Vulnerability Summary for the Week of May 30, 2022

Posted by:

|

On:

|

Original release date: June 6, 2022

 

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
microsoft — windows_server_2012 Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. 2022-06-01 9.3 CVE-2022-30190
N/A

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 4.3 CVE-2022-20666
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 4.3 CVE-2022-20667
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 4.3 CVE-2022-20668
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 4.3 CVE-2022-20669
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 4.3 CVE-2022-20670
CISCO
cisco — common_services_platform_collector Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 4.3 CVE-2022-20671
CISCO
libmobi_project — libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-05-27 5.8 CVE-2022-1907
CONFIRM
MISC
libmobi_project — libmobi Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-05-27 5.8 CVE-2022-1908
CONFIRM
MISC
vim — vim Use After Free in GitHub repository vim/vim prior to 8.2. 2022-05-27 6.8 CVE-2022-1898
MISC
CONFIRM
FEDORA
FEDORA

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
organizr — organizr Cross-site Scripting (XSS) – Stored in GitHub repository causefx/organizr prior to 2.1.2200. 2022-05-27 3.5 CVE-2022-1909
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
389-ds-base — 389-ds-base
 
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data. 2022-06-02 not yet calculated CVE-2022-1949
MISC
dell — powerscale_onefs
 
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. 2022-06-01 not yet calculated CVE-2022-29098
CONFIRM
ncodeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_manage_account_details.php?booking_id=31&user_id= 2022-06-02 not yet calculated CVE-2022-30834
MISC
abb — e-design
 
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. 2022-06-02 not yet calculated CVE-2022-29483
MISC
abb — e-design
 
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. 2022-06-02 not yet calculated CVE-2022-28702
MISC
aceware — aceweb_online_portal
 
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp. 2022-06-02 not yet calculated CVE-2022-24238
MISC
MISC
MISC
aceware — aceweb_online_portal
 
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp. 2022-06-02 not yet calculated CVE-2022-24239
MISC
MISC
MISC
aceware — aceweb_online_portal
 
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp. 2022-06-02 not yet calculated CVE-2022-24240
MISC
MISC
MISC
aceware — aceweb_online_portal
 
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp. 2022-06-02 not yet calculated CVE-2022-24241
MISC
MISC
MISC
aceware — aceweb_online_portal
 
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software. 2022-06-02 not yet calculated CVE-2022-24581
MISC
MISC
MISC
adbyby — adbyby
 
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service (DoS) via high CPU usage due to a large number of connections. 2022-06-03 not yet calculated CVE-2022-29767
MISC
afian_filerun — afian_filerun
 
In Afian Filerun 20220202 Changing the “search_tika_path” variable to a custom (and previously uploaded) jar file results in remote code execution in the context of the webserver user. 2022-06-02 not yet calculated CVE-2022-30470
MISC
aleksis — aleksis-core
 
An access control issue in aleksis/core/util/auth_helpers.py: ClientProtectedResourceMixin of AlekSIS-Core v2.8.1 and below allows attackers to access arbitrary scopes if no allowed scopes are specifically set. 2022-06-03 not yet calculated CVE-2022-29773
MISC
allenhwkim — proctree
 
OS Command Injection vulnerability in allenhwkim proctree through 0.1.1 and commit 0ac10ae575459457838f14e21d5996f2fa5c7593 for Node.js, allows attackers to execute arbitrary commands via the fix function. 2022-06-02 not yet calculated CVE-2021-34082
MISC
MISC
apache — tika
 
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a denial of service caused by backtracking on a specially crafted file. This only affects users who are running the StandardsExtractingContentHandler, which is a non-standard handler. This is fixed in 1.28.3. 2022-05-31 not yet calculated CVE-2022-30973
CONFIRM
MLIST
appcheck — dnn_cms_platform
 
The AppCheck research team identified a Server-Side Request Forgery (SSRF) vulnerability within the DNN CMS platform, formerly known as DotNetNuke. SSRF vulnerabilities allow the attacker to exploit the target system to make network requests on their behalf, allowing a range of possible attacks. In the most common scenario, the attacker exploits SSRF vulnerabilities to attack systems behind the firewall and access sensitive information from Cloud Provider metadata services. 2022-06-02 not yet calculated CVE-2021-40186
MISC
argie — simple_inventory_system
 
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/login.php. 2022-06-02 not yet calculated CVE-2022-31339
MISC
argie — simple_inventory_system
 
Simple Inventory System v1.0 is vulnerable to SQL Injection via /inventory/table_edit_ajax.php. 2022-06-02 not yet calculated CVE-2022-31340
MISC
attlassian — multiple_procuts
 
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are from 1.3.0 before 7.4.17, from 7.13.0 before 7.13.7, from 7.14.0 before 7.14.3, from 7.15.0 before 7.15.2, from 7.16.0 before 7.16.4, from 7.17.0 before 7.17.4, and from 7.18.0 before 7.18.1. 2022-06-03 not yet calculated CVE-2022-26134
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/view_product.php?id=. 2022-06-02 not yet calculated CVE-2022-32001
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_sales_report&date=. 2022-06-02 not yet calculated CVE-2022-31985
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=reports/daily_court_rental_report&date=. 2022-06-02 not yet calculated CVE-2022-31986
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/manage_court.php?id=. 2022-06-02 not yet calculated CVE-2022-32002
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/courts/view_court.php?id=. 2022-06-02 not yet calculated CVE-2022-32003
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/products/manage_product.php?id=. 2022-06-02 not yet calculated CVE-2022-32004
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/services/view_service.php?id=. 2022-06-02 not yet calculated CVE-2022-32006
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/services/manage_service.php?id=. 2022-06-02 not yet calculated CVE-2022-32005
MISC
badminton — center_management_system
 
Badminton Center Management System V1.0 is vulnerable to SQL Injection via parameter ‘id’ in /bcms/admin/court_rentals/update_status.php. 2022-06-02 not yet calculated CVE-2022-30490
MISC
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_product. 2022-06-02 not yet calculated CVE-2022-31990
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=reports/daily_services_report&date=. 2022-06-02 not yet calculated CVE-2022-31988
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=user/manage_user&id=. 2022-06-02 not yet calculated CVE-2022-31989
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/classes/Master.php?f=delete_court. 2022-06-02 not yet calculated CVE-2022-31991
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/manage_service_transaction&id=. 2022-06-02 not yet calculated CVE-2022-32000
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=service_transactions/view_details&id=. 2022-06-02 not yet calculated CVE-2022-31998
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=court_rentals/view_court_rental&id=. 2022-06-02 not yet calculated CVE-2022-31992
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_service. 2022-06-02 not yet calculated CVE-2022-31993
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via /bcms/admin/?page=sales/view_details&id. 2022-06-02 not yet calculated CVE-2022-31994
MISC
badminton — center_management_system
 
Badminton Center Management System v1.0 is vulnerable to SQL Injection via bcms/admin/?page=sales/manage_sale&id=. 2022-06-02 not yet calculated CVE-2022-31996
MISC
barco — control_room_mangement_suite Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization in the upload mechanism is leads to reflected XSS. 2022-06-02 not yet calculated CVE-2022-26976
MISC
MISC
barco — control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /cgi-bin endpoint. The URL parameters are not correctly sanitized, leading to reflected XSS. 2022-06-02 not yet calculated CVE-2022-26972
MISC
MISC
barco — control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. This upload can be executed without authentication. 2022-06-02 not yet calculated CVE-2022-26971
MISC
MISC
barco — control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a file upload mechanism. Lack of input sanitization in the upload mechanism leads to reflected XSS. 2022-06-02 not yet calculated CVE-2022-26974
MISC
MISC
barco — control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. By tweaking the license file name, the returned error message exposes internal directory path details. 2022-06-02 not yet calculated CVE-2022-26973
MISC
MISC
barco — control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing log files without authentication. 2022-06-02 not yet calculated CVE-2022-26975
MISC
MISC
barco — control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a license file upload mechanism. Lack of input sanitization of the upload mechanism is leads to stored XSS. 2022-06-02 not yet calculated CVE-2022-26977
MISC
MISC
barco — control_room_mangement_suite
 
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is exposing a URL /checklogin.jsp endpoint. The os_username parameters is not correctly sanitized, leading to reflected XSS. 2022-06-02 not yet calculated CVE-2022-26978
MISC
MISC
bbs-go — bbs-go
 
bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. 2022-06-02 not yet calculated CVE-2021-38221
MISC
MISC
bbultman — gitsome
 
OS Command Injection vulnerability in bbultman gitsome through 0.2.3 allows attackers to execute arbitrary commands via a crafted tag name of the target git repository. 2022-06-02 not yet calculated CVE-2021-34081
MISC
MISC
bd — pyxis
 
Specific BD Pyxis™ products were installed with default credentials and may presently still operate with these credentials. There may be scenarios where BD Pyxis™ products are installed with the same default local operating system credentials or domain-joined server(s) credentials that may be shared across product types. If exploited, threat actors may be able to gain privileged access to the underlying file system and could potentially exploit or gain access to ePHI or other sensitive information. 2022-06-02 not yet calculated CVE-2022-22767
CONFIRM
bd_synapsys
 
BD Synapsys™, versions 4.20, 4.20 SR1, and 4.30, contain an insufficient session expiration vulnerability. If exploited, threat actors may be able to access, modify or delete sensitive information, including electronic protected health information (ePHI), protected health information (PHI) and personally identifiable information (PII). 2022-06-02 not yet calculated CVE-2022-30277
CONFIRM
bfabiszewski — libmobi
 
Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11. 2022-06-03 not yet calculated CVE-2022-1987
CONFIRM
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4.1, an attacker could send messages to a locked chat within a grace period of 5s after the lock setting was enacted. The attacker needs to be a participant in the meeting. Versions 2.3.18 and 2.4.1 contain a patch for this issue. There are currently no known workarounds. 2022-06-02 not yet calculated CVE-2022-29234
MISC
MISC
MISC
MISC
CONFIRM
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker who is able to obtain the meeting identifier for a meeting on a server can find information related to an external video being shared, like the current timestamp and play/pause. The problem has been patched in versions 2.3.18 and 2.4-rc-6 by modifying the stream to send the data only for users in the meeting. There are currently no known workarounds. 2022-06-02 not yet calculated CVE-2022-29235
MISC
CONFIRM
MISC
MISC
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source web conferencing system. Versions starting with 2.2 and prior to 2.3.19, 2.4.7, and 2.5.0-beta.2 are vulnerable to regular expression denial of service (ReDoS) attacks. By using specific a RegularExpression, an attacker can cause denial of service for the bbb-html5 service. The useragent library performs checking of device by parsing the input of User-Agent header and lets it go through lookupUserAgent() (alias of useragent.lookup() ). This function handles input by regexing and attackers can abuse that by providing some ReDos payload using `SmartWatch`. The maintainers removed `htmlclient/useragent` from versions 2.3.19, 2.4.7, and 2.5.0-beta.2. As a workaround, disable NginX forwarding the requests to the handler according to the directions in the GitHub Security Advisory. 2022-06-01 not yet calculated CVE-2022-29169
MISC
CONFIRM
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source web conferencing system. Starting in version 2.2 and up to versions 2.3.18 and 2.4-rc-6, an attacker can circumvent access restrictions for drawing on the whiteboard. The permission check is inadvertently skipped on the server, due to a previously introduced grace period. The attacker must be a meeting participant. The problem has been patched in versions 2.3.18 and 2.4-rc-6. There are currently no known workarounds. 2022-06-02 not yet calculated CVE-2022-29236
CONFIRM
MISC
MISC
MISC
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source web conferencing system. Starting with version 2.2 and prior to versions 2.3.9 and 2.4-beta-1, an attacker can circumvent access controls to obtain the content of public chat messages from different meetings on the server. The attacker must be a participant in a meeting on the server. BigBlueButton versions 2.3.9 and 2.4-beta-1 contain a patch for this issue. There are currently no known workarounds. 2022-06-01 not yet calculated CVE-2022-29232
CONFIRM
MISC
MISC
MISC
bigbluebutton — bigbluebutton
 
BigBlueButton is an open source web conferencing system. In BigBlueButton starting with 2.2 but before 2.3.18 and 2.4-rc-1, an attacker can circumvent access controls to gain access to all breakout rooms of the meeting they are in. The permission checks rely on knowledge of internal ids rather than on verification of the role of the user. Versions 2.3.18 and 2.4-rc-1 contain a patch for this issue. There are currently no known workarounds. 2022-06-02 not yet calculated CVE-2022-29233
MISC
MISC
CONFIRM
MISC
MISC
bitdefender — eufy_indoor_2k_indoor_camera
 
A Buffer Overflow vulnerability in the RSTP server component of Eufy Indoor 2K Indoor Camera allows a local attacker to achieve remote code execution. This issue affects: Eufy Indoor 2K Indoor Camera 2.0.9.3 version and prior versions. 2022-05-31 not yet calculated CVE-2021-3555
CONFIRM
black_rainbow — nimbus
 
Black Rainbow NIMBUS before 3.7.0 allows stored Cross-site Scripting (XSS). 2022-06-02 not yet calculated CVE-2022-24967
MISC
MISC
bleve — bleve
 
Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit handling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. There is no patch for this issue because the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases. 2022-06-01 not yet calculated CVE-2022-31022
CONFIRM
MISC
bonitasoft — bonita-web
 
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an overly broad exclude pattern used in the RestAPIAuthorizationFilter. By appending ;i18ntranslation or /../i18ntranslation/ to the end of a URL, users with no privileges can access privileged API endpoints. This can lead to remote code execution by abusing the privileged API actions. 2022-06-02 not yet calculated CVE-2022-25237
MISC
MISC
bottlepy — bottle
 
Bottle before 0.12.20 mishandles errors during early request binding. 2022-06-02 not yet calculated CVE-2022-31799
MISC
MISC
MISC
browsbox — cms
 
BrowsBox CMS v4.0 was discovered to contain a SQL injection vulnerability. 2022-06-02 not yet calculated CVE-2022-29704
MISC
MISC
caddy_server — caddy
 
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. 2022-06-02 not yet calculated CVE-2022-29718
MISC
car_rental_management_system — car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /ip/car-rental-management-system/admin/ajax.php?action=login. 2022-06-02 not yet calculated CVE-2022-32022
MISC
car_rental_management_system — car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via car-rental-management-system/admin/ajax.php?action=save_car. 2022-06-02 not yet calculated CVE-2022-32019
MISC
car_rental_management_system — car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via car-rental-management-system/booking.php?car_id=. 2022-06-02 not yet calculated CVE-2022-32024
MISC
car_rental_management_system — car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/view_car.php?id=. 2022-06-02 not yet calculated CVE-2022-32025
MISC
car_rental_management_system — car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_booking.php?id=. 2022-06-02 not yet calculated CVE-2022-32026
MISC
car_rental_management_system — car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/index.php?page=manage_car&id=. 2022-06-02 not yet calculated CVE-2022-32027
MISC
car_rental_management_system — car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_user.php?id=. 2022-06-02 not yet calculated CVE-2022-32028
MISC
car_rental_management_system — car_rental_management_system
 
Car Rental Management System v1.0 is vulnerable to SQL Injection via /car-rental-management-system/admin/manage_movement.php?id=. 2022-06-02 not yet calculated CVE-2022-32021
MISC
car_rental_management_system — car_rental_management_system Car Rental Management System v1.0 is vulnerable to Arbitrary code execution via ip/car-rental-management-system/admin/ajax.php?action=save_settings. 2022-06-02 not yet calculated CVE-2022-32020
MISC
chatbot — chatbot_app_with_suggestion ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=user/manage_user&id=. 2022-06-02 not yet calculated CVE-2022-31969
MISC
chatbot — chatbot_app_with_suggestion ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/manage_response&id=. 2022-06-02 not yet calculated CVE-2022-31970
MISC
chatbot — chatbot_app_with_suggestion ChatBot App with Suggestion v1.0 is vulnerable to Delete any file via /simple_chat_bot/classes/Master.php?f=delete_img. 2022-06-02 not yet calculated CVE-2022-31966
MISC
chatbot — chatbot_app_with_suggestion ChatBot App with Suggestion v1.0 is vulnerable to SQL Injection via /simple_chat_bot/admin/?page=responses/view_response&id=. 2022-06-02 not yet calculated CVE-2022-31971
MISC
cisco — common_services_platform_collector_software
 
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20674
CISCO
cisco — common_services_platform_collector_software
 
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20673
CISCO
cisco — common_services_platform_collector_software
 
Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-27 not yet calculated CVE-2022-20672
CISCO
cisco — enterprise_chat_and_email
 
A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials. 2022-05-27 not yet calculated CVE-2022-20802
CISCO
cisco — multiple_products
 
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-27 not yet calculated CVE-2022-20806
CISCO
cisco — multiple_products
 
Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-27 not yet calculated CVE-2022-20807
CISCO
cisco — secure_network_analytics
 
A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly. 2022-05-27 not yet calculated CVE-2022-20797
CISCO
cisco — ucs_director
 
A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms. 2022-05-27 not yet calculated CVE-2022-20765
CISCO
coalfire — winaprs
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in DIGI address processing for VHF KISS packets allows a remote attacker to cause a denial of service (daemon crash) via a malicious AX.25 packet over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-06-02 not yet calculated CVE-2022-24700
MISC
MISC
coalfire — winaprs
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in the VHF KISS TNC component allows a remote attacker to achieve remote code execution via malicious AX.25 packets over the air. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-06-02 not yet calculated CVE-2022-24702
MISC
MISC
MISC
MISC
coalfire — winaprs
 
** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in WinAPRS 2.9.0. A buffer overflow in national.txt processing allows a local attacker to cause a denial of service or possibly achieve code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. 2022-06-02 not yet calculated CVE-2022-24701
MISC
MISC
codeastro — simple_bus_ticket_booking_system
 
Simple Bus Ticket Booking System 1.0 is vulnerable to SQL Injection via /SimpleBusTicket/index.php. 2022-06-02 not yet calculated CVE-2022-30817
MISC
codeastro — wedding_management_system Wedding Management System v1.0 is vulnerable to SQL Injection via adminblog_events_edit.php. 2022-06-02 not yet calculated CVE-2022-30823
MISC
codeastro — wedding_management_system Wedding Management System v1.0 is vulnerable to SQL Injection via adminclient_assign.php. 2022-06-02 not yet calculated CVE-2022-30826
MISC
codeastro — wedding_management_system Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_edit.php?booking=31&user_id=. 2022-06-02 not yet calculated CVE-2022-30833
MISC
codeastro — wedding_management_system Wedding Management System v1.0 is vulnerable to SQL Injection via adminclient_edit.php. 2022-06-02 not yet calculated CVE-2022-30825
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via adminpackage_edit.php. 2022-06-02 not yet calculated CVE-2022-30827
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via adminphotos_edit.php. 2022-06-02 not yet calculated CVE-2022-30828
MISC
codeastro — wedding_management_system
 
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “users_profile.php” file. 2022-06-02 not yet calculated CVE-2022-30822
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via adminfeature_edit.php. 2022-06-02 not yet calculated CVE-2022-30830
MISC
codeastro — wedding_management_system
 
In Wedding Management System v1.0, the editing function of the “Services” module in the background management system has an arbitrary file upload vulnerability in the picture upload point of “package_edit.php” file. 2022-06-02 not yet calculated CVE-2022-30821
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via Wedding-Management/wedding_details.php. 2022-06-02 not yet calculated CVE-2022-30831
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL injection via /Wedding-Management/admin/blog_events_edit.php?id=31. 2022-06-02 not yet calculated CVE-2022-30818
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via /Wedding-Management/admin/client_assign.php?booking=31&user_id=. 2022-06-02 not yet calculated CVE-2022-30832
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection. via /Wedding-Management/admin/budget.php?booking_id=. 2022-06-02 not yet calculated CVE-2022-30835
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection. via Wedding-Management/admin/select.php. 2022-06-02 not yet calculated CVE-2022-30836
MISC
codeastro — wedding_management_system
 
Wedding Management System v1.0 is vulnerable to SQL Injection via adminusers_edit.php. 2022-06-02 not yet calculated CVE-2022-30829
MISC
codeastro — wedding_management_system
 
In Wedding Management v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “users_edit.php” file. 2022-06-02 not yet calculated CVE-2022-30820
MISC
codeastro — wedding_management_system
 
In Wedding Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of “photos_edit.php” file. 2022-06-02 not yet calculated CVE-2022-30819
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/category/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-32013
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=category&search=. 2022-06-02 not yet calculated CVE-2022-32015
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/employee/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-32012
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/applicants/index.php?view=view&id=. 2022-06-02 not yet calculated CVE-2022-32011
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/user/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-32010
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via eris/admin/vacancy/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-32008
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/admin/company/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-32007
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bycompany. 2022-06-02 not yet calculated CVE-2022-32016
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=byfunction. 2022-06-02 not yet calculated CVE-2022-32014
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=result&searchfor=bytitle. 2022-06-02 not yet calculated CVE-2022-32017
MISC
complete_online_job_search_system — complete_online_job_search_system
 
Complete Online Job Search System v1.0 is vulnerable to SQL Injection via /eris/index.php?q=hiring&search=. 2022-06-02 not yet calculated CVE-2022-32018
MISC
couchbase_server
 
Couchbase Server before 7.1.0 has Incorrect Access Control. 2022-06-02 not yet calculated CVE-2021-33504
MISC
MISC
creatiwity — witycms
 
An arbitrary file upload in the image upload component of wityCMS v0.6.2 allows attackers to execute arbitrary code via a crafted PHP file. 2022-06-02 not yet calculated CVE-2022-29725
MISC
cveproject — cve-services
 
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in ‘data.js’ has potential for production secrets to be written to disk. The affected method writes the generated randomKey to disk if the environment is not development. If this method were called in production, it is possible that it would write the plaintext key to disk. A patch is not available as of time of publication but is anticipated as a “hot fix” for version 1.1.1 and for the 2.x branch. 2022-06-02 not yet calculated CVE-2022-31004
MISC
CONFIRM
d-link — dir-890l
 
** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-890L 1.20b01 allows attackers to execute arbitrary code due to the hardcoded option Wake-On-Lan for the parameter ‘descriptor’ at SetVirtualServerSettings.php. 2022-06-03 not yet calculated CVE-2022-29778
MISC
MISC
d-link — dir-890l_dir890la1_fw107b09
 
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. 2022-06-02 not yet calculated CVE-2022-30521
MISC
MISC
dell — bsafe_micro_edition_suite
 
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability. 2022-06-01 not yet calculated CVE-2020-26184
CONFIRM
dell — bsafe_micro_edition_suite
 
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. 2022-06-01 not yet calculated CVE-2020-26185
CONFIRM
dell — emc_powerstore
 
Dell EMC PowerStore versions 2.0.0.x, 2.0.1.x, and 2.1.0.x are vulnerable to a command injection flaw. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application’s underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system takeover by an attacker. 2022-06-02 not yet calculated CVE-2022-26868
CONFIRM
dell — multiple_products
 
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. 2022-06-02 not yet calculated CVE-2022-29084
CONFIRM
dell — multiple_products
 
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. 2022-06-02 not yet calculated CVE-2022-29085
CONFIRM
dell — powerstore
 
PowerStore SW v2.1.1.0 supports the option to export data to either a CSV or an XLSX file. The data is taken as is, without any validation or sanitization. It allows a malicious, authenticated user to inject payloads that might get interpreted as formulas by the corresponding spreadsheet application that is being used to open the CSV/XLSX file. 2022-06-02 not yet calculated CVE-2022-26867
CONFIRM
dell — powerstore
 
Dell PowerStore Versions before v2.1.1.0. contains a Stored Cross-Site Scripting vulnerability. A high privileged network attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 2022-06-02 not yet calculated CVE-2022-26866
CONFIRM
dell — powerstore
 
PowerStore contains Plain-Text Password Storage Vulnerability in PowerStore X & T environments running versions 2.0.0.x and 2.0.1.x A locally authenticated attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. 2022-06-02 not yet calculated CVE-2022-22557
CONFIRM
dell — powerstore
 
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. 2022-06-02 not yet calculated CVE-2022-26869
CONFIRM
delll — powerstore
 
Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. 2022-06-02 not yet calculated CVE-2022-22556
CONFIRM
delta_controls — entelitouch
 
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 allows attackers to execute arbitrary commands via a crafted HTTP request. 2022-06-02 not yet calculated CVE-2022-29735
MISC
MISC
delta_controls — entelitouch
 
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to transmit and store sensitive information in cleartext. This vulnerability allows attackers to intercept HTTP Cookie authentication credentials via a man-in-the-middle attack. 2022-06-02 not yet calculated CVE-2022-29733
MISC
MISC
delta_controls — entelitouch
 
Delta Controls enteliTOUCH 3.40.3935, 3.40.3706, and 3.33.4005 was discovered to contain a cross-site scripting (XSS) vulnerability via the Username parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. 2022-06-02 not yet calculated CVE-2022-29732
MISC
MISC
dhis2 — dhis2
 
DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the `/api/programs/orgUnits?programs=` API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from users that are logged in to DHIS2, and there is no known way of exploiting the vulnerability without first being logged in as a DHIS2 user. The vulnerability is not exposed to a non-malicious user and requires a conscious attack to be exploited. A successful exploit of this vulnerability could allow the malicious user to read, edit and delete data in the DHIS2 instance’s database. Security patches are now available for DHIS2 versions 2.36.10.1 and 2.37.6.1. One may apply mitigations at the web proxy level as a workaround. More information about these mitigations is available in the GitHub Security Advisory. 2022-06-01 not yet calculated CVE-2022-24848
MISC
MISC
MISC
CONFIRM
drupal — saml_sp
 
Multiple vulnerabilities vulnerability in Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider in certain non-default configurations allow a malicious user to login as any chosen user. The vulnerability is mitigated by the module’s default settings which require the options “Either sign SAML assertions” and “x509 certificate”. This issue affects: Drupal SAML SP 2.0 Single Sign On (SSO) – SAML Service Provider 8.x version 8.x-2.24 and prior versions; 7.x version 7.x-2.57 and prior versions. 2022-06-03 not yet calculated CVE-2022-26493
CONFIRM
drytents — curekit
 
In CureKit versions v1.0.1 through v1.1.3 are vulnerable to path traversal as the function isFileOutsideDir fails to sanitize the user input which may lead to path traversal. 2022-05-31 not yet calculated CVE-2022-23082
MISC
CONFIRM
ecommerce-project-with-php-and-mysqli-fruits-bazar — ecommerce-project-with-php-and-mysqli-fruits-bazar
 
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar- 1.0 is vulnerable to Cross Site Scripting (XSS) in adminadd_cata.php via the ctg_name parameters. 2022-06-02 not yet calculated CVE-2022-30482
MISC
MISC
MISC
ecommerce-project-with-php-and-mysqli-fruits-bazar — ecommerce-project-with-php-and-mysqli-fruits-bazar
 
Ecommerce-project-with-php-and-mysqli-Fruits-Bazar 1.0 is vulnerable to SQL Injection in search_product.php via the keyword parameters. 2022-06-02 not yet calculated CVE-2022-30478
MISC
MISC
MISC
eg_innovations — eg_agent
 
eG Agent before 7.2 has weak file permissions that enable escalation of privileges to SYSTEM. 2022-06-02 not yet calculated CVE-2022-29594
MISC
egavilan_media — contact-form-with-messages-entry-management
 
EGavilan Media Contact-Form-With-Messages-Entry-Management 1.0 is vulnerable to SQL Injection via Addmessage.php. This allows a remote attacker to compromise Application SQL database. 2022-06-02 not yet calculated CVE-2021-44097
MISC
MISC
egavilan_media — expense-management-system
 
EGavilan Media Expense-Management-System 1.0 is vulnerable to SQL Injection via /expense_action.php. This allows a remote attacker to compromise Application SQL database. 2022-06-02 not yet calculated CVE-2021-44098
MISC
MISC
egavilan_media — user-registration-and-login-system-with-admin-panel
 
EGavilan Media User-Registration-and-Login-System-With-Admin-Panel 1.0 is vulnerable to SQL Injection via profile_action – update_user. This allows a remote attacker to compromise Application SQL database. 2022-06-02 not yet calculated CVE-2021-44096
MISC
MISC
elabftw — elabftw
 
eLabFTW is an electronic lab notebook manager for research teams. Prior to version 4.3.0, a vulnerability allows an authenticated user with an administrator role in a team to assign itself system administrator privileges within the application, or create a new system administrator account. The issue has been corrected in eLabFTW version 4.3.0. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A system administrator account can manage all accounts, teams and edit system-wide settings within the application. The impact is not deemed as high, as it requires the attacker to have access to an administrator account. Regular user accounts cannot exploit this to gain admin rights. A workaround for one if the issues is removing the ability of administrators to create accounts. 2022-05-31 not yet calculated CVE-2022-31007
CONFIRM
MISC
elitecms — elitecms
 
elitecms 1.0.1 is vulnerable to Arbitrary code execution via admin/manage_uploads.php. 2022-06-02 not yet calculated CVE-2022-30808
MISC
elitecms — elitecms
 
elitecms v1.01 is vulnerable to Delete any file via /admin/delete_image.php?file=. 2022-06-02 not yet calculated CVE-2022-30804
MISC
elitecms — elitecms
 
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_sidebar.php. 2022-06-02 not yet calculated CVE-2022-30816
MISC
elitecms — elitecms
 
elitecms 1.01 is vulnerable to SQL Injection via admin/edit_sidebar.php?page=2&sidebar= 2022-06-02 not yet calculated CVE-2022-30815
MISC
elitecms — elitecms
 
elitecms v1.01 is vulnerable to SQL Injection via /admin/add_sidebar.php. 2022-06-02 not yet calculated CVE-2022-30814
MISC
elitecms — elitecms
 
elitecms 1.01 is vulnerable to SQL Injection via /admin/add_post.php. 2022-06-02 not yet calculated CVE-2022-30813
MISC
elitecms — elitecms
 
elitecms v1.01 is vulnerable to SQL Injection via admin/edit_post.php. 2022-06-02 not yet calculated CVE-2022-30810
MISC
elitecms — elitecms
 
elitecms 1.01 is vulnerable to SQL Injection via /admin/edit_page.php?page=. 2022-06-02 not yet calculated CVE-2022-30809
MISC
embedhis — appweb_community_edition
 
An issue was discovered in src/http/httpLib.c in EmbedThis Appweb Community Edition 8.2.1, allows attackers to cause a denial of service via the stream paramter to the parseUri function. 2022-06-02 not yet calculated CVE-2021-33254
MISC
fedora — fedora
 
With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference. 2022-06-02 not yet calculated CVE-2022-1789
MISC
MISC
MISC
FEDORA
FEDORA
FEDORA
flightradar24 — flightradar24
 
An issue was discovered in FlightRadar24 v8.9.0, v8.10.0, v8.10.2, v8.10.3, v8.10.4 for Android, allows attackers to cause unspecified consequences due to being able to decompile a local application and extract their API keys. 2022-06-02 not yet calculated CVE-2021-43512
MISC
MISC
MISC
flower — flower
 
Flower, a web UI for the Celery Python RPC framework, all versions as of 05-02-2022 is vulnerable to an OAuth authentication bypass. An attacker could then access the Flower API to discover and invoke arbitrary Celery RPC calls or deny service by shutting down Celery task nodes. 2022-06-02 not yet calculated CVE-2022-30034
MISC
MISC
fluid_attacks — keep_my_notes
 
An attacker with physical access to the victim’s device can bypass the application’s password/pin lock to access user data. This is possible due to lack of adequate security controls to prevent dynamic code manipulation. 2022-06-02 not yet calculated CVE-2022-1716
MISC
MISC
food-order-and-table-reservation-system — food-order-and-table-reservation-system
 
Food-order-and-table-reservation-system- 1.0 is vulnerable to SQL Injection in categorywise-menu.php via the catid parameters. 2022-06-02 not yet calculated CVE-2022-30481
MISC
MISC
MISC
form.io — form.io
 
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. 2022-06-02 not yet calculated CVE-2020-28246
MISC
MISC
freeswitch — sofia-sip
 
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) – 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. 2022-05-31 not yet calculated CVE-2022-31001
MISC
CONFIRM
freeswitch — sofia-sip
 
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. 2022-05-31 not yet calculated CVE-2022-31002
MISC
CONFIRM
freeswitch — sofia-sip
 
Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. 2022-05-31 not yet calculated CVE-2022-31003
MISC
CONFIRM
freetype_demo_programs — freetype_demo_programs
 
ftbench.c in FreeType Demo Programs through 2.12.1 has a heap-based buffer overflow. 2022-06-02 not yet calculated CVE-2022-31782
MISC
friendsofflarum — upload
 
FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files (‘image/svg+xml’), navigating directly to an SVG file URI could execute arbitrary Javascript code decided by an attacker. This Javascript code could include the execution of HTTP web requests to Flarum, or any other web service. This could allow data to be leaked by an authenticated Flarum user, or, possibly, for data to be modified maliciously. This issue has been patched with v1.2.3, which now sanitizes uploaded SVG files. As a workaround, remove the ability for users to upload SVG files through FoF Upload. 2022-06-02 not yet calculated CVE-2022-30999
MISC
MISC
MISC
CONFIRM
gitee — tpcms
 
An arbitrary file upload vulnerability in the Add File function of TPCMS v3.2 allows attackers to execute arbitrary code via a crafted PHP file. 2022-06-02 not yet calculated CVE-2022-29624
MISC
MISC
gitee — ofcms
 
OFCMS v1.1.4 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/comn/service/update.json. 2022-06-02 not yet calculated CVE-2022-29653
MISC
github-action-merge-dependabot — github-action-merge-dependabot
 
github-action-merge-dependabot is an action that automatically approves and merges dependabot pull requests (PRs). Prior to version 3.2.0, github-action-merge-dependabot does not check if a commit created by dependabot is verified with the proper GPG key. There is just a check if the actor is set to `dependabot[bot]` to determine if the PR is a legit PR. Theoretically, an owner of a seemingly valid and legit action in the pipeline can check if the PR is created by dependabot and if their own action has enough permissions to modify the PR in the pipeline. If so, they can modify the PR by adding a second seemingly valid and legit commit to the PR, as they can set arbitrarily the username and email in for commits in git. Because the bot only checks if the actor is valid, it would pass the malicious changes through and merge the PR automatically, without getting noticed by project maintainers. It would probably not be possible to determine where the malicious commit came from, as it would only say `dependabot[bot]` and the corresponding email-address. Version 3.2.0 contains a patch for this issue. 2022-05-31 not yet calculated CVE-2022-29220
MISC
CONFIRM
MISC
go-gitea — gitea
 
Cross-site Scripting (XSS) – Stored in GitHub repository go-gitea/gitea prior to 1.16.9. 2022-05-29 not yet calculated CVE-2022-1928
MISC
CONFIRM
gogs — gogs
 
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8. 2022-06-01 not yet calculated CVE-2022-1285
MISC
CONFIRM
gogs– gogs
 
Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with “” as its name, and then rename this file to .git/config with the custom configuration content (and then save it). 2022-06-02 not yet calculated CVE-2021-32546
MISC
MISC
google — google-it
 
Google-it is a Node.js package which allows its users to send search queries to Google and receive the results in a JSON format. When using the ‘Open in browser’ option in versions up to 1.6.2, google-it will unsafely concat the result’s link retrieved from google to a shell command, potentially exposing the server to RCE. 2022-06-02 not yet calculated CVE-2021-34083
MISC
MISC
MISC
hackerone — curl A insufficiently protected credentials vulnerability in fixed in curl 7.83.0 might leak authentication or cookie header data on HTTP redirects to the same host but another port number. 2022-06-02 not yet calculated CVE-2022-27776
MISC
hackerone — curl
 
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or the otherway around – by having the trailing dot in the HSTS cache and *not* using thetrailing dot in the URL. 2022-06-02 not yet calculated CVE-2022-30115
MISC
hackerone — curl
 
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, several TLS andSSH settings were left out from the configuration match checks, making themmatch too easily. 2022-06-02 not yet calculated CVE-2022-27782
MISC
hackerone — curl
 
An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead. 2022-06-02 not yet calculated CVE-2022-27775
MISC
hackerone — curl
 
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server’s certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation. 2022-06-02 not yet calculated CVE-2022-27781
MISC
hackerone — curl
 
The curl URL parser wrongly accepts percent-encoded URL separators like ‘/’when decoding the host name part of a URL, making it a *different* URL usingthe wrong host name when it is later retrieved.For example, a URL like `http://example.com%2F127.0.0.1/`, would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters, checks and more. 2022-06-02 not yet calculated CVE-2022-27780
MISC
hackerone — curl
 
libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl’s “cookie engine” can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain. 2022-06-02 not yet calculated CVE-2022-27779
MISC
hackerone — curl
 
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `–no-clobber` is used together with `–remove-on-error`. 2022-06-02 not yet calculated CVE-2022-27778
MISC
hackerone — curl
 
An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. 2022-06-02 not yet calculated CVE-2022-27774
MISC
hashicorp — multipule_products
 
HashiCorp Nomad and Nomad Enterprise version 0.2.0 up to 1.3.0 were impacted by go-getter vulnerabilities enabling privilege escalation through the artifact stanza in submitted jobs onto the client agent host. Fixed in 1.1.14, 1.2.8, and 1.3.1. 2022-06-02 not yet calculated CVE-2022-30324
MISC
MISC
hcl_software — traveler
 
The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment. 2022-05-27 not yet calculated CVE-2021-27780
CONFIRM
hcl_software — traveler
 
The Master operator may be able to embed script tag in HTML with alert pop-up display cookie. 2022-05-27 not yet calculated CVE-2021-27781
CONFIRM
hcl_software — traveler
 
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. 2022-06-01 not yet calculated CVE-2021-27778
CONFIRM
horner_automation — ccscape_csfont
 
The affected product is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. 2022-06-02 not yet calculated CVE-2022-27184
MISC
horner_automation — cscape – csfont
 
The affected product is vulnerable to a heap-based buffer overflow via uninitialized pointer, which may allow an attacker to execute arbitrary code 2022-06-02 not yet calculated CVE-2022-30540
MISC
horner_automation — cscape_csfont
 
The affected product is vulnerable to an out-of-bounds write via uninitialized pointer, which may allow an attacker to execute arbitrary code. 2022-06-02 not yet calculated CVE-2022-28690
MISC
horner_automation — cscape_csfont
 
The affected product is vulnerable to an out-of-bounds read via uninitialized pointer, which may allow an attacker to execute arbitrary code. 2022-06-02 not yet calculated CVE-2022-29488
MISC
ibm — multiple_products
 
IBM Business Automation Workflow traditional 21.0.1 through 21.0.3, 20.0.0.1 through 20.0.0.2, 19.0.0.1 through 19.0.0.3, 18.0.0.0 through 18.0.0.1, IBM Business Automation Workflow containers V21.0.1 – V21.0.3 20.0.0.1 through 20.0.0.2, IBM Business Process Manager 8.6.0.0 through 8.6.0.201803, and 8.5.0.0 through 8.5.0.201706 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. 2022-05-31 not yet calculated CVE-2022-22361
XF
CONFIRM
ict — protege_gxwx
 
An access control issue in ICT Protege GX/WX 2.08 allows attackers to leak SHA1 password hashes of other users. 2022-06-02 not yet calculated CVE-2022-29731
MISC
MISC
ict — protege_gxwx
 
A cross-site scripting (XSS) vulnerability in ICT Protege GX/WX v2.08 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. 2022-06-02 not yet calculated CVE-2022-29734
MISC
MISC
idce_mv’s_application — idce_mv’s_application
 
SQL injection in Logon Page of IDCE MV’s application, version 1.0, allows an attacker to inject SQL payloads in the user field, connecting to a database to access enterprise’s private and sensitive information. 2022-06-02 not yet calculated CVE-2022-30496
MISC
MISC
janobe — online_ordering_system
 
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-31335
MISC
janobe — online_ordering_system
 
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. 2022-06-02 not yet calculated CVE-2022-31336
MISC
janobe — online_ordering_system
 
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-31337
MISC
janobe — online_ordering_system
 
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-31338
MISC
janobe — online_ordering_system_by_janobe
 
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. 2022-06-02 not yet calculated CVE-2022-31329
MISC
janobe — online_ordering_system_by_janobe
 
Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. 2022-06-02 not yet calculated CVE-2022-31328
MISC
janobe — online_ordering_system_by_janobe
 
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. 2022-06-02 not yet calculated CVE-2022-31327
MISC
jfinal_cms — jfinal_cms
 
A cross-site scripting (XSS) vulnerability in Jfinal CMS v5.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted X-Forwarded-For request. 2022-06-02 not yet calculated CVE-2022-29648
MISC
jfrog — devcert_npm_package
 
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the devcert npm package, when an attacker is able to supply arbitrary input to the certificateFor method 2022-06-02 not yet calculated CVE-2022-1929
MISC
jfrog — jquery-validation_npm_package
 
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method 2022-06-02 not yet calculated CVE-2021-43306
MISC
jfrog — markdown-link-extractor_npm_package
 
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module’s exported function 2022-06-02 not yet calculated CVE-2021-43308
MISC
jfrog — semver-regex_npm_package
 
An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method 2022-06-02 not yet calculated CVE-2021-43307
MISC
keysight_technologies — multiple_products
 
The affected products are vulnerable to directory traversal, which may allow an attacker to obtain arbitrary operating system files. 2022-06-02 not yet calculated CVE-2022-1661
MISC
keysight_technologies — keysight_n6854a_and_n6841a_rf
 
The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. 2022-06-02 not yet calculated CVE-2022-1660
MISC
knime — analytics_platform In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. 2022-06-02 not yet calculated CVE-2022-31500
MISC
MISC
krcert/cc — maxboard
 
SQL injection and Local File Inclusion (LFI) vulnerabilities in MaxBoard can cause information leakage and privilege escalation. This vulnerabilities can be exploited by manipulating a variable with a desired value and inserting and arbitrary file. 2022-06-02 not yet calculated CVE-2021-26633
MISC
krcert/cc — maxboard
 
In the code that verifies the file size in the ark library, it is possible to manipulate the offset read from the target file due to the wrong use of the data type. An attacker could use this vulnerability to cause a stack buffer overflow and as a result, perform an attack such as remote code execution. 2022-06-02 not yet calculated CVE-2021-26635
MISC
krcert/cc — maxboard
 
SQL injection and file upload attacks are possible due to insufficient validation of input values in some parameters and variables of files compromising Maxboard, which may lead to arbitrary code execution or privilege escalation. Attackers can use these vulnerabilities to perform attacks such as stealing server management rights using a web shell. 2022-06-02 not yet calculated CVE-2021-26634
MISC
libdwarf — libdwarf libdwarf 0.4.0 has a heap-based buffer over-read in _dwarf_check_string_valid in dwarf_util.c. 2022-06-02 not yet calculated CVE-2022-32200
MISC
MISC
MISC
libinput — libinput
 
A format string vulnerability was found in libinput 2022-06-02 not yet calculated CVE-2022-1215
MISC
libjpeg — libjpeg
 
libjpeg 1.63 has a heap-based buffer over-read in HierarchicalBitmapRequester::FetchRegion in hierarchicalbitmaprequester.cpp because the MCU size can be different between allocation and use. 2022-06-02 not yet calculated CVE-2022-31796
MISC
MISC
libjpeg — libjpeg
 
In libjpeg 1.63, there is a NULL pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp. 2022-06-02 not yet calculated CVE-2022-32202
MISC
MISC
libjpeg — libjpeg
 
In libjpeg 1.63, there is a NULL pointer dereference in Component::SubXOf in component.hpp. 2022-06-02 not yet calculated CVE-2022-32201
MISC
MISC
liblouis — liblouis
 
Liblouis 3.21.0 has an out-of-bounds write in compileRule in compileTranslationTable.c, as demonstrated by lou_trace. 2022-06-02 not yet calculated CVE-2022-31783
MISC
MISC
libmobi — libmobi
 
libmobi before v0.10 contains a NULL pointer dereference via the component mobi_buffer_getpointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mobi file. 2022-06-02 not yet calculated CVE-2022-29788
MISC
librenms — librenms
 
LibreNMS v22.3.0 was discovered to contain multiple command injection vulnerabilities via the service_ip, hostname, and service_param parameters. 2022-06-02 not yet calculated CVE-2022-29712
MISC
librenms — librenms
 
LibreNMS v22.3.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Table/GraylogController.php. 2022-06-02 not yet calculated CVE-2022-29711
MISC
MISC
lifion — lifion-verify-dependencies
 
lifion-verify-dependencies through 1.1.0 is vulnerable to OS command injection via a crafted dependency name on the scanned project’s package.json file. 2022-06-02 not yet calculated CVE-2021-34078
MISC
MISC
linkplay — sound_bar
 
LinkPlay Sound Bar v1.0 allows attackers to escalate privileges via a hardcoded password for the SSL certificate. 2022-06-02 not yet calculated CVE-2022-28605
MISC
linux — kernal
 
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. 2022-06-02 not yet calculated CVE-2022-1652
MISC
MISC
MISC
linux — kernel
 
A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially 2022-06-02 not yet calculated CVE-2022-1943
MISC
linux — kernel
 
net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free. 2022-06-02 not yet calculated CVE-2022-32250
MISC
MISC
MLIST
MLIST
linux — kernel’s_io_uring
 
A use-after-free flaw was found in the Linux kernel’s io_uring subsystem in the way a user sets up a ring with IORING_SETUP_IOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system. 2022-06-02 not yet calculated CVE-2022-1786
MISC
linux — teletype
 
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory. 2022-06-02 not yet calculated CVE-2022-1462
MISC
mattermost — mattermost Uncontrolled resource consumption in Mattermost version 6.6.0 and earlier allows an authenticated attacker to crash the server via a crafted SVG attachment on a post. 2022-06-02 not yet calculated CVE-2022-1982
MISC
mautic — mautic
 
A cross-site scripting (XSS) vulnerability in the installer component of Mautic before 4.3.0 allows admins to inject executable javascript 2022-06-01 not yet calculated CVE-2021-27914
CONFIRM
mcms — mcms
 
An arbitrary file upload vulnerability was discovered in MCMS 5.2.7, allowing an attacker to execute arbitrary code through a crafted ZIP file. 2022-06-02 not yet calculated CVE-2022-30506
MISC
mcms — mcms
 
An issue was discovered in MCMS 5.2.7. There is a CSRF vulnerability that can add an administrator account via ms/basic/manager/save.do. 2022-06-02 not yet calculated CVE-2022-29647
MISC
mgm_security_partners — bigbluebutton
 
BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the “Share room access” dialog if the victim has shared access to the particular room with the attacker previously. 2022-06-02 not yet calculated CVE-2022-26497
MISC
MISC
microsoft — edge
 
Microsoft Edge (Chromium-based) Spoofing Vulnerability. 2022-06-01 not yet calculated CVE-2022-26905
N/A
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30128. 2022-06-01 not yet calculated CVE-2022-30127
N/A
microsoft — edge
 
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30127. 2022-06-01 not yet calculated CVE-2022-30128
N/A
mintzo — docker-tester
 
OS Command injection vulnerability in Mintzo Docker-Tester through 1.2.1 allows attackers to execute arbitrary commands via shell metacharacters in the ‘ports’ entry of a crafted docker-compose.yml file. 2022-06-02 not yet calculated CVE-2021-34079
MISC
MISC
mitsubishi — multiple_products
 
Improper Input Validation vulnerability in Mitsubishi Electric MELSEC-Q Series QJ71E71-100 first 5 digits of serial number “24061” or prior, Mitsubishi Electric MELSEC-L series LJ71E71-100 first 5 digits of serial number “24061” or prior and Mitsubishi Electric MELSEC iQ-R Series RD81MES96N firmware version “08” or prior allows a remote unauthenticated attacker to cause a denial of service (DoS) condition or execute malicious code on the target products by sending specially crafted packets. 2022-06-02 not yet calculated CVE-2022-25163
MISC
MISC
mruby — mruby
 
Use After Free in GitHub repository mruby/mruby prior to 3.2. 2022-05-31 not yet calculated CVE-2022-1934
MISC
CONFIRM
neorazorx — facturascripts
 
Cross-site Scripting (XSS) – Generic in GitHub repository neorazorx/facturascripts prior to 2022.09. 2022-06-03 not yet calculated CVE-2022-1988
MISC
CONFIRM
neos_cms — neos_cms
 
Multiple cross-site scripting (XSS) vulnerabilities in Neos CMS allow attackers with the editor role or higher to inject arbitrary script or HTML code using the editor function, the deletion of assets, or a workspace title. The vulnerabilities were found in versions 3.3.29 and 8.0.1 and could also be present in all intermediate versions. 2022-06-02 not yet calculated CVE-2022-30429
MISC
netapp — e-series_santricity_os_controller_software
 
E-Series SANtricity OS Controller Software versions 11.40 through 11.70.2 store the LDAP BIND password in plaintext within a file accessible only to privileged users. 2022-06-02 not yet calculated CVE-2022-23236
MISC
netapp — e-series_santricity_os_controller_software
 
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host header injection attacks that could allow an attacker to redirect users to malicious websites. 2022-06-02 not yet calculated CVE-2022-23237
MISC
netcloud — server
 
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 22.2.7 and 23.0.4, missing input-size validation of new session names allows users to create app passwords with long names. These long names are then loaded into memory on usage, resulting in impacted performance. Versions 22.2.7 and 23.0.4 contain a fix for this issue. There are currently no known workarounds available. 2022-05-31 not yet calculated CVE-2022-29243
MISC
MISC
CONFIRM
netscout — ngeniusone
 
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. 2022-06-02 not yet calculated CVE-2021-45983
MISC
MISC
netscout — ngeniusone
 
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. 2022-06-02 not yet calculated CVE-2021-45982
MISC
MISC
netscout — ngeniusone
 
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. 2022-06-02 not yet calculated CVE-2021-45981
MISC
MISC
nextcloud — richdocuments
 
richdocuments is the repository for NextCloud Collabra, the app for Nextcloud Office collaboration. Prior to versions 6.0.0, 5.0.4, and 4.2.6, a user could be tricked into working against a remote Office by sending them a federated share. richdocuments versions 6.0.0, 5.0.4 and 4.2.6 contain a fix for this issue. There are currently no known workarounds available. 2022-06-02 not yet calculated CVE-2022-31024
MISC
CONFIRM
MISC
nginx — njs
 
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h. 2022-06-02 not yet calculated CVE-2022-30503
MISC
MISC
nginx — njs
 
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_value_own_enumerate at src/njs_value.c. 2022-06-02 not yet calculated CVE-2022-29779
MISC
MISC
nginx — njs
 
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. 2022-06-02 not yet calculated CVE-2022-29780
MISC
MISC
npm — es128_ssl-utils
 
OS Command Injection vulnerability in es128 ssl-utils 1.0.0 for Node.js allows attackers to execute arbitrary commands via unsanitized shell metacharacters provided to the createCertRequest() and the createCert() functions. 2022-06-02 not yet calculated CVE-2021-34080
MISC
online_car_wash_booking_system — online_car_wash_booking_system Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. 2022-06-02 not yet calculated CVE-2022-31344
MISC
online_car_wash_booking_system — online_car_wash_booking_system Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. 2022-06-02 not yet calculated CVE-2022-31347
MISC
online_car_wash_booking_system — online_car_wash_booking_system Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. 2022-06-02 not yet calculated CVE-2022-31348
MISC
online_car_wash_booking_system — online_car_wash_booking_system Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. 2022-06-02 not yet calculated CVE-2022-31351
MISC
online_car_wash_booking_system — online_car_wash_booking_system Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. 2022-06-02 not yet calculated CVE-2022-31353
MISC
online_car_wash_booking_system — online_car_wash_booking_system Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=get_vehicle_service. 2022-06-02 not yet calculated CVE-2022-31354
MISC
online_car_wash_booking_system — online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/manage_vehicle.php?id=. 2022-06-02 not yet calculated CVE-2022-31350
MISC
online_car_wash_booking_system — online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. 2022-06-02 not yet calculated CVE-2022-31352
MISC
online_car_wash_booking_system — online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. 2022-06-02 not yet calculated CVE-2022-31346
MISC
online_car_wash_booking_system — online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=user/manage_user&id=. 2022-06-02 not yet calculated CVE-2022-31345
MISC
online_car_wash_booking_system — online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to Delete any file via /ocwbs/classes/Master.php?f=delete_img. 2022-06-02 not yet calculated CVE-2022-31342
MISC
online_car_wash_booking_system — online_car_wash_booking_system
 
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/?page=bookings/view_details&id=. 2022-06-02 not yet calculated CVE-2022-31343
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=reports&date=. 2022-06-02 not yet calculated CVE-2022-31974
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/manage_team&id=. 2022-06-02 not yet calculated CVE-2022-31980
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_team. 2022-06-02 not yet calculated CVE-2022-31977
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=delete_img. 2022-06-02 not yet calculated CVE-2022-31973
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_inquiry. 2022-06-02 not yet calculated CVE-2022-31978
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=user/manage_user&id=. 2022-06-02 not yet calculated CVE-2022-31975
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=teams/view_team&id=. 2022-06-02 not yet calculated CVE-2022-31981
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/view_request&id=. 2022-06-02 not yet calculated CVE-2022-31982
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/classes/Master.php?f=delete_request. 2022-06-02 not yet calculated CVE-2022-31976
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/?page=requests/manage_request&id=. 2022-06-02 not yet calculated CVE-2022-31983
MISC
online_fire_reporting_system — online_fire_reporting_system
 
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via /ofrs/admin/requests/take_action.php?id=. 2022-06-02 not yet calculated CVE-2022-31984
MISC
onlyoffice — document_server
 
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a stack overflow via the component DesktopEditor/common/File.cpp. 2022-06-02 not yet calculated CVE-2022-29776
MISC
MISC
onlyoffice — document_server
 
Onlyoffice Document Server v6.0.0 and below and Core 6.1.0.26 and below were discovered to contain a heap overflow via the component DesktopEditor/fontengine/fontconverter/FontFileBase.h. 2022-06-02 not yet calculated CVE-2022-29777
MISC
MISC
oretnom23 — merchandise_online_store
 
Merchandise Online Store v1.0 by oretnom23 has an arbitrary code execution (RCE) vulnerability in the user profile upload point in the system information. 2022-06-02 not yet calculated CVE-2022-30423
MISC
oretnom23 — online_ordering_system
 
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductetails.php. 2022-06-02 not yet calculated CVE-2022-30794
MISC
oretnom23 — online_ordering_system
 
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/editproductimage.php. 2022-06-02 not yet calculated CVE-2022-30795
MISC
oretnom23 — online_ordering_system
 
Online Ordering System v1.0 by oretnom23 is vulnerable to SQL Injection via admin/viewreport.php. 2022-06-02 not yet calculated CVE-2022-30798
MISC
oretnom23 — online_ordering_system
 
Online Ordering System v1.0 by oretnom23 has SQL injection via store/orderpage.php. 2022-06-02 not yet calculated CVE-2022-30799
MISC
oretnom23 — online_ordering_system
 
Online Ordering System 1.0 by oretnom23 is vulnerable to SQL Injection via admin/vieworders.php. 2022-06-02 not yet calculated CVE-2022-30797
MISC
owl_labs — meeting_owl Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. 2022-06-02 not yet calculated CVE-2022-31463
MISC
MISC
owl_labs — meeting_owl
 
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. 2022-06-02 not yet calculated CVE-2022-31462
MISC
MISC
owl_labs — meeting_owl
 
Owl Labs Meeting Owl 5.2.0.15 allows attackers to activate Tethering Mode with hard-coded hoothoot credentials via a certain c 150 value. 2022-06-02 not yet calculated CVE-2022-31460
MISC
MISC
owl_labs — meeting_owl
 
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. 2022-06-02 not yet calculated CVE-2022-31459
MISC
MISC
owl_labs — meeting_owl
 
Owl Labs Meeting Owl 5.2.0.15 allows attackers to deactivate the passcode protection mechanism via a certain c 11 message. 2022-06-02 not yet calculated CVE-2022-31461
MISC
MISC
packet_storm — responsive_online_blog
 
Responsive Online Blog v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at single.php. 2022-06-02 not yet calculated CVE-2022-29659
MISC
MISC
MISC
pbootcms — pbootcms
 
Cross Site Request Forgery (CSRF) vulnerability in PbootCMS v2.0.3 via /admin.php?p=/User/index. 2022-06-02 not yet calculated CVE-2020-20971
MISC
percona — xtrabackup
 
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when –history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997. 2022-06-02 not yet calculated CVE-2022-26944
MISC
MISC
phpabook — phpabook
 
phpABook 0.9i is vulnerable to SQL Injection due to insufficient sanitization of user-supplied data in the “auth_user” parameter in index.php script. 2022-06-02 not yet calculated CVE-2022-30352
MISC
MISC
pidgin — pidgin
 
An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attacker to take over control over the XMPP connection and to obtain user credentials and all communication content. This is similar to CVE-2022-24968. 2022-06-02 not yet calculated CVE-2022-26491
MISC
MISC
MISC
MISC
MISC
play_framework — play_framework
 
Play Framework is a web framework for Java and Scala. Verions prior to 2.8.16 are vulnerable to generation of error messages containing sensitive information. Play Framework, when run in dev mode, shows verbose errors for easy debugging, including an exception stack trace. Play does this by configuring its `DefaultHttpErrorHandler` to do so based on the application mode. In its Scala API Play also provides a static object `DefaultHttpErrorHandler` that is configured to always show verbose errors. This is used as a default value in some Play APIs, so it is possible to inadvertently use this version in production. It is also possible to improperly configure the `DefaultHttpErrorHandler` object instance as the injected error handler. Both of these situations could result in verbose errors displaying to users in a production application, which could expose sensitive information from the application. In particular, the constructor for `CORSFilter` and `apply` method for `CORSActionBuilder` use the static object `DefaultHttpErrorHandler` as a default value. This is patched in Play Framework 2.8.16. The `DefaultHttpErrorHandler` object has been changed to use the prod-mode behavior, and `DevHttpErrorHandler` has been introduced for the dev-mode behavior. A workaround is available. When constructing a `CORSFilter` or `CORSActionBuilder`, ensure that a properly-configured error handler is passed. Generally this should be done by using the `HttpErrorHandler` instance provided through dependency injection or through Play’s `BuiltInComponents`. Ensure that the application is not using the `DefaultHttpErrorHandler` static object in any code that may be run in production. 2022-06-02 not yet calculated CVE-2022-31023
CONFIRM
MISC
MISC
play_framework — play_framework
 
Play Framework is a web framework for Java and Scala. A denial of service vulnerability has been discovered in verions 2.8.3 through 2.8.15 of Play’s forms library, in both the Scala and Java APIs. This can occur when using either the `Form#bindFromRequest` method on a JSON request body or the `Form#bind` method directly on a JSON value. If the JSON data being bound to the form contains a deeply-nested JSON object or array, the form binding implementation may consume all available heap space and cause an `OutOfMemoryError`. If executing on the default dispatcher and `akka.jvm-exit-on-fatal-error` is enabled—as it is by default—then this can crash the application process. `Form.bindFromRequest` is vulnerable when using any body parser that produces a type of `AnyContent` or `JsValue` in Scala, or one that can produce a `JsonNode` in Java. This includes Play’s default body parser. This vulnerability been patched in version 2.8.16. There is now a global limit on the depth of a JSON object that can be parsed, which can be configured by the user if necessary. As a workaround, applications that do not need to parse a request body of type `application/json` can switch from the default body parser to another body parser that supports only the specific type of body they expect. 2022-06-02 not yet calculated CVE-2022-31018
CONFIRM
MISC
MISC
polonel — trudesk
 
Use of Incorrect Operator in GitHub repository polonel/trudesk prior to 1.2.3. 2022-05-31 not yet calculated CVE-2022-1947
MISC
CONFIRM
polonel — trudesk
 
Integer Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.3. 2022-05-31 not yet calculated CVE-2022-1926
CONFIRM
MISC
polonel — trudesk
 
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository polonel/trudesk prior to 1.2.3. 2022-05-31 not yet calculated CVE-2022-1893
MISC
CONFIRM
polonel — trudesk
 
Incorrect Synchronization in GitHub repository polonel/trudesk prior to 1.2.3. 2022-05-31 not yet calculated CVE-2022-1931
CONFIRM
MISC
polonel — trudesk
 
Execution with Unnecessary Privileges in GitHub repository polonel/trudesk prior to 1.2.3. 2022-05-31 not yet calculated CVE-2022-1808
MISC
CONFIRM
project_worlds_official — hospital_management_system_in_php
 
Project Worlds Official Hospital Management System in php 1.0 is vulnerable to SQL Injection on login page organization. ¶¶ A SQL injection vulnerability exists in ProjectWorlds Hospital Management System in php 1.0 on login page that allows a remote attacker to compromise Application SQL database. 2022-06-02 not yet calculated CVE-2021-44095
MISC
MISC
MISC
protobufjs — protobufjs
 
The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files 2022-05-27 not yet calculated CVE-2022-25878
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
publiccms — publiccms
 
PublicCMS V4.0.202204.a and below contains an information leak via the component /views/directive/sys/SysConfigDataDirective.java. 2022-06-03 not yet calculated CVE-2022-29784
MISC
MISC
python — waitress
 
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response. 2022-05-31 not yet calculated CVE-2022-31015
MISC
MISC
CONFIRM
MISC
qdecoder — qdecoder
 
qDecoder before 12.1.0 does not ensure that the percent character is followed by two hex digits for URL decoding. 2022-06-03 not yet calculated CVE-2022-32265
MISC
MISC
MISC
real_player — real_player
 
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). 2022-06-03 not yet calculated CVE-2022-32270
MISC
MISC
real_player — real_player
 
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. 2022-06-03 not yet calculated CVE-2022-32271
MISC
MISC
real_player — real_player
 
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. 2022-06-03 not yet calculated CVE-2022-32269
MISC
MISC
red_hat_inc — multiple_products
 
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. 2022-06-02 not yet calculated CVE-2022-1419
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/manage_report.php?id=. 2022-06-02 not yet calculated CVE-2022-31956
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/respondent_types/manage_respondent_type.php?id=. 2022-06-02 not yet calculated CVE-2022-31965
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/respondent_types/view_respondent_type.php?id=. 2022-06-02 not yet calculated CVE-2022-31964
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/view_incident.php?id=. 2022-06-02 not yet calculated CVE-2022-31962
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incidents/manage_incident.php?id=. 2022-06-02 not yet calculated CVE-2022-31961
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/teams/manage_team.php?id=. 2022-06-02 not yet calculated CVE-2022-31959
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via rdms/admin/teams/view_team.php?id=. 2022-06-02 not yet calculated CVE-2022-31957
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/admin/incident_reports/view_report.php?id=. 2022-06-02 not yet calculated CVE-2022-31953
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=delete_img. 2022-06-02 not yet calculated CVE-2022-31945
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_team. 2022-06-02 not yet calculated CVE-2022-31946
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_report. 2022-06-02 not yet calculated CVE-2022-31948
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to SQL Injection via /rdms/classes/Master.php?f=delete_respondent_type. 2022-06-02 not yet calculated CVE-2022-31951
MISC
rescue_dispatch_management_system — rescue_dispatch_management_system
 
Rescue Dispatch Management System v1.0 is vulnerable to SQL injection via /rdms/classes/Master.php?f=delete_incident. 2022-06-02 not yet calculated CVE-2022-31952
MISC
resi — gemini-net
 
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints, 2022-06-02 not yet calculated CVE-2022-29540
MISC
MISC
riverbed — appresponse
 
Riverbed AppResponse 11.8.0, 11.8.5, 11.8.5a, 11.9.0, 11.9.0a, 11.10.0, 11.11.0, 11.11.0a, 11.11.1, 11.11.1a, 11.11.5, and 11.11.5a (when configured to use local, RADIUS, or TACACS authentication) logs usernames and passwords if either is entered incorrectly. If a user enters an incorrect username and/or password when logging into the WebUI, these attempted credentials are included in an error message that is logged in the WebUI log file. A log entry does not appear if the username and password provided correctly match a valid set of credentials. This also does not happen if AppResponse is configured to use SAML authentication. The WebUI log file is included in subsequent diagnostic system dumps that are generated. (Only users with Full Control access to the System Configuration permission can generate system dumps. By default, only System Administrators have Full Control access to the System Configuration permission.) 2022-06-03 not yet calculated CVE-2021-43271
MISC
rockwell_automation — logix_controllers
 
A malformed Class 3 common industrial protocol message with a cached connection can cause a denial-of-service condition in Rockwell Automation Logix Controllers, resulting in a major nonrecoverable fault. If the target device becomes unavailable, a user would have to clear the fault and redownload the user project file to bring the device back online. 2022-06-02 not yet calculated CVE-2022-1797
CONFIRM
CONFIRM
rsa — archer
 
RSA Archer 6.8.00500.1003 P5 allows Unrestricted Upload of a File with a Dangerous Type. 2022-06-02 not yet calculated CVE-2021-33615
MISC
MISC
MISC
ruby_gem — dragonfly
 
An argument injection vulnerability in Dragonfly Ruby Gem v1.3.0 allows attackers to read and write arbitrary files when the verify_url option is disabled. This vulnerability is exploited via a crafted URL. 2022-06-02 not yet calculated CVE-2021-33473
MISC
MISC
schneider_electric_se — multiple_products
 
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over the admin account when an attacker hijacks a session. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 2022-06-02 not yet calculated CVE-2022-30238
MISC
schneider_electric_se — multiple_products
 
A CWE-20: Improper Input Validation vulnerability exists that could cause potential remote code execution when an attacker is able to intercept and modify a request on the same network or has configuration access to an ION device on the network. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 2022-06-02 not yet calculated CVE-2022-30232
MISC
schneider_electric_se — multiple_products
 
A CWE-20: Improper Input Validation vulnerability exists that could allow the product to be maliciously manipulated when the user is tricked into performing certain actions on a webpage. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 2022-06-02 not yet calculated CVE-2022-30233
MISC
schneider_electric_se — multiple_products
 
A CWE-798: Use of Hard-coded Credentials vulnerability exists that could allow arbitrary code to be executed when root level access is obtained. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 2022-06-02 not yet calculated CVE-2022-30234
MISC
schneider_electric_se — multiple_products
 
A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could allow unauthorized access when an attacker uses brute force. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 2022-06-02 not yet calculated CVE-2022-30235
MISC
schneider_electric_se — multiple_products
 
A CWE-669: Incorrect Resource Transfer Between Spheres vulnerability exists that could allow unauthorized access when an attacker uses cross-domain attacks. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 2022-06-02 not yet calculated CVE-2022-30236
MISC
schneider_electric_se — multiple_products
 
A CWE-311: Missing Encryption of Sensitive Data vulnerability exists that could allow authentication credentials to be recovered when an attacker breaks the encoding. Affected Products: Wiser Smart, EER21000 & EER21001 (V4.5 and prior) 2022-06-02 not yet calculated CVE-2022-30237
MISC
sercomm — multiple_products
 
A Command Injection vulnerability in httpd web server (setup.cgi) in SerComm h500s, FW: lowi-h500s-v3.4.22 allows logged in administrators to arbitrary OS commands as root in the device via the connection_type parameter of the statussupport_diagnostic_tracing.json endpoint. 2022-06-02 not yet calculated CVE-2021-44080
MISC
MISC
siemens-healthineers — multiple_products
 
A vulnerability has been identified in Biograph Horizon PET/CT Systems (All VJ30 versions < VJ30C-UD01), MAGNETOM Family (NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A), MAMMOMAT Revelation (All VC20 versions < VC20D), NAEOTOM Alpha (All VA40 versions < VA40 SP2), SOMATOM X.cite (All versions < VA30 SP5 or VA40 SP2), SOMATOM X.creed (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.All (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Now (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Open Pro (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Sim (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Top (All versions < VA30 SP5 or VA40 SP2), SOMATOM go.Up (All versions < VA30 SP5 or VA40 SP2), Symbia E/S (All VB22 versions < VB22A-UD03), Symbia Evo (All VB22 versions < VB22A-UD03), Symbia Intevo (All VB22 versions < VB22A-UD03), Symbia T (All VB22 versions < VB22A-UD03), Symbia.net (All VB22 versions < VB22A-UD03), syngo.via VB10 (All versions), syngo.via VB20 (All versions), syngo.via VB30 (All versions), syngo.via VB40 (All versions < VB40B HF06), syngo.via VB50 (All versions), syngo.via VB60 (All versions < VB60B HF02). The application deserialises untrusted data without sufficient validations that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system if ports 32912/tcp or 32914/tcp are reachable. 2022-06-01 not yet calculated CVE-2022-29875
CONFIRM
siteserver — sscms
 
siteserver SSCMS 6.15.51 is vulnerable to Cross Site Scripting (XSS). 2022-06-02 not yet calculated CVE-2022-30349
MISC
solidusio — solidus
 
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order’s adjustments if they hold its number, and the execution happens on a store administrator’s computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch. 2022-06-01 not yet calculated CVE-2022-31000
MISC
CONFIRM
solutions_atlantic — regulatory_reporting_system
 
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to an reflected Cross-Site Scripting (XSS) vulnerability via RRSWeb/maint/ShowDocument/ShowDocument.aspx . 2022-06-02 not yet calculated CVE-2022-29598
MISC
MISC
solutions_atlantic — regulatory_reporting_system
 
Solutions Atlantic Regulatory Reporting System (RRS) v500 is vulnerable to Local File Inclusion (LFI). Any authenticated user has the ability to reference internal system files within requests made to the RRSWeb/maint/ShowDocument/ShowDocument.aspx page. The server will successfully respond with the file contents of the internal system file requested. This ability could allow for adversaries to extract sensitive data and/or files from the underlying file system, gain knowledge about the internal workings of the system, or access source code of the application. 2022-06-02 not yet calculated CVE-2022-29597
MISC
MISC
sourcecodester — online_market_place_site
 
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. 2022-06-02 not yet calculated CVE-2022-29627
MISC
sourcecodester — online_market_place_site
 
A cross-site scripting (XSS) vulnerability in /omps/seller of Online Market Place Site v1.0 allows attackers to execute arbitrary web cripts or HTML via a crafted payload injected into the Page parameter. 2022-06-02 not yet calculated CVE-2022-29628
MISC
sourcecodester — product_show_room_site
 
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been declared as problematic. This vulnerability affects p=contact. The manipulation of the Message textbox with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires authentication. Exploit details have been disclosed to the public. 2022-06-02 not yet calculated CVE-2022-1979
MISC
MISC
sourcecodester — product_show_room_site
 
A vulnerability was found in SourceCodester Product Show Room Site 1.0. It has been rated as problematic. This issue affects the file /admin/?page=system_info/contact_info. The manipulation of the textbox Telephone with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but requires authentication. Expliot details have been disclosed to the public. 2022-06-02 not yet calculated CVE-2022-1980
MISC
MISC
sourcecodester — school_dormitory_management_system
 
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:126. 2022-06-02 not yet calculated CVE-2022-30514
MISC
MISC
sourcecodester — school_dormitory_management_system
 
School Dormitory Management System 1.0 is vulnerable to SQL Injection via reports/daily_collection_report.php:59. 2022-06-02 not yet calculated CVE-2022-30510
MISC
MISC
sourcecodester — school_dormitory_management_system
 
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/view_details.php:4. 2022-06-02 not yet calculated CVE-2022-30511
MISC
MISC
sourcecodester — school_dormitory_management_system
 
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via admin/inc/navigation.php:125 2022-06-02 not yet calculated CVE-2022-30513
MISC
MISC
sourcecodester — school_dormitory_management_system
 
School Dormitory Management System 1.0 is vulnerable to SQL Injection via accounts/payment_history.php:31. 2022-06-02 not yet calculated CVE-2022-30512
MISC
MISC
ssh.net — ssh.net 
 
SSH.NET is a Secure Shell (SSH) library for .NET. In versions 2020.0.0 and 2020.0.1, during an `X25519` key exchange, the client’s private key is generated with `System.Random`. `System.Random` is not a cryptographically secure random number generator, it must therefore not be used for cryptographic purposes. When establishing an SSH connection to a remote host, during the X25519 key exchange, the private key is generated with a weak random number generator whose seed can be brute forced. This allows an attacker who is able to eavesdrop on the communications to decrypt them. Version 2020.0.2 contains a patch for this issue. As a workaround, one may disable support for `curve25519-sha256` and `curve25519-sha256@libssh.org` key exchange algorithms. 2022-05-31 not yet calculated CVE-2022-29245
CONFIRM
MISC
MISC
MISC
starwindsoftware — multiple_products
 
StarWind SAN and NAS v0.2 build 1914 allow remote code execution. 2022-06-03 not yet calculated CVE-2022-32268
MISC
swftools — swftools An issue was discovered in swftools through 20201222. A heap buffer overflow exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. 2022-06-02 not yet calculated CVE-2021-42199
MISC
swftools — swftools An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_DeleteFilter() located in swffilter.c. It allows an attacker to cause Denial of Service. 2022-06-02 not yet calculated CVE-2021-42202
MISC
swftools — swftools An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function handleEditText() located in swfdump.c. It allows an attacker to cause code Execution. 2022-06-02 not yet calculated CVE-2021-42195
MISC
swftools — swftools
 
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function main() located in swfdump.c. It allows an attacker to cause Denial of Service. 2022-06-02 not yet calculated CVE-2021-42200
MISC
swftools — swftools
 
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause code execution. 2022-06-02 not yet calculated CVE-2021-42204
MISC
swftools — swftools
 
An issue was discovered in swftools through 20201222. A heap-use-after-free exists in the function swf_FontExtract_DefineTextCallback() located in swftext.c. It allows an attacker to cause code execution. 2022-06-02 not yet calculated CVE-2021-42203
MISC
swftools — swftools
 
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function traits_parse() located in abc.c. It allows an attacker to cause Denial of Service. 2022-06-02 not yet calculated CVE-2021-42196
MISC
swftools — swftools
 
An issue was discovered in swftools through 20201222 through a memory leak in the swftools when swfdump is used. It allows an attacker to cause code execution. 2022-06-02 not yet calculated CVE-2021-42197
MISC
swftools — swftools
 
An issue was discovered in swftools through 20201222. A NULL pointer dereference exists in the function swf_GetBits() located in rfxswf.c. It allows an attacker to cause Denial of Service. 2022-06-02 not yet calculated CVE-2021-42198
MISC
swftools — swftools
 
An issue was discovered in swftools through 20201222. A heap-buffer-overflow exists in the function swf_GetD64() located in rfxswf.c. It allows an attacker to cause code execution. 2022-06-02 not yet calculated CVE-2021-42201
MISC
tenda_technology — hg6
 
Tenda Technology Co.,Ltd HG6 3.3.0-210926 was discovered to contain a command injection vulnerability via the pingAddr and traceAddr parameters. This vulnerability is exploited via a crafted POST request. 2022-06-02 not yet calculated CVE-2022-30425
MISC
MISC
MISC
tidb — tidb
 
TiDB is an open-source NewSQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. Under certain conditions, an attacker can construct malicious authentication requests to bypass the authentication process, resulting in privilege escalation or unauthorized access. Only users using TiDB 5.3.0 are affected by this vulnerability. TiDB version 5.3.1 contains a patch for this issue. Other mitigation strategies include turning off Security Enhanced Mode (SEM), disabling local login for non-root accounts, and ensuring that the same IP cannot be logged in as root and normal user at the same time. 2022-05-31 not yet calculated CVE-2022-31011
MISC
CONFIRM
tiktok — tiktok
 
The TikTok application before 23.8.4 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. 2022-06-02 not yet calculated CVE-2022-28799
MISC
MISC
MISC
totolink — ex1200t TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setLanguageCfg of the file global.so which can control langType to attack. 2022-06-03 not yet calculated CVE-2021-42888
MISC
totolink — ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function NTPSyncWithHost of the file system.so which can control hostTime to attack. 2022-06-03 not yet calculated CVE-2021-42890
MISC
totolink — ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, wifiname, etc.) without authorization. 2022-06-03 not yet calculated CVE-2021-42889
MISC
totolink — ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in the function setDiagnosisCfg of the file lib/cste_modules/system.so to control the ipDoamin. 2022-06-02 not yet calculated CVE-2021-42875
MISC
MISC
MISC
totolink — ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization through getSysStatusCfg. 2022-06-03 not yet calculated CVE-2021-42893
MISC
totolink — ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can start telnet without authorization because the default username and password exists in the firmware. 2022-06-03 not yet calculated CVE-2021-42892
MISC
totolink — ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information (wifikey, etc.) without authorization. 2022-06-03 not yet calculated CVE-2021-42891
MISC
totolink — ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains an information disclosure vulnerability where an attacker can get the apmib configuration file without authorization, and usernames and passwords can be found in the decoded file. 2022-06-03 not yet calculated CVE-2021-42886
MISC
totolink — ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a denial of service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system. 2022-06-02 not yet calculated CVE-2021-42877
MISC
MISC
MISC
totolink — ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceName of the file global.so which can control thedeviceName to attack. 2022-06-03 not yet calculated CVE-2021-42884
MISC
totolink — ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 contains a remote command injection vulnerability in function setDeviceMac of the file global.so which can control deviceName to attack. 2022-06-03 not yet calculated CVE-2021-42885
MISC
totolink — ex1200t
 
TOTOLINK EX1200T V4.1.2cu.5215 is affected by a command injection vulnerability that can remotely execute arbitrary code. 2022-06-02 not yet calculated CVE-2021-42872
MISC
MISC
MISC
totolink — ex1200t
 
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can bypass login by sending a specific request through formLoginAuth.htm. 2022-06-03 not yet calculated CVE-2021-42887
MISC
trend_micro_inc — maximum_security_2022
 
Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product’s secure erase feature to delete arbitrary files. 2022-05-27 not yet calculated CVE-2022-30687
N/A
N/A
trend_micro_inc — multiple_products
 
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-05-27 not yet calculated CVE-2022-30700
N/A
N/A
trend_micro_inc — multiple_products
 
An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2022-05-27 not yet calculated CVE-2022-30701
N/A
N/A
trend_micro — eol_product_cve_installer_of_trend_micro_password_manager_(consumer)
 
EOL Product CVE – Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x). 2022-05-27 not yet calculated CVE-2022-28394
N/A
N/A
N/A
turistforeningen — node-s3-uploader
 
OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata() function. 2022-06-02 not yet calculated CVE-2021-34084
MISC
unicorn-engine — unicorn_engine
 
Unicorn Engine v2.0.0-rc7 contains memory leaks caused by an incomplete unicorn engine initialization. 2022-06-02 not yet calculated CVE-2022-29695
MISC
MISC
unicorn-engine — unicorn_engine
 
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a NULL pointer dereference via qemu_ram_free. 2022-06-02 not yet calculated CVE-2022-29694
MISC
MISC
MISC
MISC
MISC
unicorn-engine — unicorn_engine
 
Unicorn Engine v2.0.0-rc7 and below was discovered to contain a memory leak via the function uc_close at /my/unicorn/uc.c. 2022-06-02 not yet calculated CVE-2022-29693
MISC
MISC
unicorn-engine — unicorn_engine
 
Unicorn Engine v1.0.3 was discovered to contain a use-after-free vulnerability via the hook function. 2022-06-02 not yet calculated CVE-2022-29692
MISC
vapor — vapor Vapor is an HTTP web framework for Swift. Users of Vapor prior to version 4.60.3 with FileMiddleware enabled are vulnerable to an integer overflow vulnerability that can crash the application. Version 4.60.3 contains a patch for this issue. As a workaround, disable FileMiddleware and serve via a Content Delivery Network. 2022-05-31 not yet calculated CVE-2022-31005
CONFIRM
MISC
MISC
vartalap — chat_server
 
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0. 2022-05-31 not yet calculated CVE-2022-31013
MISC
CONFIRM
MISC
verizon — 4g_lte_network_extender_ga4.38
 
Verizon 4G LTE Network Extender GA4.38 – V0.4.038.2131 utilizes a weak default admin password generation algorithm which generates passwords that are accessible to unauthenticated attackers via the webUI login page. 2022-06-02 not yet calculated CVE-2022-29729
MISC
MISC
vim — vim
 
Use After Free in GitHub repository vim/vim prior to 8.2. 2022-06-02 not yet calculated CVE-2022-1968
CONFIRM
MISC
vim — vim
 
Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. 2022-05-27 not yet calculated CVE-2022-1897
CONFIRM
MISC
FEDORA
FEDORA
vim — vim
 
Buffer Over-read in GitHub repository vim/vim prior to 8.2. 2022-05-29 not yet calculated CVE-2022-1927
CONFIRM
MISC
FEDORA
FEDORA
vim — vim
 
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. 2022-05-31 not yet calculated CVE-2022-1942
CONFIRM
MISC
webankpartners — wecube
 
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted ZIP file. 2022-06-02 not yet calculated CVE-2022-28945
MISC
MISC
MISC
MISC
wordpress — amazon_link_wordpress_plugin
 
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 2022-05-30 not yet calculated CVE-2022-1645
MISC
wordpress — bannerman_wordpress_plugin
 
The BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite) 2022-05-30 not yet calculated CVE-2022-1275
MISC
wordpress — birthdays_widget_wordpress_plugin
 
The Birthdays Widget WordPress plugin through 1.7.18 does not sanitise and escape some of its fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed 2022-05-30 not yet calculated CVE-2022-1643
MISC
wordpress — bluk_page_creator_wordpress_plugin
 
The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF. 2022-05-30 not yet calculated CVE-2022-1611
MISC
wordpress — call&book_mobile_bar_wordpress_plugin
 
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 2022-05-30 not yet calculated CVE-2022-1644
MISC
wordpress — change_wp_admin_login_wordpress_plugin
 
The Change wp-admin login WordPress plugin before 1.1.0 does not properly check for authorisation and is also missing CSRF check when updating its settings, which could allow unauthenticated users to change the settings. The attacked could also be performed via a CSRF vector 2022-05-30 not yet calculated CVE-2022-1589
MISC
wordpress — content_mask_wordpress_plugin
 
The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. As a result, any authenticated user, such as subscriber could modify arbitrary blog options 2022-05-30 not yet calculated CVE-2022-1203
MISC
wordpress — easy_faq_with_expanding_text_wordpress_plugin
 
The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed 2022-05-30 not yet calculated CVE-2022-1395
MISC
wordpress — enable_svg_wordpress_plugin
 
The Enable SVG WordPress plugin before 1.4.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads 2022-05-30 not yet calculated CVE-2022-1562
MISC
wordpress — external_links_in_new_window/new_tab_wordpress_plugin
 
The External Links in New Window / New Tab WordPress plugin before 1.43 does not properly escape URLs it concatenates to onclick event handlers, which makes Stored Cross-Site Scripting attacks possible. 2022-05-30 not yet calculated CVE-2022-1582
MISC
wordpress — external_links_in_new_window/new_tab_wordpress_plugin
 
The External Links in New Window / New Tab WordPress plugin before 1.43 does not ensure window.opener is set to “null” when links to external sites are clicked, which may enable tabnabbing attacks to occur. 2022-05-30 not yet calculated CVE-2022-1583
MISC
wordpress — fatcat_apps_easy_pricing_tables_plugin
 
Authenticated (author or higher role) Stored Cross-Site Scripting (XSS) vulnerability in Fatcat Apps Easy Pricing Tables plugin <= 3.1.2 at WordPress. 2022-06-02 not yet calculated CVE-2021-36866
CONFIRM
CONFIRM
wordpress — form_maker_by_10web_wordpress_plugin
 
The Form Maker by 10Web WordPress plugin before 1.14.12 does not sanitize and escape the Custom Text settings, which could allow high privilege user such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-30 not yet calculated CVE-2022-1564
MISC
wordpress — hpb_dashboard_wordpress_plugin
 
The HPB Dashboard WordPress plugin through 1.3.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. 2022-05-30 not yet calculated CVE-2022-1542
MISC
wordpress — imbd_info_box_wordpress_plugin
 
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-30 not yet calculated CVE-2022-1294
MISC
wordpress — jivochat_live_chat_wordpress_plugin
 
The JivoChat Live Chat WordPress plugin before 1.3.5.4 does not properly check CSRF tokens on POST requests to the plugins admin page, and does not sanitise some parameters, leading to a stored Cross-Site Scripting vulnerability where an attacker can trick a logged in administrator to inject arbitrary javascript. 2022-05-30 not yet calculated CVE-2022-0642
MISC
wordpress — no_future_posts_wordpress_plugin
 
The No Future Posts WordPress plugin through 1.4 does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed 2022-05-30 not yet calculated CVE-2022-1387
MISC
wordpress — poll_maker_wordpress_plugin
 
The Poll Maker WordPress plugin before 4.0.2 does not sanitise and escape some settings, which could allow high privilege users such as admin to perform Store Cross-Site Scripting attack even when unfiltered_html is disallowed 2022-05-30 not yet calculated CVE-2022-1456
MISC
wordpress — quotes_llama_wordpress_plugin
 
The Quotes llama WordPress plugin through 0.7 does not sanitise and escape Quotes, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. The attack could also be performed by tricking an admin to import a malicious CSV file 2022-05-30 not yet calculated CVE-2022-1566
MISC
wordpress — simple_real_estate_pack_wordpress_plugin
 
The Simple Real Estate Pack WordPress plugin through 1.4.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed 2022-05-30 not yet calculated CVE-2022-1646
MISC
wordpress — slideshow_wordpress_plugin
 
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-30 not yet calculated CVE-2022-1299
MISC
wordpress — smush_wordpress_plugin
 
The Smush WordPress plugin before 3.9.9 does not sanitise and escape a configuration parameter before outputting it back in an admin page when uploading a malicious preset configuration, leading to a Reflected Cross-Site Scripting. For the attack to be successful, an attacker would need an admin to upload a malicious configuration file 2022-05-30 not yet calculated CVE-2022-1009
MISC
wordpress — social_share_buttons_supsystic_plugin
 
Cross-Site Request Forgery (CSRF) vulnerability in Social Share Buttons by Supsystic plugin <= 2.2.2 at WordPress. 2022-06-02 not yet calculated CVE-2021-36890
CONFIRM
CONFIRM
wordpress — stafflist_wordpress_plugin
 
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement when searching for Staff in the admin dashboard, leading to an SQL Injection 2022-05-30 not yet calculated CVE-2022-1556
MISC
MISC
wordpress — team_members_wordpress_plugin
 
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-30 not yet calculated CVE-2022-1568
MISC
wordpress — user_meta_wordpress_plugin The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed 2022-05-30 not yet calculated CVE-2022-0376
MISC
wordpress — vikbooking_hotel_booking_engine_&_pms_wordpress_plugin
 
The VikBooking Hotel Booking Engine & PMS WordPress plugin before 1.5.9 does not escape the current URL before putting it back in a JavaScript context, leading to a Reflected Cross-Site Scripting 2022-05-30 not yet calculated CVE-2022-1528
MISC
wordpress — wp_2fa_wordpress_plugin
 
The WP 2FA WordPress plugin before 2.2.1 does not sanitise and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting 2022-05-30 not yet calculated CVE-2022-1527
MISC
xwiki_platform — filter_ui
 
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory. 2022-05-31 not yet calculated CVE-2022-29258
MISC
CONFIRM
MISC
xxl-job — xxl-job
 
XXL-Job v2.3.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via /xxl-job-admin/jobinfo. 2022-06-03 not yet calculated CVE-2022-29770
MISC
zero_science_lab — usr_iot_4g_lte_industrial_cellular_vpn_router
 
USR IOT 4G LTE Industrial Cellular VPN Router v1.0.36 was discovered to contain hard-coded credentials for its highest privileged account. The credentials cannot be altered through normal operation of the device. 2022-06-02 not yet calculated CVE-2022-29730
MISC
MISC
zzcms — zzcms
 
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_download.php via an id parameter value with a trailing comma. 2022-06-02 not yet calculated CVE-2019-12350
MISC
zzcms — zzcms
 
An issue was discovered in zzcms 2019. SQL Injection exists in dl/dl_print.php via an id parameter value with a trailing comma. 2022-06-02 not yet calculated CVE-2019-12351
MISC
zzcms — zzcms
 
An issue was discovered in zzcms 2019. SQL Injection exists in /admin/dl_sendsms.php via the id parameter. 2022-06-02 not yet calculated CVE-2019-12349
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Posted by

in