr->config_proto` is `nullptr`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23595 MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. An attacker can trigger denial of service via assertion failure by altering a `SavedModel` on disk such that `AttrDef`s of some operation are duplicated. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23565 MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. A `GraphDef` from a TensorFlow `SavedModel` can be maliciously altered to cause a TensorFlow process to crash due to encountering a `StatusOr` value that is an error and forcibly extracting the value from it. We have patched the issue in multiple GitHub commits and these will be included in TensorFlow 2.8.0 and TensorFlow 2.7.1, as both are affected. | 2022-02-04 | 5 | CVE-2022-23590 CONFIRM MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause a write outside of bounds of an array in TFLite. In fact, the attacker can override the linked list used by the memory allocator. This can be leveraged for an arbitrary write primitive under certain conditions. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 6.5 | CVE-2022-23561 CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would allow limited reads and writes outside of arrays in TFLite. This exploits missing validation in the conversion from sparse tensors to dense tensors. The fix is included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. Users are advised to upgrade as soon as possible. | 2022-02-04 | 6.5 | CVE-2022-23560 MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would trigger a division by zero in `BiasAndClamp` implementation. There is no check that the `bias_size` is non zero. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 4 | CVE-2022-23557 MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. TensorFlow’s type inference can cause a heap out of bounds read as the bounds checking is done in a `DCHECK` (which is a no-op during production). An attacker can control the `input_idx` variable such that `ix` would be larger than the number of values in `node_t.args`. The fix will be included in TensorFlow 2.8.0. This is the only affected version. | 2022-02-04 | 5.5 | CVE-2022-23592 MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. There is a typo in TensorFlow’s `SpecializeType` which results in heap OOB read/write. Due to a typo, `arg` is initialized to the `i`th mutable argument in a loop where the loop index is `j`. Hence it is possible to assign to `arg` from outside the vector of arguments. Since this is a mutable proto value, it allows both read and write to outside of bounds data. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range. | 2022-02-04 | 6.5 | CVE-2022-23574 CONFIRM MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The implementation of `AssignOp` can result in copying uninitialized data to a new tensor. This later results in undefined behavior. The implementation has a check that the left hand side of the assignment is initialized (to minimize number of allocations), but does not check that the right hand side is also initialized. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 6.5 | CVE-2022-23573 CONFIRM MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. TensorFlow is vulnerable to a heap OOB write in `Grappler`. The `set_output` function writes to an array at the specified index. Hence, this gives a malicious user a write primitive. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 6.5 | CVE-2022-23566 CONFIRM MISC MISC MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The implementation of `Range` suffers from integer overflows. These can trigger undefined behavior or, in some scenarios, extremely large allocations. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 6.5 | CVE-2022-23562 MISC MISC CONFIRM MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in `TfLiteIntArrayCreate`. The `TfLiteIntArrayGetSizeInBytes` returns an `int` instead of a `size_t. An attacker can control model inputs such that `computed_size` overflows the size of `int` datatype. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | 2022-02-04 | 6.5 | CVE-2022-23558 MISC MISC MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. An attacker can craft a TFLite model that would cause an integer overflow in embedding lookup operations. Both `embedding_size` and `lookup_size` are products of values provided by the user. Hence, a malicious user could trigger overflows in the multiplication. In certain scenarios, this can then result in heap OOB read/write. Users are advised to upgrade to a patched version. | 2022-02-04 | 6.5 | CVE-2022-23559 MISC CONFIRM MISC MISC MISC |
gpac — gpac | A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. | 2022-02-04 | 4.3 | CVE-2022-24249 MISC |
gpac — gpac | NULL Pointer Dereference in GitHub repository gpac/gpac prior to 1.1.0. | 2022-02-04 | 4.3 | CVE-2021-4043 CONFIRM MISC |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | 2022-02-08 | 6.8 | CVE-2022-21703 MISC MISC CONFIRM |
high_resolution_streaming_image_server_project — high_resolution_streaming_image_server | IIPImage High Resolution Streaming Image Server prior to commit 882925b295a80ec992063deffc2a3b0d803c3195 is affected by an integer overflow in iipsrv.fcgi through malformed HTTP query parameters. | 2022-02-07 | 5 | CVE-2021-46389 MISC MISC |
hpe — agentless_management | A local unquoted search path security vulnerability has been identified in HPE Agentless Management Service for Windows version(s): Prior to 1.44.0.0, 10.96.0.0. This vulnerability could be exploited locally by a user with high privileges to execute malware that may lead to a loss of confidentiality, integrity, and availability. HPE has provided software updates to resolve the vulnerability in HPE Agentless Management Service for Windows. | 2022-02-04 | 4.6 | CVE-2021-29218 MISC |
hpe — flexnetwork_5130_jg932a_firmware | A potential local buffer overflow vulnerability has been identified in HPE FlexNetwork 5130 EL Switch Series version: Prior to 5130_EI_7.10.R3507P02. HPE has made the following software update to resolve the vulnerability in HPE FlexNetwork 5130 EL Switch Series version 5130_EL_7.10.R3507P02. | 2022-02-04 | 4.6 | CVE-2021-29219 MISC |
hyphp — hybbs2 | update_code in Admin.php in HYBBS2 through 2.3.2 allows arbitrary file upload via a crafted ZIP archive. | 2022-02-09 | 6.5 | CVE-2022-24676 MISC |
ibm — power_system_ac922_(8335-gtx)_firmware | IBM OPENBMC OP920, OP930, and OP940 could allow an unauthenticated user to obtain sensitive information. IBM X-Force ID: 212047. | 2022-02-04 | 5 | CVE-2021-38960 XF CONFIRM |
idreamsoft — icms | In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | 2022-02-04 | 5 | CVE-2021-44977 MISC |
ip2location — country_blocker | The IP2Location Country Blocker WordPress plugin before 2.26.6 does not have CSRF check in the ip2location_country_blocker_save_rules AJAX action, allowing attackers to make a logged in admin block arbitrary country, or block all of them at once, preventing users from accessing the frontend. | 2022-02-07 | 4.3 | CVE-2021-25108 CONFIRM MISC |
ip2location — country_blocker | The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL | 2022-02-07 | 6.4 | CVE-2021-25096 CONFIRM MISC |
ip2location — country_blocker | The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of them at once, preventing users from accessing the frontend. | 2022-02-07 | 5.5 | CVE-2021-25095 CONFIRM MISC |
itunesrpc-remastered_project — itunesrpc-remastered | iTunesRPC-Remastered is a Discord Rich Presence for iTunes on Windows utility. In affected versions iTunesRPC-Remastered did not properly sanitize user input used to remove files leading to file deletion only limited by the process permissions. Users are advised to upgrade as soon as possible. | 2022-02-04 | 6.4 | CVE-2022-23609 CONFIRM MISC |
jenkins — jenkins | Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage. | 2022-02-09 | 5 | CVE-2022-0538 CONFIRM MLIST |
jpress — jpress | A remote code execution (RCE) vulnerability in HelloWorldAddonController.java of jpress v4.2.0 allows attackers to execute arbitrary code via a crafted JAR package. | 2022-02-04 | 6.5 | CVE-2022-23330 MISC |
karma_project — karma | Cross-site Scripting (XSS) – DOM in NPM karma prior to 6.3.14. | 2022-02-05 | 4.3 | CVE-2022-0437 CONFIRM MISC |
kicad — kicad_eda | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-02-04 | 6.8 | CVE-2022-23947 MISC |
kicad — kicad_eda | A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 2022-02-04 | 6.8 | CVE-2022-23946 MISC |
linuxfoundation — argo-cd | Argo CD before 2.1.9 and 2.2.x before 2.2.4 allows directory traversal related to Helm charts because of an error in helmTemplate in repository.go. For example, an attacker may be able to discover credentials stored in a YAML file. | 2022-02-04 | 4 | CVE-2022-24348 MISC CONFIRM |
mahara — mahara | In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of folders in the Files area can be seen by a person not owning the folders. (Only folder names are affected. Neither file names nor file contents are affected.) | 2022-02-09 | 4 | CVE-2022-24694 MISC MISC |
microfocus — voltage_securemail | A potential Information leakage vulnerability has been identified in versions of Micro Focus Voltage SecureMail Mail Relay prior to 7.3.0.1. The vulnerability could be exploited to create an information leakage attack. | 2022-02-04 | 4 | CVE-2021-38130 MISC |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Tampering Vulnerability. | 2022-02-07 | 5 | CVE-2022-23261 N/A |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23262. | 2022-02-07 | 4.4 | CVE-2022-23263 N/A |
microsoft — edge_chromium | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23263. | 2022-02-07 | 6.8 | CVE-2022-23262 N/A |
microweber — microweber | Cross-Site Request Forgery (CSRF) in Packagist microweber/microweber prior to 1.2.11. | 2022-02-08 | 4.3 | CVE-2022-0505 MISC CONFIRM |
microweber — microweber | Generation of Error Message Containing Sensitive Information in Packagist microweber/microweber prior to 1.2.11. | 2022-02-08 | 4 | CVE-2022-0504 MISC CONFIRM |
mirantis — container_cloud_lens_extension | Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce the victim to add a new cluster via its URL. This issue affects: Mirantis Mirantis Container Cloud Lens Extension v3 versions prior to v3.1.1. | 2022-02-04 | 6.8 | CVE-2022-0484 MISC |
mongodb — mongodb | An authenticated user without any specific authorizations may be able to repeatedly invoke the features command where at a high volume may lead to resource depletion or generate high lock contention. This may result in denial of service and in rare cases could result in id field collisions. | 2022-02-04 | 5.5 | CVE-2021-32036 MISC |
mruby — mruby | Out-of-bounds Read in Homebrew mruby prior to 3.2. | 2022-02-09 | 6.4 | CVE-2022-0525 CONFIRM MISC |
msi — app_player | Micro-Star International (MSI) App Player <= 4.280.1.6309 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the NTIOLib_X64.sys and BstkDrv_msi2.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | 2022-02-04 | 4.6 | CVE-2021-44900 MISC MISC |
msi — center | Micro-Star International (MSI) Center <= 1.0.31.0 is vulnerable to multiple Privilege Escalation vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | 2022-02-04 | 4.6 | CVE-2021-44899 MISC MISC |
msi — center_pro | Micro-Star International (MSI) Center Pro <= 2.0.16.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | 2022-02-04 | 4.6 | CVE-2021-44903 MISC MISC |
msi — dragon_center | Micro-Star International (MSI) Dragon Center <= 2.0.116.0 is vulnerable to multiple Privilege Escalation (LPE/EoP) vulnerabilities in the atidgllk.sys, atillk64.sys, MODAPI.sys, NTIOLib.sys, NTIOLib_X64.sys, WinRing0.sys, WinRing0x64.sys drivers components. All the vulnerabilities are triggered by sending specific IOCTL requests. | 2022-02-04 | 4.6 | CVE-2021-44901 MISC MISC |
nvidia — gpu_display_driver | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. | 2022-02-07 | 4.9 | CVE-2022-21815 CONFIRM |
nvidia — virtual_gpu | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service. | 2022-02-07 | 4.9 | CVE-2022-21816 CONFIRM MISC |
ocproducts — composr | Authenticated remote code execution (RCE) in Composr-CMS 10.0.39 and earlier allows remote attackers to execute arbitrary code via uploading a PHP shell through /adminzone/index.php?page=admin-commandr. | 2022-02-09 | 6.5 | CVE-2021-46360 MISC |
octopus — octopus_deploy | In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to localhost, Octopus Server will allow open redirects. | 2022-02-07 | 5.8 | CVE-2022-23184 MISC |
openzeppelin — openzeppelin | In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution. | 2022-02-04 | 5 | CVE-2021-46320 MISC |
publify_project — publify | Business Logic Errors in GitHub repository publify/publify prior to 9.2.7. | 2022-02-08 | 5 | CVE-2022-0524 MISC CONFIRM |
quickbox — quickbox | QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at “adminuseredit.php?usertoedit=XSS”, as the user supplied input for the value of this parameter is not properly sanitized. | 2022-02-07 | 4.3 | CVE-2021-45281 MISC |
radare — radare2 | Expired Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.2. | 2022-02-08 | 6.8 | CVE-2022-0523 MISC CONFIRM |
radare — radare2 | Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.2. | 2022-02-08 | 5.8 | CVE-2022-0518 MISC CONFIRM |
radare — radare2 | Buffer Access with Incorrect Length Value in GitHub repository radareorg/radare2 prior to 5.6.2. | 2022-02-08 | 5.8 | CVE-2022-0519 MISC CONFIRM |
radare — radare2 | Access of Memory Location After End of Buffer in GitHub repository radareorg/radare2 prior to 5.6.2. | 2022-02-08 | 5.8 | CVE-2022-0521 MISC CONFIRM |
radare — radare2 | Use After Free in NPM radare2.js prior to 5.6.2. | 2022-02-08 | 6.8 | CVE-2022-0520 MISC CONFIRM |
radare — radare2 | Access of Memory Location Before Start of Buffer in NPM radare2.js prior to 5.6.2. | 2022-02-08 | 5.8 | CVE-2022-0522 CONFIRM MISC |
rearrange_woocommerce_products_project — rearrange_woocommerce_products | The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access controls in the save_all_order AJAX action, nor validation and escaping when inserting user data in SQL statement, leading to an SQL injection, and allowing any authenticated user, such as subscriber, to modify arbitrary post content (for example with an XSS payload), as well as exfiltrate any data by copying it to another post. | 2022-02-07 | 4 | CVE-2021-24928 MISC |
sap — netweaver_application_server_java | Due to improper error handling in SAP NetWeaver Application Server Java – versions KRNL64NUC 7.22, 7.22EXT, 7.49, KRNL64UC, 7.22, 7.22EXT, 7.49, 7.53, KERNEL 7.22, 7.49, 7.53, an attacker could submit multiple HTTP server requests resulting in errors, such that it consumes the memory buffer. This could result in system shutdown rendering the system unavailable. | 2022-02-09 | 5 | CVE-2022-22533 MISC MISC |
schneider-electric — bmxp342020_firmware | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could cause a leak of sensitive data or unauthorized actions on the web server during the time the user is logged in. Affected Products: Modicon M340 CPUs: BMXP34 (All Versions), Modicon Quantum CPUs with integrated Ethernet (Copro): 140CPU65 (All Versions), Modicon Premium CPUs with integrated Ethernet (Copro): TSXP57 (All Versions), Modicon M340 ethernet modules: (BMXNOC0401, BMXNOE01, BMXNOR0200H) (All Versions), Modicon Quantum and Premium factory cast communication modules: (140NOE77111, 140NOC78*00, TSXETY5103, TSXETY4103) (All Versions) | 2022-02-04 | 6.8 | CVE-2020-7534 MISC |
schneider-electric — easergy_p5_firmware | A CWE-798: Use of Hard-coded Credentials vulnerability exists that could result in information disclosure. If an attacker were to obtain the SSH cryptographic key for the device and take active control of the local operational network connected to the product they could potentially observe and manipulate traffic associated with product configuration. Affected Product: Easergy P5 (All firmware versions prior to V01.401.101) | 2022-02-04 | 5.4 | CVE-2022-22722 MISC |
schneider-electric — ecostruxure_power_monitoring_expert | A CWE-20: Improper Input Validation vulnerability exists that could allow arbitrary files on the server to be read by authenticated users through a limited operating system service account. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | 2022-02-04 | 4 | CVE-2022-22726 MISC |
sealevel — seaconnect_370w_firmware | An out-of-bounds write vulnerability exists in the URL_decode functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to an out-of-bounds write. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2022-02-04 | 4.3 | CVE-2021-21971 MISC MISC |
sealevel — seaconnect_370w_firmware | An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [4] the json_object_get_string to populate the p_payload global variable. The p_payload is only 0x100 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. | 2022-02-04 | 6.8 | CVE-2021-21969 MISC |
sealevel — seaconnect_370w_firmware | An information disclosure vulnerability exists in the Web Server functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted man-in-the-middle attack can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2022-02-04 | 4.3 | CVE-2021-21963 MISC |
sealevel — seaconnect_370w_firmware | A misconfiguration exists in the MQTTS functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. This misconfiguration significantly simplifies a man-in-the-middle attack, which directly leads to control of device functionality. | 2022-02-04 | 6.8 | CVE-2021-21959 MISC |
sealevel — seaconnect_370w_firmware | A denial of service vulnerability exists in the SeaMax remote configuration functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. Specially-crafted network packets can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 2022-02-04 | 6.4 | CVE-2021-21965 MISC |
sealevel — seaconnect_370w_firmware | A file write vulnerability exists in the OTA update task functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A specially-crafted MQTT payload can lead to arbitrary file overwrite. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2022-02-04 | 5.8 | CVE-2021-21968 MISC |
sealevel — seaconnect_370w_firmware | An out-of-bounds write vulnerability exists in the HandleSeaCloudMessage functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. The HandleIncomingSeaCloudMessage function uses at [3] the json_object_get_string to populate the p_name global variable. The p_name is only 0x80 bytes long, and the total MQTT message could be up to 0x201 bytes. Because the function json_object_get_string will fill str based on the length of the json’s value and not the actual str size, this would result in a possible out-of-bounds write. | 2022-02-04 | 6.8 | CVE-2021-21970 MISC |
sealevel — seaconnect_370w_firmware | A heap-based buffer overflow vulnerability exists in the OTA Update u-download functionality of Sealevel Systems, Inc. SeaConnect 370W v1.3.34. A series of specially-crafted MQTT payloads can lead to remote code execution. An attacker must perform a man-in-the-middle attack in order to trigger this vulnerability. | 2022-02-04 | 6.8 | CVE-2021-21962 MISC |
seeddms — seeddms | Open Redirect vulnerability exists in SeedDMS 6.0.15 in out.Login.php, which llows remote malicious users to redirect users to malicious sites using the “referuri” parameter. | 2022-02-04 | 5.8 | CVE-2021-45408 MISC |
servisnet — tessa | An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request. | 2022-02-06 | 5 | CVE-2022-22833 MISC MISC MISC MISC |
seur_oficial_project — seur_oficial | The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when installed, even though it is used for support purposes, it allows to download any file from the web server without restriction after knowing the URL and a password than an administrator can see in the plugin settings page. | 2022-02-07 | 4 | CVE-2021-25004 MISC |
shibboleth — oidc_op | The OIDC OP plugin before 3.0.4 for Shibboleth Identity Provider allows server-side request forgery (SSRF) due to insufficient restriction of the request_uri parameter. This allows attackers to interact with arbitrary third-party HTTP services. | 2022-02-04 | 6.4 | CVE-2022-24129 MISC MISC CONFIRM |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14683, ZDI-CAN-15283, ZDI-CAN-15303, ZDI-CAN-15593) | 2022-02-09 | 6.8 | CVE-2021-46155 MISC MISC MISC MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15085, ZDI-CAN-15289, ZDI-CAN-15602) | 2022-02-09 | 6.8 | CVE-2021-46158 MISC MISC MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15050) | 2022-02-09 | 6.8 | CVE-2021-46159 MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15286) | 2022-02-09 | 6.8 | CVE-2021-46160 MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14684) | 2022-02-09 | 6.8 | CVE-2021-46156 MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15302) | 2022-02-09 | 6.8 | CVE-2021-46161 MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14646, ZDI-CAN-14679, ZDI-CAN-15084, ZDI-CAN-15304) | 2022-02-09 | 6.8 | CVE-2021-46154 MISC MISC MISC MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14757) | 2022-02-09 | 6.8 | CVE-2021-46157 MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a memory corruption vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14645, ZDI-CAN-15305, ZDI-CAN-15589, ZDI-CAN-15599) | 2022-02-09 | 6.8 | CVE-2021-46153 MISC MISC MISC MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains a type confusion vulnerability while parsing NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14643, ZDI-CAN-14644, ZDI-CAN-14755, ZDI-CAN-15183) | 2022-02-09 | 6.8 | CVE-2021-46152 MISC MISC MISC MISC MISC |
siemens — simcenter_femap | A vulnerability has been identified in Simcenter Femap V2020.2 (All versions), Simcenter Femap V2021.1 (All versions). Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-14754, ZDI-CAN-15082) | 2022-02-09 | 6.8 | CVE-2021-46151 MISC MISC MISC |
silabs — zgm130s037hgn_firmware | The Z-Wave specification requires that S2 security can be downgraded to S0 or other less secure protocols, allowing an attacker within radio range during pairing to downgrade and then exploit a different vulnerability (CVE-2013-20003) to intercept and spoof traffic. | 2022-02-04 | 4.8 | CVE-2018-25029 CONFIRM MISC |
silverstripe — silverstripe | Business Logic Errors in GitHub repository silverstripe/silverstripe-framework prior to 4.10.1. | 2022-02-04 | 4 | CVE-2022-0227 CONFIRM MISC |
starwindsoftware — iscsi_san | StarWind iSCSI SAN before 3.5 build 2007-08-09 allows socket exhaustion. | 2022-02-06 | 5 | CVE-2007-20001 MISC |
supportcandy — supportcandy | The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected Cross-Site Scripting issue | 2022-02-07 | 4.3 | CVE-2021-24878 MISC |
supportcandy — supportcandy | The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. | 2022-02-07 | 4.3 | CVE-2021-24843 MISC |
supportcandy — supportcandy | The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers to make a logged in user having access to the ticket lists dashboard set an arbitrary filter (stored in their cookies) with an XSS payload in it. | 2022-02-07 | 6.8 | CVE-2021-24879 MISC |
supportcandy — supportcandy | The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well. | 2022-02-07 | 4.3 | CVE-2021-24839 MISC |
synology — diskstation_manager | Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote attackers to obtain sensitive information via unspecified vectors. | 2022-02-07 | 5 | CVE-2022-22680 CONFIRM |
synology — diskstation_manager | Improper limitation of a pathname to a restricted directory (‘Path Traversal’) vulnerability in support service management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to write arbitrary files via unspecified vectors. | 2022-02-07 | 4 | CVE-2022-22679 CONFIRM |
synology — diskstation_manager | Improper neutralization of special elements in output used by a downstream component (‘Injection’) vulnerability in work flow management in Synology DiskStation Manager (DSM) before 7.0.1-42218-2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2022-02-07 | 4 | CVE-2021-43929 CONFIRM |
synology — mail_station | Improper neutralization of special elements used in an OS command (‘OS Command Injection’) vulnerability in mail sending and receiving component in Synology Mail Station before 7.0.1-42218-2 allows remote authenticated users to execute arbitrary commands via unspecified vectors. | 2022-02-07 | 6.5 | CVE-2021-43928 CONFIRM MISC |
taogogo — taocms | An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can read any files via admin.php?action=file&ctrl=download&path=../../1.txt. | 2022-02-04 | 4 | CVE-2022-23316 MISC |
taogogo — taocms | In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download vulnerability at the File Management column. | 2022-02-04 | 4 | CVE-2021-44983 MISC |
thinkupthemes — responsive_vector_maps | The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvm_upload_regions_file_path parameter in the rvm_import_regions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server | 2022-02-07 | 4 | CVE-2021-24947 MISC |
tp-link — wn886n_firmware | TP-Link WR886N 3.0 1.0.1 Build 150127 Rel.34123n is vulnerable to Buffer Overflow. Authenticated attackers can crash router httpd services via /userRpm/PingIframeRpm.htm request which contains redundant & in parameter. | 2022-02-08 | 4 | CVE-2021-44864 MISC |
twistedmatrix — twisted | twisted is an event-driven networking engine written in Python. In affected versions twisted exposes cookies and authorization headers when following cross-origin redirects. This issue is present in the `twited.web.RedirectAgent` and `twisted.web. BrowserLikeRedirectAgent` functions. Users are advised to upgrade. There are no known workarounds. | 2022-02-07 | 5 | CVE-2022-21712 MISC MISC CONFIRM |
virustotal — yara | A Buffer Overflow vulnerablity exists in VirusTotal YARA git commit: 605b2edf07ed8eb9a2c61ba22eb2e7c362f47ba7 via yr_set_configuration in yara/libyara/libyara.c, which could cause a Denial of Service. | 2022-02-04 | 4.3 | CVE-2021-45429 MISC |
visser — store_exporter_for_woocommerce | The WooCommerce Stored Exporter WordPress plugin before 2.7.1 was affected by a Reflected Cross-Site Scripting (XSS) vulnerability in the woo_ce admin page. | 2022-02-07 | 4.3 | CVE-2022-0149 CONFIRM MISC |
visser — store_toolkit_for_woocommerce | The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the tab parameter before outputting it back in an admin page in an error message, leading to a Reflected Cross-Site Scripting | 2022-02-07 | 4.3 | CVE-2021-25077 MISC CONFIRM |
vmware — cloud_foundation | VMware Cloud Foundation contains an information disclosure vulnerability due to logging of credentials in plain-text within multiple log files on the SDDC Manager. A malicious actor with root access on VMware Cloud Foundation SDDC Manager may be able to view credentials in plaintext within one or more log files. | 2022-02-04 | 4 | CVE-2022-22939 MISC |
voipmonitor — voipmonitor | The config restore function of Voipmonitor GUI before v24.96 does not properly check files sent as restore archives, allowing remote attackers to execute arbitrary commands via a crafted file in the web root. | 2022-02-04 | 6.8 | CVE-2022-24262 MISC |
xwiki — xwiki | ### Impact It’s possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it’s quite easy to perform a lot of those requests. ### Patches This issue has been patched in XWiki 12.10.5 and 13.2RC1. Two different patches are provided: – a first one to fix the CSRF problem – a more complex one that now relies on sending an email for the Forgot username process. ### Workarounds It’s possible to fix the problem without uprading by editing the ForgotUsername page in version below 13.x, to use the following code: https://github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/main/resources/XWiki/ForgotUsername.xml#L39-L123 In version after 13.x it’s also possible to edit manually the forgotusername.vm file, but it’s really encouraged to upgrade the version here. ### References * https://jira.xwiki.org/browse/XWIKI-18384 * https://jira.xwiki.org/browse/XWIKI-18408 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](https://jira.xwiki.org) * Email us at [security ML](mailto:security@xwiki.org) | 2022-02-04 | 4.3 | CVE-2021-32732 MISC MISC CONFIRM MISC MISC |
yet_another_stars_rating_project — yet_another_stars_rating | Cross-Site Scripting (XSS) vulnerability discovered in Yasr – Yet Another Stars Rating WordPress plugin (versions <= 2.9.9), vulnerable at parameter ‘source’. | 2022-02-04 | 4.3 | CVE-2022-23980 CONFIRM CONFIRM |
zammad — zammad | In Zammad 5.0.2, agents can configure “out of office” periods and substitute persons. If the substitute persons didn’t have the same permissions as the original agent, they could receive ticket notifications for tickets that they have no access to. | 2022-02-04 | 5 | CVE-2021-44886 MISC |
zammad — zammad | With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts. | 2022-02-04 | 5.5 | CVE-2021-43145 MISC |
zephyrproject — zephyr | Buffer overflow in usb device class. Zephyr versions >= v2.6.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fm6v-8625-99jf | 2022-02-07 | 5.8 | CVE-2021-3835 N/A |
zimbra — collaboration | An issue was discovered in the Calendar feature in Zimbra Collaboration Suite 8.8.x before 8.8.15 patch 30 (update 1), as exploited in the wild starting in December 2021. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. | 2022-02-09 | 4.3 | CVE-2022-24682 MISC MISC MISC MISC MISC |
Low Vulnerabilities
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
amd — epyc_7763_firmware | AMD EPYC™ Processors contain an information disclosure vulnerability in the Secure Encrypted Virtualization with Encrypted State (SEV-ES) and Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). A local authenticated attacker could potentially exploit this vulnerability leading to leaking guest data by the malicious hypervisor. | 2022-02-04 | 2.1 | CVE-2020-12966 MISC |
apache — gobblin | In Apache Gobblin, the Hadoop token is written to a temp file that is visible to all local users on Unix-like systems. This affects versions <= 0.15.0. Users should update to version 0.16.0 which addresses this issue. | 2022-02-04 | 2.1 | CVE-2021-36151 MISC |
beanstalk_console_project — beanstalk_console | Cross-site Scripting (XSS) – Stored in Packagist ptrofimov/beanstalk_console prior to 1.7.14. | 2022-02-09 | 3.5 | CVE-2022-0539 CONFIRM MISC |
cluevo — learning_management_system | The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape Course’s module, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-02-07 | 3.5 | CVE-2021-25029 MISC |
elecom — wrc-300febk-r_firmware | Cross-site scripting vulnerability in ELECOM LAN router WRC-300FEBK-R firmware v1.13 and earlier allows an attacker on the adjacent network to inject an arbitrary script via unspecified vectors. | 2022-02-08 | 2.9 | CVE-2022-21799 MISC MISC |
fleetdm — fleet | fleet is an open source device management, built on osquery. Versions prior to 4.9.1 expose a limited ability to spoof SAML authentication with missing audience verification. This impacts deployments using SAML SSO in two specific cases: 1. A malicious or compromised Service Provider (SP) could reuse the SAML response to log into Fleet as a user — only if the user has an account with the same email in Fleet, _and_ the user signs into the malicious SP via SAML SSO from the same Identity Provider (IdP) configured with Fleet. 2. A user with an account in Fleet could reuse a SAML response intended for another SP to log into Fleet. This is only a concern if the user is blocked from Fleet in the IdP, but continues to have an account in Fleet. If the user is blocked from the IdP entirely, this cannot be exploited. Fleet 4.9.1 resolves this issue. Users unable to upgrade should: Reduce the length of sessions on your IdP to reduce the window for malicious re-use, Limit the amount of SAML Service Providers/Applications used by user accounts with access to Fleet, and When removing access to Fleet in the IdP, delete the Fleet user from Fleet as well. | 2022-02-04 | 3.5 | CVE-2022-23600 MISC CONFIRM |
google — android | In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150. | 2022-02-09 | 2.1 | CVE-2022-20029 MISC |
google — android | In camera driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862973; Issue ID: ALPS05862973. | 2022-02-09 | 2.1 | CVE-2022-20033 MISC |
google — android | In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675. | 2022-02-09 | 2.1 | CVE-2022-20035 MISC |
google — android | In Bluetooth, there is a possible information disclosure due to incorrect error handling. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108487; Issue ID: ALPS06108487. | 2022-02-09 | 2.1 | CVE-2022-20042 MISC |
google — android | In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822. | 2022-02-09 | 1.9 | CVE-2022-20032 MISC |
google — go-attestation | An improper input validation vulnerability in go-attestation before 0.3.3 allows local users to provide a maliciously-formed Quote over no/some PCRs, causing AKPublic.Verify to succeed despite the inconsistency. Subsequent use of the same set of PCR values in Eventlog.Verify lacks the authentication performed by quote verification, meaning a local attacker could couple this vulnerability with a maliciously-crafted TCG log in Eventlog.Verify to spoof events in the TCG log, hence defeating remotely-attested measured-boot. We recommend upgrading to Version 0.4.0 or above. | 2022-02-04 | 2.1 | CVE-2022-0317 MISC |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. The TFG dialect of TensorFlow (MLIR) makes several assumptions about the incoming `GraphDef` before converting it to the MLIR-based dialect. If an attacker changes the `SavedModel` format on disk to invalidate these assumptions and the `GraphDef` is then converted to MLIR-based IR then they can cause a crash in the Python interpreter. Under certain scenarios, heap OOB read/writes are possible. These issues have been discovered via fuzzing and it is possible that more weaknesses exist. We will patch them as they are discovered. | 2022-02-04 | 2.1 | CVE-2022-23594 MISC CONFIRM |
google — tensorflow | Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible. | 2022-02-04 | 3.3 | CVE-2022-23563 CONFIRM |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. | 2022-02-08 | 2.1 | CVE-2022-21702 CONFIRM MISC MISC |
grafana — grafana | Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | 2022-02-08 | 3.5 | CVE-2022-21713 MISC MISC CONFIRM |
gtranslate — translate_wordpress_with_gtranslate | The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and escape the body parameter in the url_addon/gtranslate-email.php file before outputting it back in the page, leading to a Reflected Cross-Site Scripting issue. Note: exploitation of the issue requires knowledge of the NONCE_SALT and NONCE_KEY | 2022-02-07 | 2.6 | CVE-2021-25103 MISC |
ivorysearch — ivory_search | The Ivory Search WordPress plugin before 5.4.1 does not escape some of the Form settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 2022-02-07 | 3.5 | CVE-2021-25105 MISC |
laracom_project — laracom | Unrestricted Upload of File with Dangerous Type in Packagist jsdecena/laracom prior to v2.0.9. | 2022-02-04 | 3.5 | CVE-2022-0472 CONFIRM MISC |
linux — linux_kernel | An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. | 2022-02-04 | 1.9 | CVE-2022-24448 MISC MISC MISC MISC |
linux — linux_kernel | A vulnerability was found in the Linux kernel’s eBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating some of the exploit mitigations in place for the kernel. This flaws affects kernel versions < v5.16-rc6 | 2022-02-04 | 2.1 | CVE-2022-0264 MISC |
linux — linux_kernel | A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove in drivers/memstick/host/rtsx_usb_ms.c in memstick in the Linux kernel. In this flaw, a local attacker with a user privilege may impact system Confidentiality. This flaw affects kernel versions prior to 5.14 rc1. | 2022-02-04 | 2.1 | CVE-2022-0487 MISC MISC |
livehelperchat — live_helper_chat | Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. | 2022-02-06 | 3.5 | CVE-2022-0502 MISC CONFIRM |
microweber — microweber | Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. | 2022-02-08 | 3.5 | CVE-2022-0506 CONFIRM MISC |
nvidia — gpu_display_driver | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | 2022-02-07 | 3.6 | CVE-2022-21813 CONFIRM |
nvidia — gpu_display_driver | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | 2022-02-07 | 3.6 | CVE-2022-21814 CONFIRM |
pimcore — pimcore | Cross-site Scripting (XSS) – Reflected in Packagist pimcore/pimcore prior to 10.3.1. | 2022-02-08 | 3.5 | CVE-2022-0510 MISC CONFIRM |
pimcore — pimcore | Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.3.1. | 2022-02-08 | 3.5 | CVE-2022-0509 CONFIRM MISC |
premio — mystickyelements | The All-in-one Floating Contact Form, Call, Chat, and 50+ Social Icon Tabs WordPress plugin before 2.0.4 was vulnerable to reflected XSS on the my-sticky-elements-leads admin page. | 2022-02-07 | 3.5 | CVE-2022-0148 MISC CONFIRM |
schneider-electric — ecostruxure_power_monitoring_expert | A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could allow an authenticated attacker to view data, change settings, or impact availability of the software when the user visits a page containing the injected payload. Affected Product: EcoStruxure Power Monitoring Expert (Versions 2020 and prior) | 2022-02-04 | 3.5 | CVE-2022-22804 MISC |
std42 — elfinder | Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. | 2022-02-08 | 3.5 | CVE-2021-45919 MISC |
supportcandy — supportcandy | The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks | 2022-02-07 | 3.5 | CVE-2021-24880 MISC |
tastyigniter — tastyigniter | A Cross-Site Scripting (XSS) vulnerability exists within the 3.2.2 version of TastyIgniter. The “items%5B0%5D%5Bpath%5D” parameter of a request made to /admin/allergens/edit/1 is vulnerable. | 2022-02-09 | 3.5 | CVE-2022-23378 MISC MISC |
trendmicro — worry-free_business_security | A security out-of-bounds read information disclosure vulnerability in Trend Micro Worry-Free Business Security Server could allow a local attacker to send garbage data to a specific named pipe and crash the server. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2022-02-04 | 3.6 | CVE-2022-23805 MISC MISC |
wire — wire-webapp | Wire webapp is a web client for the wire messaging protocol. In versions prior to 2022-01-27-production.0 expired ephemeral messages were not reliably removed from local chat history of Wire Webapp. In versions before 2022-01-27-production.0 ephemeral messages and assets might still be accessible through the local search functionality. Any attempt to view one of these message in the chat view will then trigger the deletion. This issue only affects locally stored messages. On premise instances of wire-webapp need to be updated to 2022-01-27-production.0, so that their users are no longer affected. There are no known workarounds for this issue. | 2022-02-04 | 2.1 | CVE-2022-23605 MISC CONFIRM |
wpeka — wplegalpages | The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WPLegalPages WordPress plugin before 2.7.1 does not check for authorisation and has a flawed CSRF logic when saving its settings, allowing any authenticated users, such as subscriber, to update them. Furthermore, due to the lack of sanitisation and escaping, it could lead to Stored Cross-Site Scripting | 2022-02-07 | 3.5 | CVE-2021-25106 MISC |
xwiki — xwiki | XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it’s possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn’t allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files. | 2022-02-04 | 3.5 | CVE-2021-43841 MISC MISC CONFIRM MISC |
Severity Not Yet Assigned
Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
---|---|---|---|---|
acronis — vss_doctor |
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis VSS Doctor (Windows) before build 53 | 2022-02-11 | not yet calculated | CVE-2022-0483 MISC |
adobe — illustrator |
When a user opens a manipulated Adobe Illustrator file format (.ai, ai.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. | 2022-02-09 | not yet calculated | CVE-2022-22538 MISC MISC |
apache — apisix |
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX’s data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed. | 2022-02-11 | not yet calculated | CVE-2022-24112 MISC MLIST |
apache — apple_cassandra |
When running Apache Cassandra with the following configuration: enable_user_defined_functions: true enable_scripted_user_defined_functions: true enable_user_defined_functions_threads: false it is possible for an attacker to execute arbitrary code on the host. The attacker would need to have enough permissions to create user defined functions in the cluster to be able to exploit this. Note that this configuration is documented as unsafe, and will continue to be considered unsafe after this CVE. | 2022-02-11 | not yet calculated | CVE-2021-44521 MISC MLIST |
apache — cayenne |
Hessian serialization is a network protocol that supports object-based transmission. Apache Cayenne’s optional Remote Object Persistence (ROP) feature is a web services-based technology that provides object persistence and query functionality to ‘remote’ applications. In Apache Cayenne 4.1 and earlier, running on non-current patch versions of Java, an attacker with client access to Cayenne ROP can transmit a malicious payload to any vulnerable third-party dependency on the server. This can result in arbitrary code execution. | 2022-02-11 | not yet calculated | CVE-2022-24289 MISC MLIST |
apache — jim |
Fix of CVE-2021-40525 do not prepend delimiters upon valid directory validations. Affected implementations include: – maildir mailbox store – Sieve file repository This enables a user to access other users data stores (limited to user names being prefixed by the value of the username being used). | 2022-02-07 | not yet calculated | CVE-2022-22931 MISC MISC |
apple — swift-nio-http2 |
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. | 2022-02-09 | not yet calculated | CVE-2022-24668 MISC |
apple — swift-nio-http2 |
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame with HTTP/2 priority information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. | 2022-02-09 | not yet calculated | CVE-2022-24666 MISC |
apple — swift-nio-http2 |
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time | 2022-02-09 | not yet calculated | CVE-2022-24667 MISC |
bd — pyxis_products |
Hardcoded credentials are used in specific BD Pyxis products. If exploited, threat actors may be able to gain access to the underlying file system and could potentially exploit application files for information that could be used to decrypt application credentials or gain access to electronic protected health information (ePHI) or other sensitive information. | 2022-02-11 | not yet calculated | CVE-2022-22766 CONFIRM |
bd — viper_lt |
BD Viper LT system, versions 2.0 and later, contains hardcoded credentials. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). BD Viper LT system versions 4.0 and later utilize Microsoft Windows 10 and have additional Operating System hardening configurations which increase the attack complexity required to exploit this vulnerability. | 2022-02-12 | not yet calculated | CVE-2022-22765 CONFIRM |
blitzjs — superjson |
superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements at least one endpoint which uses superjson during request processing. This has been patched in superjson 1.8.1. Users are advised to update. There are no known workarounds for this issue. | 2022-02-09 | not yet calculated | CVE-2022-23631 CONFIRM |
canon — laser_printers_and_small_office_multifunctional_printers |
Cross-site scripting vulnerability in Canon laser printers and small office multifunctional printers (LBP162L/LBP162, MF4890dw, MF269dw/MF265dw/MF264dw/MF262dw, MF249dw/MF245dw/MF244dw/MF242dw/MF232w, and MF229dw/MF224dw/MF222dw sold in Japan, imageCLASS MF Series (MF113W/MF212W/MF217W/MF227DW/MF229DW, MF232W/MF244DW/MF247DW/MF249DW, MF264DW/MF267DW/MF269DW/MF269DW VP, and MF4570DN/MF4570DW/MF4770N/MF4880DW/MF4890DW) and imageCLASS LBP Series (LBP113W/LBP151DW/LBP162DW ) sold in the US, and iSENSYS (LBP162DW, LBP113W, LBP151DW, MF269dw, MF267dw, MF264dw, MF113w, MF249dw, MF247dw, MF244dw, MF237w, MF232w, MF229dw, MF217w, MF212w, MF4780w, and MF4890dw) and imageRUNNER (2206IF, 2204N, and 2204F) sold in Europe) allows remote attackers to inject an arbitrary script via unspecified vectors. | 2022-02-08 | not yet calculated | CVE-2021-20877 MISC MISC MISC MISC MISC |
chocobozzz — peertube |
Server-Side Request Forgery (SSRF) in GitHub repository chocobozzz/peertube prior to f33e515991a32885622b217bf2ed1d1b0d9d6832 | 2022-02-08 | not yet calculated | CVE-2022-0508 MISC CONFIRM |
cisco — dna_center |
A vulnerability in the audit log of Cisco DNA Center could allow an authenticated, local attacker to view sensitive information in clear text. This vulnerability is due to the unsecured logging of sensitive information on an affected system. An attacker with administrative privileges could exploit this vulnerability by accessing the audit logs through the CLI. A successful exploit could allow the attacker to retrieve sensitive information that includes user credentials. | 2022-02-10 | not yet calculated | CVE-2022-20630 CISCO |
cisco — prime_service_catalog |
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to improper enforcement of Administrator privilege levels for low-value sensitive data. An attacker with read-only Administrator access to the web-based management interface could exploit this vulnerability by sending a malicious HTTP request to the page that contains the sensitive data. A successful exploit could allow the attacker to collect sensitive information about users of the system and orders that have been placed using the application. | 2022-02-10 | not yet calculated | CVE-2022-20680 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20749 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20712 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20707 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20711 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20708 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20710 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20705 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20709 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20706 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20704 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20703 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20701 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20700 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20702 CISCO |
cisco — small_business_series_routers |
Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | 2022-02-10 | not yet calculated | CVE-2022-20699 CISCO |
cisco — umbrella_secure_web_gateway |
A vulnerability in the Cisco Umbrella Secure Web Gateway service could allow an unauthenticated, remote attacker to bypass the file inspection feature. This vulnerability is due to insufficient restrictions in the file inspection feature. An attacker could exploit this vulnerability by downloading a crafted payload through specific methods. A successful exploit could allow the attacker to bypass file inspection protections and download a malicious payload. | 2022-02-10 | not yet calculated | CVE-2022-20738 CISCO |
citrix — workspace_app |
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 – 2111 with App Protection installed that can allow an attacker to perform local privilege escalation. | 2022-02-09 | not yet calculated | CVE-2022-21825 MISC |
concrete — cms |
A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. | 2022-02-09 | not yet calculated | CVE-2021-22954 MISC |
cri-o — cri-o |
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of “safe” sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace. | 2022-02-09 | not yet calculated | CVE-2022-0532 MISC MISC |
csv+ — csv+ |
Cross-site scripting vulnerability in CSV+ prior to 0.8.1 allows a remote unauthenticated attacker to inject an arbitrary script or an arbitrary OS command via a specially crafted CSV file that contains HTML a tag. | 2022-02-08 | not yet calculated | CVE-2022-21241 MISC MISC |
cuppa — cms |
Cuppa CMS v1.0 was discovered to contain an arbitrary file deletion vulnerability via the unlink() function. | 2022-02-10 | not yet calculated | CVE-2022-24647 MISC |
d-link — routers |
A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. | 2022-02-10 | not yet calculated | CVE-2021-41445 MISC MISC MISC MISC |
d-link — routers |
An HTTP smuggling attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to DoS the web application via sending a specific HTTP packet. | 2022-02-09 | not yet calculated | CVE-2021-41442 MISC MISC MISC MISC |
d-link — routers |
A DoS attack in the web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to reboot the router via sending a specially crafted URL to an authenticated victim. The authenticated victim need to visit this URL, for the router to reboot. | 2022-02-09 | not yet calculated | CVE-2021-41441 MISC MISC MISC MISC |
dairy_farm_shop_management_system — dairy_farm_shop_management_system |
Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | 2022-02-11 | not yet calculated | CVE-2020-36062 MISC MISC MISC |
debian — debian-edu-config |
It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. | 2022-02-11 | not yet calculated | CVE-2021-20001 MISC MLIST MLIST |
dell — client_commercial_and_consumer_platforms |
Select Dell Client Commercial and Consumer platforms are vulnerable to an insufficient verification of data authenticity vulnerability. An authenticated malicious user may exploit this vulnerability in order to install modified BIOS firmware. | 2022-02-09 | not yet calculated | CVE-2022-22567 CONFIRM |
dell — client_commercial_consumer_platforms |
Select Dell Client Commercial and Consumer platforms contain a pre-boot direct memory access (DMA) vulnerability. An authenticated attacker with physical access to the system may potentially exploit this vulnerability in order to execute arbitrary code on the device. | 2022-02-09 | not yet calculated | CVE-2022-22566 CONFIRM |
dell — emc_integrated_system |
All Dell EMC Integrated System for Microsoft Azure Stack Hub versions contain a privilege escalation vulnerability. A remote malicious user with standard level JEA credentials may potentially exploit this vulnerability to elevate privileges and take over the system. | 2022-02-09 | not yet calculated | CVE-2021-36302 CONFIRM |
drupal — drupal_core | Cross-site Scripting (XSS) vulnerability in ckeditor of Drupal Core allows attacker to inject XSS. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10.; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | 2022-02-11 | not yet calculated | CVE-2020-13669 CONFIRM |
drupal — drupal_core | Cross-site Scripting (XSS) vulnerability in Drupal core’s sanitization API fails to properly filter cross-site scripting under certain circumstances. This issue affects: Drupal Core 9.1.x versions prior to 9.1.7; 9.0.x versions prior to 9.0.12; 8.9.x versions prior to 8.9.14; 7.x versions prior to 7.80. | 2022-02-11 | not yet calculated | CVE-2020-13672 CONFIRM |
drupal — drupal_core | Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected. | 2022-02-11 | not yet calculated | CVE-2020-13677 CONFIRM |
drupal — drupal_core | Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | 2022-02-11 | not yet calculated | CVE-2020-13670 CONFIRM |
drupal — drupal_core |
Drupal’s JSON:API and REST/File modules allow file uploads through their HTTP APIs. The modules do not correctly run all file validation, which causes an access bypass vulnerability. An attacker might be able to upload files that bypass the file validation process implemented by modules on the site. | 2022-02-11 | not yet calculated | CVE-2020-13675 CONFIRM |
drupal — drupal_core |
Access Bypass vulnerability in Drupal Core allows for an attacker to leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | 2022-02-11 | not yet calculated | CVE-2020-13668 CONFIRM |
drupal — entity_embed |
The Entity Embed module provides a filter to allow embedding entities in content fields. In certain circumstances, the filter could allow an unprivileged user to inject HTML into a page when it is accessed by a trusted user with permission to embed entities. In some cases, this could lead to cross-site scripting. | 2022-02-11 | not yet calculated | CVE-2020-13673 CONFIRM |
drupal — quickedit | The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. | 2022-02-11 | not yet calculated | CVE-2020-13676 CONFIRM |
drupal — quickedit |
The QuickEdit module does not properly validate access to routes, which could allow cross-site request forgery under some circumstances and lead to possible data integrity issues. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. Removing the “access in-place editing” permission from untrusted users will not fully mitigate the vulnerability. | 2022-02-11 | not yet calculated | CVE-2020-13674 CONFIRM |
elastic — kibana |
An XSS vulnerability was found in Kibana index patterns. Using this vulnerability, an authenticated user with permissions to create index patterns can inject malicious javascript into the index pattern which could execute against other users | 2022-02-11 | not yet calculated | CVE-2022-23707 MISC |
elecom — lan_routers |
Hidden functionality vulnerability in ELECOM LAN routers (WRH-300BK3 firmware v1.05 and earlier, WRH-300WH3 firmware v1.05 and earlier, WRH-300BK3-S firmware v1.05 and earlier, WRH-300DR3-S firmware v1.05 and earlier, WRH-300LB3-S firmware v1.05 and earlier, WRH-300PN3-S firmware v1.05 and earlier, WRH-300WH3-S firmware v1.05 and earlier, and WRH-300YG3-S firmware v1.05 and earlier) allows an attacker on the adjacent network to execute an arbitrary OS command via unspecified vectors. | 2022-02-08 | not yet calculated | CVE-2022-21173 MISC MISC |
exponent_cms — exponent_cms |
Exponent CMS 2.6.0patch2 allows an authenticated admin user to inject persistent JavaScript code inside the “Site/Organization Name”,”Site Title” and “Site Header” parameters while updating the site settings on “/exponentcms/administration/configure_site” | 2022-02-09 | not yet calculated | CVE-2022-23047 MISC MISC MISC |
exponent_cms — exponent_cms |
Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at “themes/simpletheme/{rce}.php” from where can be accessed in order to execute commands. | 2022-02-09 | not yet calculated | CVE-2022-23048 MISC MISC MISC |
exponent_cms — exponent_cms |
Exponent CMS 2.6.0patch2 allows an authenticated user to inject persistent JavaScript code on the “User-Agent” header when logging in. When an administrator user visits the “User Sessions” tab, the JavaScript will be triggered allowing an attacker to compromise the administrator session. | 2022-02-09 | not yet calculated | CVE-2022-23049 MISC MISC MISC |
fastify — fastify-multipart |
This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://security.snyk.io/vuln/SNYK-JS-FASTIFYMULTIPART-1290382). | 2022-02-11 | not yet calculated | CVE-2021-23597 CONFIRM CONFIRM CONFIRM |
ffjpeg — ffjpeg |
A Null Pointer Dereference vulnerability exits in ffjpeg d5cfd49 (2021-12-06) in bmp_load(). When the size information in metadata of the bmp is out of range, it returns without assign memory buffer to `pb->pdata` and did not exit the program. So the program crashes when it tries to access the pb->data, in jfif_encode() at jfif.c:763. This is due to the incomplete patch for CVE-2020-13438. | 2022-02-11 | not yet calculated | CVE-2021-45385 MISC MISC |
foxit — pdf_reader | Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have a Stack-Based Buffer Overflow related to XFA, for the ‘subform colSpan=”-2″‘ and ‘draw colSpan=”1″‘ substrings. | 2022-02-11 | not yet calculated | CVE-2022-24954 MISC MISC |
foxit — pdf_reader |
Foxit PDF Reader before 11.2.1 and Foxit PDF Editor before 11.2.1 have an Uncontrolled Search Path Element for DLL files. | 2022-02-11 | not yet calculated | CVE-2022-24955 MISC |
gin-vue-admin — gin-vue-admin |
Gin-vue-admin is a backstage management system based on vue and gin. In versions prior to 2.4.7 low privilege users are able to modify higher privilege users. Authentication is missing on the `setUserInfo` function. Users are advised to update as soon as possible. There are no known workarounds. | 2022-02-09 | not yet calculated | CVE-2022-21660 CONFIRM |
git — git |
The –mirror documentation for Git through 2.35.1 does not mention the availability of deleted content, aka the “GitBleed” issue. This could present a security risk if information-disclosure auditing processes rely on a clone operation without the –mirror option. | 2022-02-11 | not yet calculated | CVE-2022-24975 MISC MISC |
gitea — gitea |
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. | 2022-02-09 | not yet calculated | CVE-2021-45330 MISC |
gitea — gitea |
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once. | 2022-02-09 | not yet calculated | CVE-2021-45331 MISC MISC |
gitlab — enterprise_edition |
An authorization logic error in the External Status Check API in GitLab EE affecting all versions starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allowed a user to update the status of the check via an API call | 2022-02-09 | not yet calculated | CVE-2021-39943 MISC CONFIRM MISC |
golang — go |
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. | 2022-02-11 | not yet calculated | CVE-2022-23772 MISC |
golang — go |
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. | 2022-02-11 | not yet calculated | CVE-2022-23773 MISC |
golang — go |
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. | 2022-02-11 | not yet calculated | CVE-2022-23806 MISC |
google — android |
In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197399948 | 2022-02-11 | not yet calculated | CVE-2021-39619 MISC |
google — android |
In TBD of TBD, there is a possible out of bounds read due to TBD. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206039140References: N/A | 2022-02-11 | not yet calculated | CVE-2021-39688 MISC |
google — android |
In HandleTransactionIoEvent of actuator_driver.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204421047References: N/A | 2022-02-11 | not yet calculated | CVE-2021-39687 MISC |
google — android |
In startVideoStream() there is a possibility of an OOB Read in the heap, when the camera buffer is ‘zero’ in size.Product: AndroidVersions: Android-11Android ID: A-205097028 | 2022-02-11 | not yet calculated | CVE-2021-39677 MISC |
google — android |
In writeThrowable of AndroidFuture.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-197228210 | 2022-02-11 | not yet calculated | CVE-2021-39676 MISC |
google — android |
Summary:Product: AndroidVersions: Android SoCAndroid ID: A-204686438 | 2022-02-11 | not yet calculated | CVE-2021-39616 MISC |
google — android |
In clear_data_dlg_text of strings.xml, there is a possible situation when “Clear storage” functionality sets up the wrong security/privacy expectations due to a misleading message. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193890833 | 2022-02-11 | not yet calculated | CVE-2021-39631 MISC |
google — android |
In GKI_getbuf of gki_buffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205729183 | 2022-02-11 | not yet calculated | CVE-2021-39675 MISC |
google — android |
ims_ex is a vendor system service used to manage VoLTE in unisoc devices?But it does not verify the caller’s permissions?so that normal apps (No phone permissions) can obtain some VoLTE sensitive information and manage VoLTE calls.Product: AndroidVersions: Android SoCAndroid ID: A-206492634 | 2022-02-11 | not yet calculated | CVE-2021-39635 MISC |
google — android |
ismsEx service is a vendor service in unisoc equipment?ismsEx service is an extension of sms system service?but it does not check the permissions of the caller?resulting in permission leaks?Third-party apps can use this service to arbitrarily modify and set system properties?Product: AndroidVersions: Android SoCAndroid ID: A-207479207 | 2022-02-11 | not yet calculated | CVE-2021-39658 MISC |
google — android |
In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 | 2022-02-11 | not yet calculated | CVE-2021-39662 MISC |
google — android |
In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-200682135 | 2022-02-11 | not yet calculated | CVE-2021-39663 MISC |
google — android |
In LoadedPackage::Load of LoadedArsc.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure when parsing an APK file with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-203938029 | 2022-02-11 | not yet calculated | CVE-2021-39664 MISC |
google — android |
In checkSpsUpdated of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204077881 | 2022-02-11 | not yet calculated | CVE-2021-39665 MISC |
google — android |
In extract of MediaMetricsItem.h, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-204445255 | 2022-02-11 | not yet calculated | CVE-2021-39666 MISC |
google — android |
In onActivityViewReady of DetailDialog.kt, there is a possible Intent Redirect due to a confused deputy. This could lead to local escalation of privilege that allows actions performed as the System UI, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-193445603 | 2022-02-11 | not yet calculated | CVE-2021-39668 MISC |
google — android |
In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-196969991 | 2022-02-11 | not yet calculated | CVE-2021-39669 MISC |
google — android |
In code generated by aidl_const_expressions.cpp, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206718630 | 2022-02-11 | not yet calculated | CVE-2021-39671 MISC |
google — android |
In fastboot, there is a possible secure boot bypass due to a configuration error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android SoC Android ID: A-202018701 | 2022-02-11 | not yet calculated | CVE-2021-39672 MISC |
google — android |
In isServiceDistractionOptimized of CarPackageManagerService.java, there is a possible disclosure of installed packages due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-180418334 | 2022-02-11 | not yet calculated | CVE-2021-0524 MISC |
google — android |
In btm_sec_connected and btm_sec_disconnected of btm_sec.cc file , there is a possible use after free. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201083442 | 2022-02-11 | not yet calculated | CVE-2021-39674 MISC |
google — chrome |
Policy bypass in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0117 MISC MISC |
google — chrome |
Use after free in Scheduling in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0298 MISC MISC |
google — chrome |
Use after free in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-11 | not yet calculated | CVE-2021-4099 MISC MISC |
google — chrome |
Insufficient data validation in Mojo in Google Chrome prior to 96.0.4664.110 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | 2022-02-11 | not yet calculated | CVE-2021-4098 MISC MISC |
google — chrome |
Inappropriate implementation in Storage in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0291 MISC MISC |
google — chrome |
Inappropriate implementation in Fenced Frames in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0292 MISC MISC |
google — chrome |
Use after free in Web packaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0293 MISC MISC |
google — chrome |
Inappropriate implementation in Push messaging in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0294 MISC MISC |
google — chrome |
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0295 MISC MISC |
google — chrome |
Use after free in Printing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced the user to engage is specific user interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0296 MISC MISC |
google — chrome |
Use after free in Vulkan in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0297 MISC MISC |
google — chrome |
Use after free in Text Input Method Editor in Google Chrome on Android prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0300 MISC MISC |
google — chrome |
Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-11 | not yet calculated | CVE-2021-4101 MISC MISC |
google — chrome |
Heap buffer overflow in DevTools in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0301 MISC MISC |
google — chrome |
Use after free in Omnibox in Google Chrome prior to 97.0.4692.99 allowed an attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0302 MISC MISC |
google — chrome |
Use after free in Bookmarks in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0304 MISC MISC |
google — chrome |
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0305 MISC MISC |
google — chrome |
Heap buffer overflow in PDFium in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0306 MISC MISC |
google — chrome |
Use after free in Optimization Guide in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0307 MISC MISC |
google — chrome |
Use after free in Data Transfer in Google Chrome on Chrome OS prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0308 MISC MISC |
google — chrome |
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0309 MISC MISC |
google — chrome |
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via specific user interactions. | 2022-02-12 | not yet calculated | CVE-2022-0310 MISC MISC |
google — chrome |
Heap buffer overflow in Task Manager in Google Chrome prior to 97.0.4692.99 allowed a remote attacker who convinced a user to engage in specific user interaction to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0311 MISC MISC |
google — chrome |
Object lifecycle issue in ANGLE in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-11 | not yet calculated | CVE-2021-4100 MISC MISC |
google — chrome |
Use after free in V8 in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-11 | not yet calculated | CVE-2021-4102 MISC MISC |
google — chrome |
Inappropriate implementation in Compositing in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0116 MISC MISC |
google — chrome |
Inappropriate implementation in WebShare in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0118 MISC MISC |
google — chrome |
Uninitialized use in File API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0115 MISC MISC |
google — chrome |
Out of bounds memory access in Blink Serial API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page and virtual serial port driver. | 2022-02-12 | not yet calculated | CVE-2022-0114 MISC MISC |
google — chrome |
Inappropriate implementation in Blink in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0113 MISC MISC |
google — chrome |
Incorrect security UI in Browser UI in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to display missing URL or incorrect URL via a crafted URL. | 2022-02-12 | not yet calculated | CVE-2022-0112 MISC MISC |
google — chrome |
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to incorrectly set origin via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0111 MISC MISC |
google — chrome |
Incorrect security UI in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0110 MISC MISC |
google — chrome |
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to obtain potentially sensitive information via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0109 MISC MISC |
google — chrome |
Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0108 MISC MISC |
google — chrome |
Use after free in File Manager API in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0107 MISC MISC |
google — chrome |
Use after free in PDF Accessibility in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0105 MISC MISC |
google — chrome |
Use after free in Safe browsing in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0289 MISC MISC |
google — chrome |
Heap buffer overflow in ANGLE in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0104 MISC MISC |
google — chrome |
Use after free in SwiftShader in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0103 MISC MISC |
google — chrome |
Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0102 MISC MISC |
google — chrome |
Heap buffer overflow in Bookmarks in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via specific user gesture. | 2022-02-12 | not yet calculated | CVE-2022-0101 MISC MISC |
google — chrome |
Heap buffer overflow in Media streams API in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0100 MISC MISC |
google — chrome |
Use after free in Sign-in in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gesture. | 2022-02-12 | not yet calculated | CVE-2022-0099 MISC MISC |
google — chrome |
Use after free in Screen Capture in Google Chrome on Chrome OS prior to 97.0.4692.71 allowed an attacker who convinced a user to perform specific user gestures to potentially exploit heap corruption via specific user gestures. | 2022-02-12 | not yet calculated | CVE-2022-0098 MISC MISC |
google — chrome |
Inappropriate implementation in DevTools in Google Chrome prior to 97.0.4692.71 allowed an attacker who convinced a user to install a malicious extension to to potentially allow extension to escape the sandbox via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0097 MISC MISC |
google — chrome |
Use after free in Storage in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0096 MISC MISC |
google — chrome |
Inappropriate implementation in Passwords in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially leak cross-origin data via a malicious website. | 2022-02-12 | not yet calculated | CVE-2022-0120 MISC MISC |
google — chrome |
Use after free in Autofill in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who convinced a user to perform specific user gesture to potentially exploit heap corruption via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0106 MISC MISC |
google — chrome |
Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 2022-02-12 | not yet calculated | CVE-2022-0290 MISC MISC |
gradle — gradle |
Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, Gradle may skip that verification and accept a dependency that would otherwise fail the build as an untrusted external artifact. This occurs when dependency verification is disabled on one or more configurations and those configurations have common dependencies with other configurations that have dependency verification enabled. If the configuration that has dependency verification disabled is resolved first, Gradle does not verify the common dependencies for the configuration that has dependency verification enabled. Gradle 7.4 fixes that issue by validating artifacts at least once if they are present in a resolved configuration that has dependency verification active. For users who cannot update either do not use `ResolutionStrategy.disableDependencyVerification()` and do not use plugins that use that method to disable dependency verification for a single configuration or make sure resolution of configuration that disable that feature do not happen in builds that resolve configuration where the feature is enabled. | 2022-02-10 | not yet calculated | CVE-2022-23630 MISC MISC CONFIRM |
hospital_management_system — hospital_management_system |
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/contact.php via the txtMsg parameters. | 2022-02-10 | not yet calculated | CVE-2022-24646 MISC |
htmldoc — htmldoc |
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). | 2022-02-09 | not yet calculated | CVE-2022-0534 MISC MISC |
huawei — huawei | There is a vulnerability of unstrict input parameter verification in the audio assembly.Successful exploitation of this vulnerability may cause out-of-bounds access. | 2022-02-09 | not yet calculated | CVE-2021-39997 MISC |
huawei — huawei | There is a vulnerability of signature verification mechanism failure in system upgrade through recovery mode.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-02-09 | not yet calculated | CVE-2021-40045 MISC MISC |
huawei — huawei | There is a race condition vulnerability in the binder driver subsystem in the kernel.Successful exploitation of this vulnerability may affect kernel stability. | 2022-02-09 | not yet calculated | CVE-2021-40015 MISC MISC |
huawei — huawei |
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-02-09 | not yet calculated | CVE-2021-39991 MISC |
huawei — huawei |
There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | 2022-02-09 | not yet calculated | CVE-2021-39992 MISC |
huawei — huawei |
There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. | 2022-02-09 | not yet calculated | CVE-2021-39994 MISC |
huawei — huawei |
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-02-09 | not yet calculated | CVE-2021-39986 MISC |
huawei — huawei |
There is an improper memory access permission configuration on ACPU.Successful exploitation of this vulnerability may cause out-of-bounds access. | 2022-02-09 | not yet calculated | CVE-2021-37107 MISC |
huawei — huawei |
There is a permission verification vulnerability in the Bluetooth module.Successful exploitation of this vulnerability may cause unauthorized operations. | 2022-02-09 | not yet calculated | CVE-2021-40044 MISC |
huawei — huawei |
There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. | 2022-02-09 | not yet calculated | CVE-2021-37115 MISC |
huawei — huawei |
There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. | 2022-02-09 | not yet calculated | CVE-2021-37109 MISC |
ifmeorg — ifme |
In Ifme, versions 1.0.0 to v.7.33.2 don’t properly invalidate a user’s session even after the user initiated logout. It makes it possible for an attacker to reuse the admin cookies either via local/network access or by other hypothetical attacks. | 2022-02-10 | not yet calculated | CVE-2021-25992 MISC MISC |
intel — advisor |
Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-23152 MISC |
intel — advisor |
Incorrect default permissions in the software installer for the Intel(R) Advisor before version 2021.4.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-33129 MISC |
intel — amt |
Null pointer dereference in subsystem for Intel(R) AMT before versions 15.0.35 may allow an authenticated user to potentially enable denial of service via network access. | 2022-02-09 | not yet calculated | CVE-2021-33068 MISC CONFIRM |
intel — atom_processors |
Out of bounds read under complex microarchitectural condition in memory subsystem for some Intel Atom(R) Processors may allow authenticated user to potentially enable information disclosure or cause denial of service via network access. | 2022-02-09 | not yet calculated | CVE-2021-33120 MISC |
intel — capital_global_summit_android_application |
Improper access control in the Intel(R) Capital Global Summit Android application may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2022-21153 MISC |
intel — core_processors |
Out-of-bounds read in some Intel(R) Core(TM) processors with Radeon(TM) RX Vega M GL integrated graphics before version 21.10 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2021-33105 MISC |
intel — ethernet controllers_and_adapters |
Insufficient control flow management for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2021-33061 MISC CONFIRM |
intel — ethernet controllers_and_adapters |
Improper isolation of shared resources in network on chip for the Intel(R) 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2021-33096 MISC CONFIRM |
intel — gpa_software |
Uncontrolled search path in the Intel(R) GPA software before version 21.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-33101 MISC |
intel — ipp_crypto_library |
Improper conditions check in the Intel(R) IPP Crypto library before version 2021.2 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2021-33147 MISC |
intel — kernelflinger |
Out-of-bounds write in the Intel(R) Kernelflinger project may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-33137 MISC |
intel — multiple-products |
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2021-0176 MISC |
intel — multiple-products |
Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0162 MISC |
intel — multiple-products |
Improper locking in the Power Management Controller (PMC) for some Intel Chipset firmware before versions pmc_fw_lbg_c1-21ww02a and pmc_fw_lbg_b0-21ww02a may allow a privileged user to potentially enable denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2021-0147 MISC |
intel — multiple-products |
Improper Use of Validation Framework in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0179 MISC |
intel — multiple-products |
Improper input validation in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0178 MISC |
intel — multiple-products |
Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0177 MISC |
intel — multiple-products |
Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0161 MISC |
intel — multiple-products |
Improper Validation of Specified Index, Position, or Offset in Input in software for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0183 MISC |
intel — multiple-products |
Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0175 MISC |
intel — multiple-products |
Improper Use of Validation Framework in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0174 MISC |
intel — multiple-products |
Improper Validation of Consistency within input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0173 MISC |
intel — multiple-products |
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0172 MISC |
intel — multiple-products |
Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2021-0171 MISC |
intel — multiple-products |
Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2021-0170 MISC |
intel — multiple-products |
Uncontrolled Search Path Element in software for Intel(R) PROSet/Wireless Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0169 MISC |
intel — multiple-products |
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0168 MISC |
intel — multiple-products |
Improper access control in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0167 MISC |
intel — multiple-products |
Exposure of Sensitive Information to an Unauthorized Actor in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0166 MISC |
intel — multiple-products |
Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0165 MISC |
intel — multiple-products |
Improper access control in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0164 MISC |
intel — multiple-products |
Improper Validation of Consistency within input in software for Intel(R) PROSet/Wireless Wi-Fi and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-0163 MISC |
intel — multiple_products |
Improper conditions check in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-33139 MISC |
intel — multiple_products |
Improper input validation in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2021-0072 MISC |
intel — multiple_products |
Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. | 2022-02-09 | not yet calculated | CVE-2021-33107 MISC |
intel — multiple_products |
Improper input validation for some Intel(R) Wireless Bluetooth(R) products and Killer(TM) Bluetooth(R) products in Windows 10 and 11 before version 22.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-33110 MISC |
intel — multiple_products |
Improper Validation of Specified Index, Position, or Offset in Input in firmware for some Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and some Killer(TM) Wi-Fi in Windows 10 and 11 may allow a privileged user to potentially enable denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2021-0076 MISC |
intel — multiple_products |
Improper input validation in firmware for some Intel(R) Wireless Bluetooth(R) and Killer(TM) Bluetooth(R) products before version 22.100 may allow an authenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-33155 MISC |
intel — multiple_products |
Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-33113 MISC |
intel — multiple_products |
Improper input validation in firmware for Intel(R) PROSet/Wireless Wi-Fi in multiple operating systems and Killer(TM) Wi-Fi in Windows 10 and 11 may allow an unauthenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0066 MISC |
intel — multiple_products |
Insufficient compartmentalization in HECI subsystem for the Intel(R) SPS before versions SPS_E5_04.01.04.516.0, SPS_E5_04.04.04.033.0, SPS_E5_04.04.03.281.0, SPS_E5_03.01.03.116.0, SPS_E3_05.01.04.309.0, SPS_02.04.00.101.0, SPS_SoC-A_05.00.03.114.0, SPS_SoC-X_04.00.04.326.0, SPS_SoC-X_03.00.03.117.0, IGN_E5_91.00.00.167.0, SPS_PHI_03.01.03.078.0 may allow an authenticated user to potentially enable escalation of privilege via physical access. | 2022-02-09 | not yet calculated | CVE-2021-0060 MISC CONFIRM |
intel — multiple_products |
Improper input validation for some Intel(R) PROSet/Wireless WiFi in multiple operating systems and Killer(TM) WiFi in Windows 10 and 11 may allow an authenticated user to potentially enable denial of service via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-33114 MISC |
intel — processors |
Unchecked return value in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0107 MISC CONFIRM |
intel — processors |
Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0156 MISC CONFIRM |
intel — processors |
Out-of-bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0116 MISC CONFIRM |
intel — processors |
Pointer issues in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0117 MISC CONFIRM |
intel — processors |
Out-of-bounds read in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0118 MISC CONFIRM |
intel — processors |
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-02-09 | not yet calculated | CVE-2021-0119 MISC CONFIRM |
intel — processors |
NULL pointer dereference in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0111 MISC CONFIRM |
intel — processors |
Insufficient control flow management in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable an escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0103 MISC CONFIRM |
intel — processors |
Improper initialization of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2021-0145 MISC CONFIRM |
intel — processors |
Buffer overflow in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0115 MISC CONFIRM |
intel — processors |
Incorrect default permissions in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2021-0093 MISC CONFIRM |
intel — processors |
Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable a denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2021-0092 MISC CONFIRM |
intel — processors |
Insufficient control flow management in some Intel(R) Processors may allow an authenticated user to potentially enable a denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2021-0127 MISC CONFIRM |
intel — processors |
Improper access control in the firmware for some Intel(R) Processors may allow an unauthenticated user to potentially enable an escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0091 MISC CONFIRM |
intel — processors |
Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-02-09 | not yet calculated | CVE-2021-0125 MISC CONFIRM |
intel — processors |
Improper access control in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via physical access. | 2022-02-09 | not yet calculated | CVE-2021-0124 MISC CONFIRM |
intel — processors |
Insufficient control flow management in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable an escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-0099 MISC CONFIRM |
intel — quartus_prime_pro |
Improper input validation in a third-party component for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2021-44454 MISC |
intel — quartus_prime_pro_edition |
Improper access control in a third-party component of Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2022-21174 MISC |
intel — quartus_prime_pro_edition |
Improper permissions for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2022-21204 MISC |
intel — quartus_prime_standard_edition |
Improper permissions in the SafeNet Sentinel driver for Intel(R) Quartus(R) Prime Standard Edition before version 21.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2022-21203 MISC |
intel — realsense_dcm |
Improper access control in the Intel(R) RealSense(TM) DCM before version 20210625 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2021-33119 MISC |
intel — rxt |
Incorrect default permissions for the Intel(R) RXT for Chromebook application, all versions, may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2021-33166 MISC |
intel — smart_campus_android_application |
Improper access control in the Intel(R) Smart Campus Android application before version 6.1 may allow authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2022-21157 MISC |
intel — trace_analyzer_and_collector |
Uncaught exception in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2022-21218 MISC |
intel — trace_analyzer_and_collector |
Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2022-21133 MISC |
intel — trace_analyzer_and_collector |
Out-of-bounds read in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable information disclosure via local access. | 2022-02-09 | not yet calculated | CVE-2022-21226 MISC |
intel — trace_analyzer_and_collector |
Access of uninitialized pointer in the Intel(R) Trace Analyzer and Collector before version 2021.5 may allow an authenticated user to potentially enable denial of service via local access. | 2022-02-09 | not yet calculated | CVE-2022-21156 MISC |
intel — uefi |
Improper input validation for some Intel(R) PROSet/Wireless WiFi in UEFI may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 2022-02-09 | not yet calculated | CVE-2021-33115 MISC |
intl — quartus_prime_pro_edition |
Improper restriction of XML external entity reference in DSP Builder Pro for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an unauthenticated user to potentially enable information disclosure via network access. | 2022-02-09 | not yet calculated | CVE-2022-21205 MISC |
justarchinet — archisteamfarm |
ArchiSteamFarm (ASF) is a C# application with primary purpose of idling Steam cards from multiple accounts simultaneously. Due to a bug in ASF code, introduced in version V5.2.2.2, the program didn’t adequately verify effective access of the user sending proxy (i.e. `[Bots]`) commands. In particular, a proxy-like command sent to bot `A` targeting bot `B` has incorrectly verified user’s access against bot `A` – instead of bot `B`, to which the command was originally designated. This in result allowed access to resources beyond those configured, being a security threat affecting confidentiality of other bot instances. A successful attack exploiting this bug requires a significant access granted explicitly by original owner of the ASF process prior to that, as attacker has to control at least a single bot in the process to make use of this inadequate access verification loophole. The issue is patched in ASF V5.2.2.5, V5.2.3.2 and future versions. Users are advised to update as soon as possible. | 2022-02-08 | not yet calculated | CVE-2022-23627 MISC MISC MISC CONFIRM MISC MISC MISC |
kde — kate_and_ktexteditor |
The LSP (Language Server Protocol) plugin in KDE Kate before 21.12.2 and KTextEditor before 5.91.0 tries to execute the associated LSP server binary when opening a file of a given type. If this binary is absent from the PATH, it will try running the LSP server binary in the directory of the file that was just opened (due to a misunderstanding of the QProcess API, that was never intended). This can be an untrusted directory. | 2022-02-11 | not yet calculated | CVE-2022-23853 MISC CONFIRM |
libtiff — libtiff |
Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. | 2022-02-11 | not yet calculated | CVE-2022-0561 MISC MISC CONFIRM |
libtiff — libtiff |
Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. | 2022-02-11 | not yet calculated | CVE-2022-0562 MISC MISC CONFIRM |
linux — linux_kernel |
An information leak flaw was found due to uninitialized memory in the Linux kernel’s TIPC protocol subsystem, in the way a user sends a TIPC datagram to one or more destinations. This flaw allows a local user to read some kernel memory. This issue is limited to no more than 7 bytes, and the user cannot control what is read. This flaw affects the Linux kernel versions prior to 5.17-rc1. | 2022-02-11 | not yet calculated | CVE-2022-0382 MISC |
linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in yam_siocdevprivate in drivers/net/hamradio/yam.c. | 2022-02-11 | not yet calculated | CVE-2022-24959 MISC MISC |
linux — linux_kernel |
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system. | 2022-02-11 | not yet calculated | CVE-2022-0185 MISC MISC MISC MISC |
linux — linux_kernel |
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. | 2022-02-11 | not yet calculated | CVE-2022-24958 MISC MISC MISC |
linux — linux_kernel |
The check_alu_op() function in kernel/bpf/verifier.c in the Linux kernel through v5.16-rc5 did not properly update bounds while handling the mov32 instruction, which allows local users to obtain potentially sensitive address information, aka a “pointer leak.” | 2022-02-11 | not yet calculated | CVE-2021-45402 MISC MISC MISC |
magnolia — magnolia |
A Server-Side Template Injection (SSTI) vulnerability in the Registration and Forgotten Password forms of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted payload entered into the fullname parameter. | 2022-02-11 | not yet calculated | CVE-2021-46362 MISC |
magnolia — magnolia |
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted XLF file. | 2022-02-11 | not yet calculated | CVE-2021-46365 MISC |
magnolia — magnolia |
An issue in the Export function of Magnolia v6.2.3 and below allows attackers to execute arbitrary code via a crafted CSV/XLS file. | 2022-02-11 | not yet calculated | CVE-2021-46363 MISC |
magnolia_cms — magnolia_cms |
An issue in the Freemark Filter of Magnolia CMS v6.2.11 and below allows attackers to bypass security restrictions and execute arbitrary code via a crafted FreeMarker payload. | 2022-02-11 | not yet calculated | CVE-2021-46361 MISC |
magnolia_cms — magnolia_cms |
An issue in the Login page of Magnolia CMS v6.2.3 and below allows attackers to exploit both an Open Redirect vulnerability and Cross-Site Request Forgery (CSRF) in order to brute force and exfiltrate users’ credentials. | 2022-02-11 | not yet calculated | CVE-2021-46366 MISC |
magnolia_cms — magnolia_cms |
A vulnerability in the Snake YAML parser of Magnolia CMS v6.2.3 and below allows attackers to execute arbitrary code via a crafted YAML file. | 2022-02-11 | not yet calculated | CVE-2021-46364 MISC |
mahara — mahara |
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known. | 2022-02-10 | not yet calculated | CVE-2022-24111 MISC MISC |
mediatek — bluetooth |
In Bluetooth, there is a possible memory corruption due to a logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06142410; Issue ID: ALPS06142410. | 2022-02-09 | not yet calculated | CVE-2022-20046 MISC |
mediatek — bluetooth |
In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126820; Issue ID: ALPS06126820. | 2022-02-09 | not yet calculated | CVE-2022-20045 MISC |
mediatek — bluetooth |
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06148177; Issue ID: ALPS06148177. | 2022-02-09 | not yet calculated | CVE-2022-20043 MISC |
mediatek — bluetooth |
In Bluetooth, there is a possible service crash due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126814; Issue ID: ALPS06126814. | 2022-02-09 | not yet calculated | CVE-2022-20044 MISC |
mediatek — bluetooth |
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108596; Issue ID: ALPS06108596. | 2022-02-09 | not yet calculated | CVE-2022-20041 MISC |
mediatek — ccu_driver |
In ccu driver, there is a possible memory corruption due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183345; Issue ID: ALPS06183345. | 2022-02-09 | not yet calculated | CVE-2022-20039 MISC |
mediatek — ccu_driver |
In ccu driver, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06183335; Issue ID: ALPS06183335. | 2022-02-09 | not yet calculated | CVE-2022-20038 MISC |
mediatek — ion_driver |
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID: ALPS06171689. | 2022-02-09 | not yet calculated | CVE-2022-20036 MISC |
mediatek — ion_driver |
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID: ALPS06171705. | 2022-02-09 | not yet calculated | CVE-2022-20037 MISC |
mediatek — ion_driver |
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991. | 2022-02-09 | not yet calculated | CVE-2022-20017 MISC |
mediatek — power_hal_manager_service |
In power_hal_manager_service, there is a possible permission bypass due to a stack-based buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219150; Issue ID: ALPS06219150. | 2022-02-09 | not yet calculated | CVE-2022-20040 MISC |
mediatek — system_service |
In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064. | 2022-02-09 | not yet calculated | CVE-2022-20024 MISC |
mellium — mellium |
In Mellium mellium.im/xmpp through 0.21.0, an attacker capable of spoofing DNS TXT records can redirect a WebSocket connection request to a server under their control without causing TLS certificate verification to fail. This occurs because the wrong host name is selected during this verification. | 2022-02-11 | not yet calculated | CVE-2022-24968 MISC MISC |
microsoft — .net |
.NET Denial of Service Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21986 MISC |
microsoft — azure_data_explorer |
Azure Data Explorer Spoofing Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-23256 MISC |
microsoft — dynamics_365 |
Microsoft Dynamics 365 (on-premises) Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21957 MISC |
microsoft — dynamics_gp |
Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23272, CVE-2022-23273. | 2022-02-09 | not yet calculated | CVE-2022-23271 MISC |
microsoft — dynamics_gp |
Microsoft Dynamics GP Spoofing Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-23269 MISC |
microsoft — dynamics_gp |
Microsoft Dynamics GP Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-23274 MISC |
microsoft — dynamics_gp |
Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23273. | 2022-02-09 | not yet calculated | CVE-2022-23272 MISC |
microsoft — dynamics_gp |
Microsoft Dynamics GP Elevation Of Privilege Vulnerability. This CVE ID is unique from CVE-2022-23271, CVE-2022-23272. | 2022-02-09 | not yet calculated | CVE-2022-23273 MISC |
microsoft — excel |
Microsoft Excel Information Disclosure Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22716 MISC |
microsoft — hevc_video_extensions |
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21926, CVE-2022-21927. | 2022-02-09 | not yet calculated | CVE-2022-21844 MISC |
microsoft — hevc_video_extensions |
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21927. | 2022-02-09 | not yet calculated | CVE-2022-21926 MISC |
microsoft — hevc_video_extensions |
HEVC Video Extensions Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21844, CVE-2022-21926. | 2022-02-09 | not yet calculated | CVE-2022-21927 MISC |
microsoft — office_ |
Microsoft Office Information Disclosure Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-23252 MISC |
microsoft — office_clicktorun |
Microsoft Office ClickToRun Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22004 MISC |
microsoft — office_graphics |
Microsoft Office Graphics Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22003 MISC |
microsoft — office_visio |
Microsoft Office Visio Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21988 MISC |
microsoft — onedrive |
Microsoft OneDrive for Android Security Feature Bypass Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-23255 MISC |
microsoft — outlook_for_mac |
Microsoft Outlook for Mac Security Feature Bypass Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-23280 MISC MISC |
microsoft — power_bi |
Microsoft Power BI Information Disclosure Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-23254 MISC |
microsoft — roaming_security_rights_management_services |
Roaming Security Rights Management Services Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21974 MISC |
microsoft — sharepoint |
Microsoft SharePoint Server Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22005 MISC |
microsoft — sharepoint_server |
Microsoft SharePoint Server Spoofing Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21987 MISC |
microsoft — sharepoint_server |
Microsoft SharePoint Server Security Feature BypassVulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21968 MISC |
microsoft — sql_server_for_linux_containers |
SQL Server for Linux Containers Elevation of Privilege Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-23276 MISC |
microsoft — teams |
Microsoft Teams Denial of Service Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21965 MISC |
microsoft — visual_studio |
Visual Studio Code Remote Development Extension Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21991 MISC |
microsoft — vp9_video_extensions |
VP9 Video Extensions Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22709 MISC |
microsoft — win32k |
Win32k Elevation of Privilege Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21996 MISC |
microsoft — windows | Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22718. | 2022-02-09 | not yet calculated | CVE-2022-22717 MISC MISC |
microsoft — windows |
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-21999, CVE-2022-22717. | 2022-02-09 | not yet calculated | CVE-2022-22718 MISC |
microsoft — windows |
Named Pipe File System Elevation of Privilege Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22715 MISC |
microsoft — windows |
Windows Runtime Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21971 MISC |
microsoft — windows |
Windows Remote Access Connection Manager Information Disclosure Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21985 MISC |
microsoft — windows |
Windows Kernel Elevation of Privilege Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21989 MISC |
microsoft — windows |
Windows Hyper-V Denial of Service Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22712 MISC |
microsoft — windows_common_log_file_system |
Windows Common Log File System Driver Denial of Service Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22710 MISC |
microsoft — windows_common_log_file_system_driver |
Windows Common Log File System Driver Information Disclosure Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21998 MISC |
microsoft — windows_common_log_file_system_driver |
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21981. | 2022-02-09 | not yet calculated | CVE-2022-22000 MISC |
microsoft — windows_common_log_file_system_driver |
Windows Common Log File System Driver Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-22000. | 2022-02-09 | not yet calculated | CVE-2022-21981 MISC |
microsoft — windows_dns_server | Windows DNS Server Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21984 MISC |
microsoft — windows_dwm_core_library |
Windows DWM Core Library Elevation of Privilege Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21994 MISC |
microsoft — windows_hyper-v |
Windows Hyper-V Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21995 MISC |
microsoft — windows_mobile_device_management |
Windows Mobile Device Management Remote Code Execution Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21992 MISC |
microsoft — windows_print_spooler |
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21999, CVE-2022-22717, CVE-2022-22718. | 2022-02-09 | not yet calculated | CVE-2022-21997 MISC |
microsoft — windows_print_spooler |
Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21997, CVE-2022-22717, CVE-2022-22718. | 2022-02-09 | not yet calculated | CVE-2022-21999 MISC |
microsoft — windows_remote_access_connection_manager |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22001 MISC |
microsoft — windows_services_for_nfs_oncrpc_xdr_driver |
Windows Services for NFS ONCRPC XDR Driver Information Disclosure Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-21993 MISC |
microsoft — windows_user_account_profile_picture |
Windows User Account Profile Picture Denial of Service Vulnerability. | 2022-02-09 | not yet calculated | CVE-2022-22002 MISC MISC |
microweber — microweber | Cross-site Scripting (XSS) – Stored in Packagist microweber/microweber prior to 1.2.11. | 2022-02-10 | not yet calculated | CVE-2022-0558 CONFIRM MISC |
microweber — microweber | Open Redirect in Packagist microweber/microweber prior to 1.2.11. | 2022-02-11 | not yet calculated | CVE-2022-0560 CONFIRM MISC |
microweber — microweber |
OS Command Injection in Packagist microweber/microweber prior to 1.2.11. | 2022-02-11 | not yet calculated | CVE-2022-0557 CONFIRM MISC |
minicms — minicms |
MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php. | 2022-02-10 | not yet calculated | CVE-2021-44970 MISC |
mitsubishi_electric — factory_automation_engineering_products | Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an attacker to execute arbitrary code. | 2022-02-11 | not yet calculated | CVE-2020-14523 MISC |
mitsubishi_electric — factory_automation_engineering_products |
Multiple Mitsubishi Electric Factory Automation engineering software products have a malicious code execution vulnerability. A malicious attacker could use this vulnerability to obtain information, modify information, and cause a denial-of-service condition. | 2022-02-11 | not yet calculated | CVE-2020-14521 MISC |
nexacro — nexacro |
improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method. | 2022-02-09 | not yet calculated | CVE-2021-26613 MISC |
nokia — bts_trs_web_console | Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious unauthenticated user can get access to all the functionalities exposed via the web panel, circumventing the authentication process, by using URL encoding for the . (dot) character. | 2022-02-11 | not yet calculated | CVE-2021-31932 MISC |
novel-plus — novel-plus |
Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input. | 2022-02-10 | not yet calculated | CVE-2022-24568 MISC |
ocs_inventory — ocs_inventory |
OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS). | 2022-02-11 | not yet calculated | CVE-2021-46355 MISC MISC |
open-policy-agent — opa |
OPA is an open source, general-purpose policy engine. Under certain conditions, pretty-printing an abstract syntax tree (AST) that contains synthetic nodes could change the logic of some statements by reordering array literals. Example of policies impacted are those that parse and compare web paths. **All of these** three conditions have to be met to create an adverse effect: 1. An AST of Rego had to be **created programmatically** such that it ends up containing terms without a location (such as wildcard variables). 2. The AST had to be **pretty-printed** using the `github.com/open-policy-agent/opa/format` package. 3. The result of the pretty-printing had to be **parsed and evaluated again** via an OPA instance using the bundles, or the Golang packages. If any of these three conditions are not met, you are not affected. Notably, all three would be true if using **optimized bundles**, i.e. bundles created with `opa build -O=1` or higher. In that case, the optimizer would fulfil condition (1.), the result of that would be pretty-printed when writing the bundle to disk, fulfilling (2.). When the bundle was then used, we’d satisfy (3.). As a workaround users may disable optimization when creating bundles. | 2022-02-09 | not yet calculated | CVE-2022-23628 MISC CONFIRM MISC MISC |
optimism — geth_forth |
Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. | 2022-02-10 | not yet calculated | CVE-2022-24916 MISC MISC MISC MISC MISC |
otrs — ag_otrs |
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error message of the regular expression check. When used in the agent interface, malicious code might be exectued in the browser. This issue affects: OTRS AG OTRS 7.0.x version: 7.0.31 and prior versions. | 2022-02-07 | not yet calculated | CVE-2022-0473 CONFIRM |
otrs — otrscustomcontactfields |
Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions. | 2022-02-07 | not yet calculated | CVE-2022-0474 CONFIRM |
palo_alto_networks — cortex_xsoar |
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network Cortex XSOAR web interface enables an authenticated network-based attacker to store a persistent javascript payload that will perform arbitrary actions in the Cortex XSOAR web interface on behalf of authenticated administrators who encounter the payload during normal operations. This issue impacts: All builds of Cortex XSOAR 6.1.0; Cortex XSOAR 6.2.0 builds earlier than build 1958888. | 2022-02-10 | not yet calculated | CVE-2022-0020 CONFIRM |
palo_alto_networks — globalprotect_app |
An insufficiently protected credentials vulnerability exists in the Palo Alto Networks GlobalProtect app on Linux that exposes the hashed credentials of GlobalProtect users that saved their password during previous GlobalProtect app sessions to other local users on the system. The exposed credentials enable a local attacker to authenticate to the GlobalProtect portal or gateway as the target user without knowing of the target user’s plaintext password. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Linux. GlobalProtect app 5.2 versions earlier than and including GlobalProtect app 5.2.7 on Linux. GlobalProtect app 5.3 versions earlier than GlobalProtect app 5.3.2 on Linux. This issue does not affect the GlobalProtect app on other platforms. | 2022-02-10 | not yet calculated | CVE-2022-0019 CONFIRM |
palo_alto_networks — globalprotect_app |
An improper link resolution before file access (‘link following’) vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that enables a local attacker to disrupt system processes and potentially execute arbitrary code with SYSTEM privileges under certain circumstances. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows. GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.5 on Windows. This issue does not affect GlobalProtect app on other platforms. | 2022-02-10 | not yet calculated | CVE-2022-0017 CONFIRM |
palo_alto_networks — globalprotect_app |
An improper handling of exceptional conditions vulnerability exists within the Connect Before Logon feature of the Palo Alto Networks GlobalProtect app that enables a local attacker to escalate to SYSTEM or root privileges when authenticating with Connect Before Logon under certain circumstances. This issue impacts GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS. This issue does not affect the GlobalProtect app on other platforms. | 2022-02-10 | not yet calculated | CVE-2022-0016 CONFIRM |
palo_alto_networks — globalprotect_app |
An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms. | 2022-02-10 | not yet calculated | CVE-2022-0021 CONFIRM |
palo_alto_networks — globalprotect_app |
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user’s local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms. | 2022-02-10 | not yet calculated | CVE-2022-0018 CONFIRM |
palo_alto_networks — pan-os |
PAN-OS software provides options to exclude specific websites from URL category enforcement and those websites are blocked or allowed (depending on your rules) regardless of their associated URL category. This is done by creating a custom URL category list or by using an external dynamic list (EDL) in a URL Filtering profile. When the entries in these lists have a hostname pattern that does not end with a forward slash (/) or a hostname pattern that ends with an asterisk (*), any URL that starts with the specified pattern is considered a match. Entries with a caret (^) at the end of a hostname pattern match any top level domain. This may inadvertently allow or block more URLs than intended and allowing more URLs than intended represents a security risk. For example: example.com will match example.com.website.test example.com.* will match example.com.website.test example.com.^ will match example.com.test You should take special care when using such entries in policy rules that allow traffic. Where possible, use the exact list of hostname names ending with a forward slash (/) instead of using wildcards. PAN-OS 10.1 versions earlier than PAN-OS 10.1.3; PAN-OS 10.0 versions earlier than PAN-OS 10.0.8; PAN-OS 9.1 versions earlier than PAN-OS 9.1.12; all PAN-OS 9.0 versions; PAN-OS 8.1 versions earlier than PAN-OS 8.1.21, and Prisma Access 2.2 and 2.1 versions do not allow customers to change this behavior without changing the URL category list or EDL. | 2022-02-10 | not yet calculated | CVE-2022-0011 CONFIRM |
pingidentity — pingfederate |
When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password. | 2022-02-10 | not yet calculated | CVE-2021-42000 MISC MISC |
piwigo — piwigo |
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | 2022-02-10 | not yet calculated | CVE-2021-45357 MISC |
portainer — agent |
In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | 2022-02-11 | not yet calculated | CVE-2022-24961 MISC MISC MISC MISC |
projeqtor — projeqtor |
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. | 2022-02-11 | not yet calculated | CVE-2021-42940 MISC MISC |
puma — puma |
Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails’ Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability. | 2022-02-11 | not yet calculated | CVE-2022-23634 CONFIRM MISC MISC MISC MISC |
python — python |
A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like ‘r’ and ‘n’ in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. | 2022-02-09 | not yet calculated | CVE-2022-0391 MISC |
qnap — nas_running_kazoo_server |
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo Server. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.22 and later | 2022-02-11 | not yet calculated | CVE-2021-38679 MISC |
qualcomm — multiple_snapdragon_products |
Possible out of bounds write due to improper validation of number of GPIOs configured in an internal parameters array in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-02-11 | not yet calculated | CVE-2021-30322 CONFIRM |
qualcomm — multiple_snapdragon_products |
Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | 2022-02-11 | not yet calculated | CVE-2021-30323 CONFIRM |
qualcomm — multiple_snapdragon_products |
Improper validation of program headers containing ELF metadata can lead to image verification bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-02-11 | not yet calculated | CVE-2021-30317 CONFIRM |
qualcomm — multiple_snapdragon_products |
Improper size validation of QXDM commands can lead to memory corruption in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-02-11 | not yet calculated | CVE-2021-30309 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible out of bound write due to lack of boundary check for the maximum size of buffer when sending a DCI packet to remote process in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-02-11 | not yet calculated | CVE-2021-30324 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | 2022-02-11 | not yet calculated | CVE-2021-30325 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible assertion due to improper size validation while processing the DownlinkPreemption IE in an RRC Reconfiguration/RRC Setup message in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-02-11 | not yet calculated | CVE-2021-30326 CONFIRM |
qualcomm — multiple_snapdragon_products |
Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 2022-02-11 | not yet calculated | CVE-2021-35068 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible integer overflow due to improper fragment datatype while calculating number of fragments in a request message in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-02-11 | not yet calculated | CVE-2021-35074 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible null pointer dereference due to lack of WDOG structure validation during registration in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-02-11 | not yet calculated | CVE-2021-35075 CONFIRM |
qualcomm — multiple_snapdragon_products |
Possible use after free scenario in compute offloads to DSP while multiple calls spawn a dynamic process in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile | 2022-02-11 | not yet calculated | CVE-2021-35077 CONFIRM |
qualcomm — multiple_snapdragon_products |
Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables | 2022-02-11 | not yet calculated | CVE-2021-30318 CONFIRM |
qualcomm — multiple_snapdragon_products |
Improper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | 2022-02-11 | not yet calculated | CVE-2021-35069 CONFIRM |
quartus — quartus_prime_pro_edition |
Improper restriction of XML external entity for Intel(R) Quartus(R) Prime Pro Edition before version 21.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | 2022-02-09 | not yet calculated | CVE-2022-21220 MISC |
rails — rails |
Action Pack is a framework for handling and responding to web requests. Under certain circumstances response bodies will not be closed. In the event a response is *not* notified of a `close`, `ActionDispatch::Executor` will not know to reset thread local state for the next request. This can lead to data being leaked to subsequent requests.This has been fixed in Rails 7.0.2.1, 6.1.4.5, 6.0.4.5, and 5.2.6.1. Upgrading is highly recommended, but to work around this problem a middleware described in GHSA-wh98-p28r-vrc9 can be used. | 2022-02-11 | not yet calculated | CVE-2022-23633 MISC CONFIRM MLIST |
ruby-lang — ruby | CGI.escape_html in Ruby before 2.7.5 and 3.x before 3.0.3 has an integer overflow and resultant buffer overflow via a long string on platforms (such as Windows) where size_t and long have different numbers of bytes. This also affects the CGI gem before 0.3.1 for Ruby. | 2022-02-06 | not yet calculated | CVE-2021-41816 MISC MISC CONFIRM |
s-cart — s-cart |
A Directory Traversal vulnerability exists in S-Cart 6.7 via download in sc-admin/backup. | 2022-02-11 | not yet calculated | CVE-2021-44111 MISC |
samsung — android_application |
Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim’s devices. | 2022-02-11 | not yet calculated | CVE-2022-24925 MISC |
samsung — bixby_vision |
Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. | 2022-02-11 | not yet calculated | CVE-2022-24003 MISC |
samsung — bixby_vision |
A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | 2022-02-11 | not yet calculated | CVE-2022-23434 MISC |
samsung — camera |
Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. | 2022-02-11 | not yet calculated | CVE-2022-23998 MISC |
samsung — edge_panel |
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. | 2022-02-11 | not yet calculated | CVE-2022-24001 MISC |
samsung — link_sharing |
Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. | 2022-02-11 | not yet calculated | CVE-2022-24002 MISC |
samsung — livewallpaperservice |
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. | 2022-02-11 | not yet calculated | CVE-2022-24924 MISC |
samsung — mobile | An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | 2022-02-11 | not yet calculated | CVE-2022-23432 MISC |
samsung — mobile | An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | 2022-02-11 | not yet calculated | CVE-2022-23431 MISC |
samsung — mobile | An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. | 2022-02-11 | not yet calculated | CVE-2022-23429 MISC |
samsung — mobile | An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | 2022-02-11 | not yet calculated | CVE-2022-23428 MISC |
samsung — mobile | PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | 2022-02-11 | not yet calculated | CVE-2022-23427 MISC |
samsung — mobile | A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | 2022-02-11 | not yet calculated | CVE-2022-23426 MISC |
samsung — mobile |
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | 2022-02-11 | not yet calculated | CVE-2022-23999 MISC |
samsung — mobile |
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | 2022-02-11 | not yet calculated | CVE-2022-24000 MISC |
samsung — mobile |
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. | 2022-02-11 | not yet calculated | CVE-2022-23433 MISC |
samsung — mobile |
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. | 2022-02-11 | not yet calculated | CVE-2022-22291 MISC |
samsung — mobile |
A persistent cross-site scripting (XSS) vulnerability exists on two input fields within the administrative panel when editing users in the XMPie UStore application on version 12.3.7244.0. | 2022-02-10 | not yet calculated | CVE-2022-23321 MISC MISC MISC |
samsung — mobile |
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | 2022-02-11 | not yet calculated | CVE-2022-23425 MISC |
samsung — searchwidget |
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. | 2022-02-11 | not yet calculated | CVE-2022-24923 MISC |
samsung — smarttagplugin |
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim’s devices. | 2022-02-11 | not yet calculated | CVE-2022-24926 MISC |
samsung — telecom |
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | 2022-02-11 | not yet calculated | CVE-2022-22292 MISC |
samsung — video_player |
Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. | 2022-02-11 | not yet calculated | CVE-2022-24927 MISC |
samsung — wear_os |
Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. | 2022-02-11 | not yet calculated | CVE-2022-23996 MISC |
samsung — wear_os |
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | 2022-02-11 | not yet calculated | CVE-2022-23995 MISC |
samsung — wear_os |
An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | 2022-02-11 | not yet calculated | CVE-2022-23994 MISC |
samsung — wear_os |
Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. | 2022-02-11 | not yet calculated | CVE-2022-23997 MISC |
sap — 3d_visual_enterprise_viewer |
When a user opens a manipulated Tagged Image File Format (.tiff, 2d.x3d)) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. | 2022-02-09 | not yet calculated | CVE-2022-22537 MISC MISC |
sap — 3d_visual_enterprise_viewer |
When a user opens a manipulated JPEG file format (.jpg, 2d.x3d) received from untrusted sources in SAP 3D Visual Enterprise Viewer – version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application. The file format details along with their CVE relevant information can be found below. | 2022-02-09 | not yet calculated | CVE-2022-22539 MISC MISC |
sap — adaptive_server_enterprise |
SAP Adaptive Server Enterprise (ASE) – version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries. | 2022-02-09 | not yet calculated | CVE-2022-22528 MISC MISC |
sap — business_objects_web_intelligence |
Due to improper HTML encoding in input control summary, an authorized attacker can execute XSS vulnerability in SAP Business Objects Web Intelligence (BI Launchpad) – version 420. | 2022-02-09 | not yet calculated | CVE-2022-22546 MISC MISC |
sap — erp_chm_portugal |
SAP ERP HCM Portugal – versions 600, 604, 608, does not perform necessary authorization checks for a report that reads the payroll data of employees in a certain area. Since the affected report only reads the payroll information, the attacker can neither modify any information nor cause availability impacts. | 2022-02-09 | not yet calculated | CVE-2022-22535 MISC MISC |
sap — netweaver |
Due to insufficient encoding of user input, SAP NetWeaver allows an unauthenticated attacker to inject code that may expose sensitive data like user ID and password. These endpoints are normally exposed over the network and successful exploitation can partially impact confidentiality of the application. | 2022-02-09 | not yet calculated | CVE-2022-22534 MISC MISC |
sap — netweaver_application_server_abap_and_abap_platform |
A high privileged user who has access to transaction SM59 can read connection details stored with the destination for http calls in SAP NetWeaver Application Server ABAP and ABAP Platform – versions 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756. | 2022-02-09 | not yet calculated | CVE-2022-22545 MISC MISC |
sap — netweaver_application_server_for_abap_and_abap_platform |
SAP NetWeaver Application Server for ABAP (Kernel) and ABAP Platform (Kernel) – versions KERNEL 7.22, 8.04, 7.49, 7.53, 7.77, 7.81, 7.85, 7.86, 7.87, KRNL64UC 8.04, 7.22, 7.22EXT, 7.49, 7.53, KRNL64NUC 7.22, 7.22EXT, 7.49, does not sufficiently validate sap-passport information, which could lead to a Denial-of-Service attack. This allows an unauthorized remote user to provoke a breakdown of the SAP Web Dispatcher or Kernel work process. The crashed process can be restarted immediately, other processes are not affected. | 2022-02-09 | not yet calculated | CVE-2022-22543 MISC MISC |
sap — netweaver_as_abap |
SAP NetWeaver AS ABAP (Workplace Server) – versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 787, allows an attacker to execute crafted database queries, that could expose the backend database. Successful attacks could result in disclosure of a table of contents from the system, but no risk of modification possible. | 2022-02-09 | not yet calculated | CVE-2022-22540 MISC MISC |
sap — s/4hana_supplier_factsheet |
S/4HANA Supplier Factsheet exposes the private address and bank details of an Employee Business Partner with Supplier Role, AND Enterprise Search for Customer, Supplier and Business Partner objects exposes the private address fields of Employee Business Partners, to an actor that is not explicitly authorized to have access to that information, which could compromise Confidentiality. | 2022-02-09 | not yet calculated | CVE-2022-22542 MISC MISC |
sap — solution_manager |
Solution Manager (Diagnostics Root Cause Analysis Tools) – version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service. | 2022-02-09 | not yet calculated | CVE-2022-22544 MISC MISC |
schneider_electric — conext_combox |
A CWE-522: Insufficiently Protected Credentials vulnerability exists that could cause Sensitive data such as login credentials being exposed when a Network is sniffed. Affected Product: Conext ComBox (All Versions) | 2022-02-11 | not yet calculated | CVE-2021-22798 MISC |
schneider_electric — connexium_network_manager_software |
A CWE-269: Improper Privilege Management vulnerability exists that could cause an arbitrary command execution when the software is configured with specially crafted event actions. Affected Product: ConneXium Network Manager Software (All Versions) | 2022-02-11 | not yet calculated | CVE-2021-22801 MISC |
schneider_electric — easergy_p40 |
A CWE-798: Use of Hard-coded Credentials vulnerability exists. If an attacker were to obtain the TLS cryptographic key and take active control of the Courier tunneling communication network, they could potentially observe and manipulate traffic associated with product configuration. | 2022-02-09 | not yet calculated | CVE-2022-22813 MISC |
schneider_electric — ecostruxure_ev_charging_expert | A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) | 2022-02-09 | not yet calculated | CVE-2022-22807 MISC |
schneider_electric — ecostruxure_ev_charging_expert |
A CWE-942: Permissive Cross-domain Policy with Untrusted Domains vulnerability exists that could cause a remote attacker to gain unauthorized access to the product when conducting cross-domain attacks based on same-origin policy or cross-site request forgery protections bypass. Affected Product: EcoStruxure EV Charging Expert (formerly known as EVlink Load Management System): (HMIBSCEA53D1EDB, HMIBSCEA53D1EDS, HMIBSCEA53D1EDM, HMIBSCEA53D1EDL, HMIBSCEA53D1ESS, HMIBSCEA53D1ESM, HMIBSCEA53D1EML) (All Versions prior to SP8 (Version 01) V4.0.0.13) | 2022-02-09 | not yet calculated | CVE-2022-22808 MISC |
schneider_electric — interactive_graphical_scada_system_data_collector |
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22805 MISC |
schneider_electric — interactive_graphical_scada_system_data_collector |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22824 MISC |
schneider_electric — interactive_graphical_scada_system_data_collector |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in remote code execution due to missing length check on user supplied data, when a constructed message is received on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22802 MISC |
schneider_electric — interactive_graphical_scada_system_data_collector |
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause deletion of arbitrary files in the context of the user running IGSS due to lack of validation of network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21320 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22823 MISC |
schneider_electric — interactive_graphical_scada_system_data_collector |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22804 MISC |
schneider_electric — interactive_graphical_scada_system_data_collector |
A CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could lead to remote code execution through a number of paths, when an attacker, writes arbitrary files to folders in context of the DC module, by sending constructed messages on the network. Affected Product: Interactive Graphical SCADA System Data Collector (dc.exe) (V15.0.0.21243 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22803 MISC |
schneider_electric — interactive_graphical_scada_system_data_server |
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when an attacker sends a specific message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | 2022-02-09 | not yet calculated | CVE-2022-24317 MISC MISC |
schneider_electric — interactive_graphical_scada_system_data_server |
A CWE-190: Integer Overflow or Wraparound vulnerability exists that could cause heap-based buffer overflow, leading to denial of service and potentially remote code execution when an attacker sends multiple specially crafted messages. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | 2022-02-09 | not yet calculated | CVE-2022-24310 MISC |
schneider_electric — interactive_graphical_scada_system_data_server |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | 2022-02-09 | not yet calculated | CVE-2022-24312 MISC MISC |
schneider_electric — interactive_graphical_scada_system_data_server |
A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | 2022-02-09 | not yet calculated | CVE-2022-24314 MISC |
schneider_electric — interactive_graphical_scada_system_data_server |
A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | 2022-02-09 | not yet calculated | CVE-2022-24315 MISC MISC |
schneider_electric — interactive_graphical_scada_system_data_server |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by inserting at beginning of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | 2022-02-09 | not yet calculated | CVE-2022-24311 MISC MISC |
schneider_electric — interactive_graphical_scada_system_data_server |
A CWE-665: Improper Initialization vulnerability exists that could cause information exposure when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | 2022-02-09 | not yet calculated | CVE-2022-24316 MISC MISC |
schneider_electric — interactive_graphical_scada_system_data_server |
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server (V15.0.0.22020 and prior) | 2022-02-09 | not yet calculated | CVE-2022-24313 MISC MISC |
schneider_electric — modicon_ethernet_programmable_automation_products |
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of files located in the web root directory to leak when an attacker sends a HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | 2022-02-11 | not yet calculated | CVE-2021-22785 MISC |
schneider_electric — modicon_ethernet_programmable_automation_products |
A CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of the device when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | 2022-02-11 | not yet calculated | CVE-2021-22787 MISC |
schneider_electric — modicon_ethernet_programmable_automation_products |
A CWE-787: Out-of-bounds Write vulnerability exists that could cause denial of service when an attacker sends a specially crafted HTTP request to the web server of the device. Affected Product: Modicon M340 CPUs: BMXP34 (Versions prior to V3.40), Modicon M340 X80 Ethernet Communication Modules: BMXNOE0100 (H), BMXNOE0110 (H), BMXNOC0401, BMXNOR0200H RTU (All Versions), Modicon Premium Processors with integrated Ethernet (Copro): TSXP574634, TSXP575634, TSXP576634 (All Versions), Modicon Quantum Processors with Integrated Ethernet (Copro): 140CPU65xxxxx (All Versions), Modicon Quantum Communication Modules: 140NOE771x1, 140NOC78x00, 140NOC77101 (All Versions), Modicon Premium Communication Modules: TSXETY4103, TSXETY5103 (All Versions) | 2022-02-11 | not yet calculated | CVE-2021-22788 MISC |
schneider_electric — modicon_m218_logic_controller |
A CWE-20: Improper Input Validation vulnerability exists that could cause a Denial of Service when a crafted packet is sent to the controller over network port 1105/TCP. Affected Product: Modicon M218 Logic Controller (V5.1.0.6 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22800 MISC |
schneider_electric — multiple_products | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow an attacker to manipulate the admin after numerous attempts at guessing credentials. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | 2022-02-09 | not yet calculated | CVE-2022-22810 MISC |
schneider_electric — multiple_products | A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow modifications of the touch configurations in an unauthorized manner when an attacker attempts to modify the touch configurations. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | 2022-02-09 | not yet calculated | CVE-2022-22809 MISC |
schneider_electric — multiple_products | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists that could induce users to perform unintended actions, leading to the override of the system?s configurations when an attacker persuades a user to visit a rogue website. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | 2022-02-09 | not yet calculated | CVE-2022-22811 MISC |
schneider_electric — multiple_products |
A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) | 2022-02-09 | not yet calculated | CVE-2022-24318 MISC |
schneider_electric — multiple_products |
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability exists that could allow a remote code execution when a file is saved. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22748 MISC |
schneider_electric — multiple_products |
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA web server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) | 2022-02-09 | not yet calculated | CVE-2022-24319 MISC |
schneider_electric — multiple_products |
A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists that could cause Denial of Service against the Geo SCADA server when receiving a malformed HTTP request. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) | 2022-02-09 | not yet calculated | CVE-2022-24321 MISC |
schneider_electric — multiple_products |
A CWE-276: Incorrect Default Permissions vulnerability exists that could cause unauthorized access to the base installation directory leading to local privilege escalation. Affected Product: Harmony/Magelis iPC Series (All Versions), Vijeo Designer (All Versions prior to V6.2 SP11 Multiple HotFix 4), Vijeo Designer Basic (All Versions prior to V1.2.1) | 2022-02-09 | not yet calculated | CVE-2021-22817 MISC |
schneider_electric — multiple_products |
A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution when a malicious file is uploaded. Affected Product: C-Bus Toolkit (V1.15.9 and prior), C-Gate Server (V2.11.7 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22796 MISC |
schneider_electric — multiple_products |
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could cause data exfiltration and unauthorized access when accessing a malicious website. Affected Product: spaceLYnk (V2.6.1 and prior), Wiser for KNX (V2.6.1 and prior), fellerLYnk (V2.6.1 and prior) | 2022-02-11 | not yet calculated | CVE-2021-22806 MISC |
schneider_electric — multiple_products |
A CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists that could cause a web session compromise when an attacker injects and then executes arbitrary malicious JavaScript code inside the target browser. Affected Product: spaceLYnk (V2.6.2 and prior), Wiser for KNX (formerly homeLYnk) (V2.6.2 and prior), fellerLYnk (V2.6.2 and prior) | 2022-02-09 | not yet calculated | CVE-2022-22812 MISC |
schneider_electric — multiple_products |
A CWE-295: Improper Certificate Validation vulnerability exists that could allow a Man-in-theMiddle attack when communications between the client and Geo SCADA database server are intercepted. Affected Product: ClearSCADA (All Versions), EcoStruxure Geo SCADA Expert 2019 (All Versions), EcoStruxure Geo SCADA Expert 2020 (All Versions) | 2022-02-09 | not yet calculated | CVE-2022-24320 MISC |
secuwiz — secuwayssl |
An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments. | 2022-02-09 | not yet calculated | CVE-2021-26616 MISC |
servicenow_orlando — servicenow_orlando |
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists. | 2022-02-10 | not yet calculated | CVE-2021-45901 MISC MISC |
siemens — comos |
A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.2.14 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS allows to upload and store arbitrary files at the webserver. This could allow an attacker to store malicious files. | 2022-02-09 | not yet calculated | CVE-2021-37194 MISC |
siemens — jt2go |
A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15112) | 2022-02-09 | not yet calculated | CVE-2021-44018 MISC |
siemens — jt2go |
A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll library is vulnerable to memory corruption condition while parsing specially crafted PAR files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-15110) | 2022-02-09 | not yet calculated | CVE-2021-44016 MISC |
siemens — jt2go |
A vulnerability has been identified in JT2Go (All versions), Solid Edge SE2021 (All versions < SE2021MP9), Solid Edge SE2022 (All versions < SE2022MP1), Teamcenter Visualization V12.4 (All versions), Teamcenter Visualization V13.1 (All versions), Teamcenter Visualization V13.2 (All versions), Teamcenter Visualization V13.3 (All versions < V13.3.0.1). The plmxmlAdapterSE70.dll contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-15053) | 2022-02-09 | not yet calculated | CVE-2021-44000 MISC |
siemens — sicam_toolbox_II |
A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. | 2022-02-09 | not yet calculated | CVE-2021-45106 MISC |
siemens — simatic_firmware | A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V17 (All versions >= V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system. | 2022-02-09 | not yet calculated | CVE-2021-40363 MISC |
siemens — simatic_firmware |
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. | 2022-02-09 | not yet calculated | CVE-2021-37185 MISC |
siemens — simatic_firmware |
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packet over port 102/tcp. A restart of the affected device is needed to restore normal operations. | 2022-02-09 | not yet calculated | CVE-2021-37204 MISC |
siemens — simatic_firmware |
A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations. | 2022-02-09 | not yet calculated | CVE-2021-37205 MISC |
siemens — simatic_firmware |
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 and earlier (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server. | 2022-02-09 | not yet calculated | CVE-2021-40360 MISC |
siemens — sinema_remote_connect_server |
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. | 2022-02-09 | not yet calculated | CVE-2022-23102 MISC FULLDISC MISC |
siemens — spectrum_power |
A vulnerability has been identified in Spectrum Power 4 (All versions < V4.70 SP9 Security Patch 1). The integrated web application “Online Help” in affected product contains a Cross-Site Scripting (XSS) vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. | 2022-02-09 | not yet calculated | CVE-2022-23312 MISC |
statamic_version — statamic_version |
A Code Execution vulnerability exists in Statamic Version through 3.2.26 via SettingsController.php. | 2022-02-10 | not yet calculated | CVE-2021-45364 MISC |
stormshield — stormshield |
In Stormshield 1.1.0, and 2.1.0 through 2.9.0, an attacker can block a client from accessing the VPN and can obtain sensitive information through the SN VPN SSL Client. | 2022-02-10 | not yet calculated | CVE-2021-31814 MISC MISC |
stormshield — stormshield_network_security |
Stormshield Network Security (SNS) 1.0.0 through 4.2.3 allows a Denial of Service. | 2022-02-10 | not yet calculated | CVE-2021-37613 MISC MISC |
stormshield — stormshield_network_security |
Stormshield Network Security (SNS) 3.x has an Integer Overflow in the high-availability component. | 2022-02-10 | not yet calculated | CVE-2021-3398 MISC MISC |
taocms — taocms |
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. | 2022-02-10 | not yet calculated | CVE-2021-44969 MISC |
tcman_gim — tcman_gim | The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. | 2022-02-11 | not yet calculated | CVE-2021-4046 CONFIRM |
tcpreplay — tcpreplay |
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv4() at tree.c. | 2022-02-11 | not yet calculated | CVE-2021-45387 MISC |
tcpreplay — tcpreplay |
tcpreplay 4.3.4 has a Reachable Assertion in add_tree_ipv6() at tree.c | 2022-02-11 | not yet calculated | CVE-2021-45386 MISC |
tenda — routers |
A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. | 2022-02-11 | not yet calculated | CVE-2020-26728 MISC MISC |
thinfinity — virtualui |
Thinfinity VirtualUI 2.1.28.0, 2.1.32.1 and 2.5.26.2, fixed in version 3.0 is affected by an information disclosure vulnerability in the parameter “Addr” in cmd site. The ability to send requests to other systems can allow the vulnerable server to filtrate the real IP of the web server or increase the attack surface. | 2022-02-09 | not yet calculated | CVE-2021-46354 MISC MISC |
thinkphp — thinkphp |
A Remote Code Execution (RCE) vulnerability exists in ThinkPHP 3.x.x via value[_filename] in index.php, which could let a malicious user obtain server control privileges. | 2022-02-10 | not yet calculated | CVE-2021-44892 MISC |
tokheim_profleet_dialog — tokheim_profleet_dialog | Tokheim Profleet DiaLOG 11.005.02 is affected by SQL Injection. The component is the Field__UserLogin parameter on the logon page. | 2022-02-11 | not yet calculated | CVE-2021-34235 MISC |
tp-link — routers |
The vulnerability exists in TP-Link TL-WR841N V11 3.16.9 Build 160325 Rel.62500n wireless router due to transmission of authentication information in cleartextbase64 format. Successful exploitation of this vulnerability could allow a remote attacker to intercept credentials and subsequently perform administrative operations on the affected device through web-based management interface. | 2022-02-09 | not yet calculated | CVE-2022-0162 MISC |
unzip — unzip |
A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | 2022-02-09 | not yet calculated | CVE-2022-0530 MISC |
unzip — unzip |
A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of wide string to local string that leads to a heap of out-of-bound writes. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. | 2022-02-09 | not yet calculated | CVE-2022-0529 MISC |
vim — vim |
Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. | 2022-02-10 | not yet calculated | CVE-2022-0554 MISC CONFIRM |
vm2 — vm2 |
The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of arbitrary code on the host machine. | 2022-02-11 | not yet calculated | CVE-2021-23555 CONFIRM CONFIRM |
wocu_monitoring — wocu_monitoring |
A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports. | 2022-02-11 | not yet calculated | CVE-2021-4035 CONFIRM |
xe-core — xe-core | XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. | 2022-02-09 | not yet calculated | CVE-2021-44911 MISC |
xe-core — xe-core |
In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL. | 2022-02-09 | not yet calculated | CVE-2021-44912 MISC |
xilinx — zynq7000_soc_devices |
On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000’s boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card’s transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM. | 2022-02-10 | not yet calculated | CVE-2021-44850 CONFIRM CONFIRM |
xmpie — ustore |
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database. | 2022-02-07 | not yet calculated | CVE-2022-23320 MISC MISC MISC MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue. | 2022-02-09 | not yet calculated | CVE-2022-23617 MISC MISC MISC CONFIRM |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password. | 2022-02-09 | not yet calculated | CVE-2022-23616 MISC CONFIRM |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it’s possible to guess if a user has an account on the wiki by using the “Forgot your password” form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue. | 2022-02-09 | not yet calculated | CVE-2022-23619 CONFIRM MISC MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue. | 2022-02-09 | not yet calculated | CVE-2022-23618 CONFIRM MISC MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like “../”, “./”. or “/” in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export. | 2022-02-09 | not yet calculated | CVE-2022-23620 CONFIRM MISC MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString(“/WEB-INF/xwiki.cfg”)`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right. | 2022-02-09 | not yet calculated | CVE-2022-23621 MISC CONFIRM MISC |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the “Prevent unregistered users from viewing pages, regardless of the page rights” box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type=”hidden” name=”xredirect” value=”$escapetool.xml($!request.xredirect)” />`. If for some reason it’s not possible to patch this file, another workaround is to ensure “Prevent unregistered users from viewing pages, regardless of the page rights” is not checked in the rights and apply a better right scheme using groups and rights on spaces. | 2022-02-09 | not yet calculated | CVE-2022-23622 MISC MISC CONFIRM |
xwiki — xwiki_platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access. | 2022-02-09 | not yet calculated | CVE-2022-23615 CONFIRM MISC MISC |
xylem — aquaview |
A Use of Hardcoded Credentials vulnerability exists in AquaView versions 1.60, 7.x, and 8.x that could allow an authenticated local attacker to manipulate users and system settings. | 2022-02-07 | not yet calculated | CVE-2021-42833 CERT CONFIRM |
zoom — chat |
The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources. | 2022-02-09 | not yet calculated | CVE-2022-22780 MISC |
zoom — keybase_client_for_macos_and_windows |
The Keybase Clients for macOS and Windows before version 5.9.0 fails to properly remove exploded messages initiated by a user. This can occur if the receiving user switches to a non-chat feature and places the host in a sleep state before the sending user explodes the messages. This could lead to disclosure of sensitive information which was meant to be deleted from a user’s filesystem. | 2022-02-09 | not yet calculated | CVE-2022-22779 MISC |
zzcms_2021 — zzcms_2021 |
Directory Traversal vulnerability exists in ZZCMS 2021 via the skin parameter in 1) index.php, 2) bottom.php, and 3) top_index.php. | 2022-02-09 | not yet calculated | CVE-2021-45286 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.