tecson_and_gok — multiple_products
  In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn’t properly restrict access to an endpoint that is responsible for saving settings, to a unauthenticated user with limited access rights. Based on the lack of adequately implemented access-control rules, by accessing a specific uniform resource locator (URL) on the web server, a malicious user is able to change the application settings without authenticating at all, which violates originally laid ACL rules. 2022-05-06 not yet calculated CVE-2019-12254
CONFIRM piwigo — piwigo
  SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. 2022-05-06 not yet calculated CVE-2020-19212
MISC piwigo — piwigo
  SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. 2022-05-06 not yet calculated CVE-2020-19213
MISC piwigo — piwigo
  SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. 2022-05-06 not yet calculated CVE-2020-19215
MISC piwigo — piwigo
  SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. 2022-05-06 not yet calculated CVE-2020-19216
MISC piwigo — piwigo
  SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. 2022-05-06 not yet calculated CVE-2020-19217
MISC totolink — n200re_andn100re_routers
  A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. 2022-05-02 not yet calculated CVE-2020-23617
MISC
MISC xtend — voice_logger
  A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page. 2022-05-02 not yet calculated CVE-2020-23618
MISC
MISC orlansoft — erp
  The Java Remote Management Interface of all versions of Orlansoft ERP was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. 2022-05-02 not yet calculated CVE-2020-23620
MISC
MISC
MISC squire-technologies — ms_management_system
  The Java Remote Management Interface of all versions of SVI MS Management System was discovered to contain a vulnerability due to insecure deserialization of user-supplied content, which can allow attackers to execute arbitrary code via a crafted serialized Java object. 2022-05-02 not yet calculated CVE-2020-23621
MISC
MISC
MISC sonicwall — global_vpn_client
  SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. 2022-05-04 not yet calculated CVE-2021-20051
CONFIRM fuchsia — multiple_products
  The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond. 2022-05-03 not yet calculated CVE-2021-22556
MISC
MISC google — idtoken
  The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token’s payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above 2022-05-03 not yet calculated CVE-2021-22573
MISC multiple_vendors — multiple_products
  NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-22680
CONFIRM topthink — framework
  The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. 2022-05-06 not yet calculated CVE-2021-23592
CONFIRM
CONFIRM
CONFIRM twelvemonkeys — twelvemonkeys
  The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered. 2022-05-06 not yet calculated CVE-2021-23792
CONFIRM
CONFIRM wordpress — tipsacarrier_wordpress_plugin
  The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL 2022-05-02 not yet calculated CVE-2021-25002
MISC wordpress — advanced_page_visit_counter_wordpress_plugin
  The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it 2022-05-02 not yet calculated CVE-2021-25086
MISC wordpress — all_in_one_wp_security_&_firewall_wordpress_plugin
  The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk 2022-05-02 not yet calculated CVE-2021-25102
MISC sophos — firewall
  Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. 2022-05-05 not yet calculated CVE-2021-25267
CONFIRM sophos — firewall
  Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. 2022-05-05 not yet calculated CVE-2021-25268
CONFIRM kubernetes — ingress-nginx
  A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. 2022-05-06 not yet calculated CVE-2021-25745
MISC
MISC kubernetes — ingress-nginx
  A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. 2022-05-06 not yet calculated CVE-2021-25746
MISC
MISC splunk — enterprise
  A potential vulnerability in Splunk Enterprise’s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. 2022-05-06 not yet calculated CVE-2021-26253
MISC micriumos — multiple_products
  Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. 2022-05-03 not yet calculated CVE-2021-27411
CONFIRM
CONFIRM ecoscentric — ecospro_rtos
  eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow. 2022-05-03 not yet calculated CVE-2021-27417
CONFIRM
CONFIRM uclibc-ng — uclibc-ng
  uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27419
CONFIRM
CONFIRM nxp — mcuxpresso
  NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. 2022-05-03 not yet calculated CVE-2021-27421
CONFIRM
CONFIRM cesanta_software — mongoose-os
  Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27425
CONFIRM
CONFIRM riot — os
  RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27427
CONFIRM
CONFIRM arm — cmsis_rtos2
  ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. 2022-05-03 not yet calculated CVE-2021-27431
CONFIRM arm — mbed-ualloc
  ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27433
CONFIRM
CONFIRM arm — mbed-ualloc
  ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27435
CONFIRM
CONFIRM tencentos-tiny — tencentos-tiny TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function ‘tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. 2022-05-03 not yet calculated CVE-2021-27439
CONFIRM hcl_software — commerce
  HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. 2022-05-06 not yet calculated CVE-2021-27751
CONFIRM hcl_software — bigfix_inventory
  There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim’s account. 2022-05-06 not yet calculated CVE-2021-27758
CONFIRM hcl_software — bigfix_inventory 
  This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim’s browser to emit an HTTP request to an arbitrary URL in the application. 2022-05-06 not yet calculated CVE-2021-27759
CONFIRM hcl_software — notes
  An issue was discovered in the Sametime chat feature in the Notes 11.0 – 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code. 2022-05-06 not yet calculated CVE-2021-27760
CONFIRM hcl_software — weak_tls
  Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks 2022-05-06 not yet calculated CVE-2021-27761
CONFIRM hcl_software — bigfix_platform
  Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses 2022-05-06 not yet calculated CVE-2021-27762
CONFIRM hcl_software — hcl_software
  Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) 2022-05-06 not yet calculated CVE-2021-27764
CONFIRM hcl_software — installshield
  The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. 2022-05-06 not yet calculated CVE-2021-27765
CONFIRM hcl_software — bigfix_client_installer
  The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. 2022-05-06 not yet calculated CVE-2021-27766
CONFIRM hcl_software — bigfix_console_installer
  The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. 2022-05-06 not yet calculated CVE-2021-27767
CONFIRM ibm — maximo_asset_management
  IBM Maximo Asset Management 7.6.1.1 and 7.6.1.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. By sending a specially crafted HTTP request, a remote attacker could exploit this vulnerability to inject HTTP HOST header, which will allow the attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 205680. 2022-05-03 not yet calculated CVE-2021-29854
CONFIRM
XF ibm — user_management_system_component
  IBM ICP4A – User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to perform unauthorized actions or obtain sensitive information due to insufficient validation and recvocation another user logouting out. IBM X-Force ID: 206081. 2022-05-02 not yet calculated CVE-2021-29859
CONFIRM
XF splunk — enterprise_indexer
  A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. 2022-05-06 not yet calculated CVE-2021-31559
MISC cyclos — cyclos_4_pro
  A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter. 2022-05-02 not yet calculated CVE-2021-31673
MISC
MISC cyclos — cyclos_4_pro
  Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant. 2022-05-02 not yet calculated CVE-2021-31674
MISC
MISC secomea — multiple_products
  Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. 2022-05-04 not yet calculated CVE-2021-32010
MISC splunk — enterprise
  The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors. 2022-05-06 not yet calculated CVE-2021-33845
MISC
MISC red_hat — sox
  A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. 2022-05-02 not yet calculated CVE-2021-3643
MISC suse — rancher
  A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior to 2.6.3. 2022-05-02 not yet calculated CVE-2021-36778
CONFIRM suse — rancher
  A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. 2022-05-02 not yet calculated CVE-2021-36784
CONFIRM wordpress — mythemeshop_wp_subscribe_plugin
  Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. 2022-05-02 not yet calculated CVE-2021-36844
CONFIRM
CONFIRM wordpress — andrea_pernici_news_sitemap_for_google_plugin
  Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. 2022-05-06 not yet calculated CVE-2021-36912
CONFIRM
CONFIRM qemu — qemu
  A DMA reentrancy issue was found in the USB EHCI controller emulation of QEMU. EHCI does not verify if the Buffer Pointer overlaps with its MMIO region when it transfers the USB packets. Crafted content may be written to the controller’s registers and trigger undesirable actions (such as reset) while the device is still transferring packets. This can ultimately lead to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code within the context of the QEMU process on the host. This flaw affects QEMU versions before 7.0.0. 2022-05-02 not yet calculated CVE-2021-3750
MISC
MISC
MISC gurum_networks — gurumdds
  All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. 2022-05-05 not yet calculated CVE-2021-38423
CONFIRM eprosima — fast_dds
  eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. 2022-05-05 not yet calculated CVE-2021-38425
CONFIRM
CONFIRM rti — connext_dds_professional_and_connext_dds_secure
  RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. 2022-05-05 not yet calculated CVE-2021-38427
CONFIRM
CONFIRM oci — opendds
  OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure. 2022-05-05 not yet calculated CVE-2021-38429
CONFIRM
CONFIRM rti — connext_dds_professional_and_connext_dds_secure
  RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. 2022-05-05 not yet calculated CVE-2021-38433
CONFIRM
CONFIRM rti — connext_dds_professional_and_connext_dds_secure
  RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow. 2022-05-05 not yet calculated CVE-2021-38435
CONFIRM
CONFIRM gurumd — gurumdds
  All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code. 2022-05-05 not yet calculated CVE-2021-38439
CONFIRM eclipse — cyclonedds
  Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. 2022-05-05 not yet calculated CVE-2021-38441
CONFIRM
CONFIRM eclipse — cyclonedds
  Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. 2022-05-05 not yet calculated CVE-2021-38443
CONFIRM
CONFIRM oci — opendds
  OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code. 2022-05-05 not yet calculated CVE-2021-38445
CONFIRM
CONFIRM oci — opendds
  OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition. 2022-05-05 not yet calculated CVE-2021-38447
CONFIRM
CONFIRM rti — connext_versions
  RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. 2022-05-05 not yet calculated CVE-2021-38487
CONFIRM
CONFIRM qnap — multiple_products A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later 2022-05-05 not yet calculated CVE-2021-38693
MISC ibm — guardium_data_encryption
  IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855. 2022-05-05 not yet calculated CVE-2021-39020
XF
CONFIRM ibm — guardium_data_encryption
  IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860. 2022-05-06 not yet calculated CVE-2021-39023
CONFIRM
XF ibm — guardium_data_encryption
  IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. 2022-05-06 not yet calculated CVE-2021-39027
XF
CONFIRM partkeeper — partkeepr
  Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. 2022-05-03 not yet calculated CVE-2021-39390
MISC
MISC
MISC geoserver — geoserver
  GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. 2022-05-02 not yet calculated CVE-2021-40822
MISC
CONFIRM
MISC
MISC fortiguard — fortilsolator_versions
  An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. 2022-05-04 not yet calculated CVE-2021-41020
CONFIRM fortiguard — fortios
  An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands. 2022-05-04 not yet calculated CVE-2021-41032
CONFIRM mozilla — geckodriver
  Improved Host header checks to reject requests not sent to a well-known local hostname or IP, or the server-specified hostname. 2022-05-02 not yet calculated CVE-2021-4138
MISC
MISC artica — artica_proxy
  A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. 2022-05-05 not yet calculated CVE-2021-41739
MISC m-files — m-files
  Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable 2022-05-02 not yet calculated CVE-2021-41810
MISC jerryscript — jerryscript_project
  JerryScript Git version 14ff5bf does not sufficiently track and release allocated memory via jerry-core/ecma/operations/ecma-regexp-object.c after RegExp, which causes a memory leak. 2022-05-03 not yet calculated CVE-2021-41959
MISC
MISC pingidentity — pingid
  A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. 2022-04-30 not yet calculated CVE-2021-41992
MISC
MISC pingidentity — pingid
  A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41993
MISC
MISC pingidentity — pingid
  A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 2022-04-30 not yet calculated CVE-2021-41994
MISC
MISC suse — rancher
  A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. 2022-05-02 not yet calculated CVE-2021-4200
CONFIRM pingidentity — pingid_desktop
  PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. 2022-04-30 not yet calculated CVE-2021-42001
MISC
MISC mitrastar — gpt-2541ngnac-n1
  MitraStar GPT-2541GNAC-N1 (HGU) 100VNZ0b33 devices allow remote authenticated users to obtain root access by executing command “deviceinfo show file &&/bin/bash” because of incorrect sanitization of parameter “path”. 2022-05-03 not yet calculated CVE-2021-42165
MISC
MISC
MISC masacms — masacms
  MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/. 2022-05-05 not yet calculated CVE-2021-42183
MISC
MISC wdja — wdja
  wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function. 2022-05-04 not yet calculated CVE-2021-42185
MISC
MISC konga — konga
  Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. 2022-05-04 not yet calculated CVE-2021-42192
MISC
MISC
MISC ompl — ompl
  OMPL v1.5.2 contains a memory leak in VFRRT.cpp 2022-05-03 not yet calculated CVE-2021-42218
MISC osticket — osticket
  SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. 2022-05-04 not yet calculated CVE-2021-42235
MISC jfinal — jfinal_cms
  A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. 2022-05-05 not yet calculated CVE-2021-42242
MISC adobe — xmp_toolkit
  XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-02 not yet calculated CVE-2021-42528
MISC adobe — xmp_toolkit_sdk
  XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2022-05-02 not yet calculated CVE-2021-42529
MISC adobe — xmp_toolkit_sdk
  XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2022-05-02 not yet calculated CVE-2021-42530
MISC adobe — xmp_toolkit_sdk
  XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2022-05-02 not yet calculated CVE-2021-42531
MISC adobe — xmp_toolkit_sdk
  XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. 2022-05-02 not yet calculated CVE-2021-42532
MISC splunk — enterprise
  A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. 2022-05-06 not yet calculated CVE-2021-42743
MISC ruijie_networks — ruijie_rg-ew
  A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. 2022-05-04 not yet calculated CVE-2021-43159
MISC
MISC ruijie_networks — ruijie_rg-ew A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. 2022-05-04 not yet calculated CVE-2021-43160
MISC
MISC ruijie_networks — ruijie_rg-ew
  A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. 2022-05-04 not yet calculated CVE-2021-43161
MISC
MISC ruijie_networks — ruijie_rg-ew
  A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. 2022-05-04 not yet calculated CVE-2021-43162
MISC
MISC ruijie_networks — ruijie_rg-ew
  A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. 2022-05-04 not yet calculated CVE-2021-43163
MISC
MISC ruijie_networks — ruijie_rg-ew
  A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. 2022-05-04 not yet calculated CVE-2021-43164
MISC
MISC fortinet — fortios
  A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy’s client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. 2022-05-04 not yet calculated CVE-2021-43206
CONFIRM twinoaks — coredx_dds
  TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. 2022-05-05 not yet calculated CVE-2021-43547
CONFIRM
CONFIRM qnap — nas
  A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later 2022-05-05 not yet calculated CVE-2021-44051
MISC qnap — multiple_products
  An improper link resolution before file access (‘Link Following’) vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later 2022-05-05 not yet calculated CVE-2021-44052
MISC

qnap — multiple_products

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later 2022-05-05 not yet calculated CVE-2021-44053
MISC qnap — multiple_products
  An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later 2022-05-05 not yet calculated CVE-2021-44054
MISC qnap — multiple_products
  An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later 2022-05-05 not yet calculated CVE-2021-44055
MISC qnap — multiple_products
  An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later 2022-05-05 not yet calculated CVE-2021-44056
MISC qnap — multiple_products An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later 2022-05-05 not yet calculated CVE-2021-44057
MISC bookeen — notea_firmware
  Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. 2022-05-05 not yet calculated CVE-2021-45783
MISC
MISC strapi — strapi
  Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request, get the victim’s cookie, perform a base64 decode on the victim’s cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. 2022-05-03 not yet calculated CVE-2021-46440
MISC
MISC
MISC
MISC ntfsk — ntfsck
  ntfsck in NTFS-3G through 2021.8.22 has a heap-based buffer overflow involving buffer+512*3-2. NOTE: the upstream position is that ntfsck is deprecated; however, it is shipped by some Linux distributions. 2022-05-02 not yet calculated CVE-2021-46790
MISC wordpress — ad_invalid_click_protector_plugin
  The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans 2022-05-02 not yet calculated CVE-2022-0191
CONFIRM
MISC wordpress — event_list_wordpress_plugin
  The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed 2022-05-02 not yet calculated CVE-2022-0418
MISC wordpress — content_egg_wordpress_plugin
  The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting 2022-05-02 not yet calculated CVE-2022-0428
MISC wordpress — adrotate_plugin
  The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-02 not yet calculated CVE-2022-0649
MISC wordpress — adrotate_plugin
  The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-02 not yet calculated CVE-2022-0662
MISC wordpress — sitesupercharger_plugin
  The SiteSuperCharger WordPress plugin before 5.2.0 does not validate, sanitise and escape various user inputs before using them in SQL statements via AJAX actions (available to both unauthenticated and authenticated users), leading to Unauthenticated SQL Injections 2022-05-02 not yet calculated CVE-2022-0771
MISC wordpress — documentor_plugin
  The Documentor WordPress plugin through 1.5.3 fails to sanitize and escape user input before it is being interpolated in an SQL statement and then executed, leading to an SQL Injection exploitable by unauthenticated users. 2022-05-02 not yet calculated CVE-2022-0773
MISC wordpress — multiple_shipping_address_woocommerce_plugin
  The Multiple Shipping Address Woocommerce WordPress plugin before 2.0 does not properly sanitise and escape numerous parameters before using them in SQL statements via some AJAX actions available to unauthenticated users, leading to unauthenticated SQL injections 2022-05-02 not yet calculated CVE-2022-0783
MISC fuschia — fuchsia
  A bug exists where an attacker can read the kernel log through exposed Zircon kernel addresses without the required capability ZX_RSRC_KIND_ROOT. It is recommended to upgrade the Fuchsia kernel to 4.1.1 or greater. 2022-05-03 not yet calculated CVE-2022-0882
MISC logitech — logitech_options
  An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. 2022-05-03 not yet calculated CVE-2022-0916
MISC wordpress — sitemap
  The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog. 2022-05-02 not yet calculated CVE-2022-0952
MISC wordpress — visual_form_builder_plugin
  The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form’s ‘Email to’ field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 2022-05-02 not yet calculated CVE-2022-1046
MISC linux — linux_kernel
  A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-04-29 not yet calculated CVE-2022-1048
MISC
MISC
DEBIAN keylime — keylime Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1, 2022-05-06 not yet calculated CVE-2022-1053
MISC
MISC
MISC linux — linux_kernel
  A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. 2022-04-29 not yet calculated CVE-2022-1195
MISC
MISC
MISC
MISC
MISC
DEBIAN axios — axios Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26. 2022-05-03 not yet calculated CVE-2022-1214
CONFIRM
MISC wordpress — hubspot_plugin
  The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks 2022-05-02 not yet calculated CVE-2022-1239
MISC wordpress — lifterlms_paypal_plugin
  The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue 2022-05-02 not yet calculated CVE-2022-1250
MISC
MISC wordpress — import_and_export_users_and customers_plugin
  The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues 2022-05-02 not yet calculated CVE-2022-1255
MISC wordpress — fast_flow_plugin
  The Fast Flow WordPress plugin before 1.2.11 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting 2022-05-02 not yet calculated CVE-2022-1269
MISC wordpress — import_wp_plugin
  The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE 2022-05-02 not yet calculated CVE-2022-1273
MISC wordpress — photo_gallery_wordpress_plugin
  The Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST[‘filter_tag’] parameter, which is appended to an SQL query, making SQL Injection attacks possible. 2022-05-02 not yet calculated CVE-2022-1281
CONFIRM
MISC wordpress — photo_gallery_wordpress_plugin
  The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET[‘image_url’] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. 2022-05-02 not yet calculated CVE-2022-1282
MISC
CONFIRM openssl — openssl
  The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd). 2022-05-03 not yet calculated CVE-2022-1292
CONFIRM
CONFIRM
CONFIRM
CONFIRM trumpf — trutops Multiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service. 2022-05-02 not yet calculated CVE-2022-1300
CONFIRM dmars — dmars
  In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. 2022-05-03 not yet calculated CVE-2022-1331
MISC openssl — openssl
  The function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL “ocsp” application. When verifying an ocsp response with the “-no_cert_checks” option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). 2022-05-03 not yet calculated CVE-2022-1343
CONFIRM
CONFIRM linux — pfkey_register
  A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information. 2022-04-29 not yet calculated CVE-2022-1353
MISC
MISC
DEBIAN delta_electronics — diaenergie
  Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in HandlerChart.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1366
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in Handler_TCV.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1367
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegIND. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1369
CONFIRM delta_electronics — diaenergie
  Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadREGbyID. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1370
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in ReadRegf. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1371
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in dlSlog.aspx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1372
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_unHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1374
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_slogHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1375
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_privgrpHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1376
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_rltHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1377
CONFIRM delta_electronics — diaenergie Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability exists in DIAE_pgHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 2022-05-02 not yet calculated CVE-2022-1378
CONFIRM f5 — big-ip
  On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-1389
MISC yetiforcecompany — yetiforcecrm
  Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim’s cookie leads to account takeover. 2022-05-05 not yet calculated CVE-2022-1411
CONFIRM
MISC openssl — openssl
  The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite incorrectly uses the AAD data as the MAC key. This makes the MAC key trivially predictable. An attacker could exploit this issue by performing a man-in-the-middle attack to modify data being sent from one endpoint to an OpenSSL 3.0 recipient such that the modified data would still pass the MAC integrity check. Note that data sent from an OpenSSL 3.0 endpoint to a non-OpenSSL 3.0 endpoint will always be rejected by the recipient and the connection will fail at that point. Many application protocols require data to be sent from the client to the server first. Therefore, in such a case, only an OpenSSL 3.0 server would be impacted when talking to a non-OpenSSL 3.0 client. If both endpoints are OpenSSL 3.0 then the attacker could modify data being sent in both directions. In this case both clients and servers could be affected, regardless of the application protocol. Note that in the absence of an attacker this bug means that an OpenSSL 3.0 endpoint communicating with a non-OpenSSL 3.0 endpoint will fail to complete the handshake when using this ciphersuite. The confidentiality of data is not impacted by this issue, i.e. an attacker cannot decrypt data that has been encrypted using this ciphersuite – they can only modify it. In order for this attack to work both endpoints must legitimately negotiate the RC4-MD5 ciphersuite. This ciphersuite is not compiled by default in OpenSSL 3.0, and is not available within the default provider or the default ciphersuite list. This ciphersuite will never be used if TLSv1.3 has been negotiated. In order for an OpenSSL 3.0 endpoint to use this ciphersuite the following must have occurred: 1) OpenSSL must have been compiled with the (non-default) compile time option enable-weak-ssl-ciphers 2) OpenSSL must have had the legacy provider explicitly loaded (either through application code or via configuration) 3) The ciphersuite must have been explicitly added to the ciphersuite list 4) The libssl security level must have been set to 0 (default is 1) 5) A version of SSL/TLS below TLSv1.3 must have been negotiated 6) Both endpoints must negotiate the RC4-MD5 ciphersuite in preference to any others that both endpoints have in common Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). 2022-05-03 not yet calculated CVE-2022-1434
CONFIRM
CONFIRM gogs — gogs
  Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . 2022-05-05 not yet calculated CVE-2022-1464
MISC
CONFIRM f5 — big-ip
  On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-1468
MISC openssl — openssl
  The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). 2022-05-03 not yet calculated CVE-2022-1473
CONFIRM
CONFIRM ffmpeg — ffmpeg
  An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. 2022-05-02 not yet calculated CVE-2022-1475
MISC
MISC octopus — octopus_server
  Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. 2022-05-04 not yet calculated CVE-2022-1502
MISC matio — matio A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS. 2022-05-02 not yet calculated CVE-2022-1515
MISC
MISC linux — linux_kernel A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. 2022-05-05 not yet calculated CVE-2022-1516
MISC oracle — oracle
  Formula Injection/CSV Injection due to Improper Neutralization of Formula Elements in CSV File in GitHub repository luyadev/yii-helpers prior to 1.2.1. Successful exploitation can lead to impacts such as client-sided command injection, code execution, or remote ex-filtration of contained confidential data. 2022-05-01 not yet calculated CVE-2022-1544
CONFIRM
MISC mattemost — playbooks_plugin Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. 2022-05-03 not yet calculated CVE-2022-1548
MISC clinical-genomics — scouts
  Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. 2022-05-03 not yet calculated CVE-2022-1554
MISC
CONFIRM microweber — microweber
  DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie… 2022-05-04 not yet calculated CVE-2022-1555
CONFIRM
MISC neorazorx –facturascripts
  Cross-site scripting – Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user’cookie, perform HTTP request, get content of `same origin` page, etc … 2022-05-04 not yet calculated CVE-2022-1571
CONFIRM
MISC jgraph — drawio Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. – Arbitrary (remote) code execution in the desktop app. – Stored XSS in the web app. 2022-05-05 not yet calculated CVE-2022-1575
MISC
CONFIRM microweber — microweber
  Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim 2022-05-04 not yet calculated CVE-2022-1584
MISC
CONFIRM contao — contao Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application 🙂 2022-05-05 not yet calculated CVE-2022-1588
MISC
CONFIRM bludit — bludit
  A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used. 2022-05-05 not yet calculated CVE-2022-1590
MISC
MISC clinical_genomics — scout
  Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss… 2022-05-05 not yet calculated CVE-2022-1592
CONFIRM
MISC vim — vim
  Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution 2022-05-07 not yet calculated CVE-2022-1616
MISC
CONFIRM mediatek — telephony
  In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. 2022-05-03 not yet calculated CVE-2022-20084
MISC mediatek — netdiag
  In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877. 2022-05-03 not yet calculated CVE-2022-20085
MISC mediatek — ccu
  In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970. 2022-05-03 not yet calculated CVE-2022-20087
MISC mediatek — aee_driver
  In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. 2022-05-03 not yet calculated CVE-2022-20088
MISC mediatek — aee_driver
  In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397. 2022-05-03 not yet calculated CVE-2022-20089
MISC mediatek — aee_driver
  In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197. 2022-05-03 not yet calculated CVE-2022-20090
MISC mediatek — aee_driver
  In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345. 2022-05-03 not yet calculated CVE-2022-20091
MISC mediatek — alac
  In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366061; Issue ID: ALPS06366061. 2022-05-03 not yet calculated CVE-2022-20092
MISC mediatek — telephony
  In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. 2022-05-03 not yet calculated CVE-2022-20093
MISC mediatek — imgsensor
  In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734. 2022-05-03 not yet calculated CVE-2022-20094
MISC mediatek — imgsensor
  In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763. 2022-05-03 not yet calculated CVE-2022-20095
MISC mediatek — camera
  In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003. 2022-05-03 not yet calculated CVE-2022-20096
MISC mediatek — aee_daemon
  In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944. 2022-05-03 not yet calculated CVE-2022-20097
MISC mediatek — aee_daemon
  In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017. 2022-05-03 not yet calculated CVE-2022-20098
MISC mediatek — aee_daemon
  In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296442. 2022-05-03 not yet calculated CVE-2022-20099
MISC mediatek — aee_daemon
  In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. 2022-05-03 not yet calculated CVE-2022-20100
MISC mediatek — aee_daemon
  In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870. 2022-05-03 not yet calculated CVE-2022-20101
MISC mediatek — aee_daemon
  In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. 2022-05-03 not yet calculated CVE-2022-20102
MISC mediatek — aee_daemon
  In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684. 2022-05-03 not yet calculated CVE-2022-20103
MISC mediatek — aee_daemon
  In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104. 2022-05-03 not yet calculated CVE-2022-20104
MISC mediatek — mm_service
  In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. 2022-05-03 not yet calculated CVE-2022-20105
MISC mediatek — mm_service
  In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. 2022-05-03 not yet calculated CVE-2022-20106
MISC mediatek — subtitle_service
  In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673. 2022-05-03 not yet calculated CVE-2022-20107
MISC mediatek — voice_service
  In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702. 2022-05-03 not yet calculated CVE-2022-20108
MISC mediatek — ion
  In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915. 2022-05-03 not yet calculated CVE-2022-20109
MISC mediatek — ion
  In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901. 2022-05-03 not yet calculated CVE-2022-20110
MISC mediatek — ion
  In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069. 2022-05-03 not yet calculated CVE-2022-20111
MISC cisco — firepower_management_center
  Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-03 not yet calculated CVE-2022-20627
CISCO cisco — firepower_management_center
  Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-03 not yet calculated CVE-2022-20628
CISCO cisco — firepower_management_center
  Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 2022-05-03 not yet calculated CVE-2022-20629
CISCO cisco — adaptive_security_and_firepower_threat_defense
  A vulnerability in the remote access SSL VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper validation of errors that are logged as a result of client connections that are made using remote access VPN. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to cause the affected device to restart, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20715
CISCO cisco — firepower_threat_defense
  A vulnerability in CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to inject XML into the command parser. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by including crafted input in commands. A successful exploit could allow the attacker to inject XML into the command parser, which could result in unexpected processing of the command and unexpected command output. 2022-05-03 not yet calculated CVE-2022-20729
CISCO cisco — firepower_threat_defense A vulnerability in the Security Intelligence feed feature of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the Security Intelligence DNS feed. This vulnerability is due to incorrect feed update processing. An attacker could exploit this vulnerability by sending traffic through an affected device that should be blocked by the affected device. A successful exploit could allow the attacker to bypass device controls and successfully send traffic to devices that are expected to be protected by the affected device. 2022-05-03 not yet calculated CVE-2022-20730
CISCO cisco — sd-wan_vmanager
  A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. 2022-05-04 not yet calculated CVE-2022-20734
CISCO cisco — adaptive_security_appliance
  A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information. 2022-05-03 not yet calculated CVE-2022-20737
CISCO cisco — firepower_management_center
  A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. 2022-05-03 not yet calculated CVE-2022-20740
CISCO cisco — adaptive_security_appliance A vulnerability in an IPsec VPN library of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to read or modify data within an IPsec IKEv2 VPN tunnel. This vulnerability is due to an improper implementation of Galois/Counter Mode (GCM) ciphers. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a sufficient number of encrypted messages across an affected IPsec IKEv2 VPN tunnel and then using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to decrypt, read, modify, and re-encrypt data that is transmitted across an affected IPsec IKEv2 VPN tunnel. 2022-05-03 not yet calculated CVE-2022-20742
CISCO cisco — firepower_management_center
  A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. 2022-05-03 not yet calculated CVE-2022-20743
CISCO cisco — firepower_management_center
  A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization. 2022-05-03 not yet calculated CVE-2022-20744
CISCO cisco — adaptive_security_and_firepower_threat_defense A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper input validation when parsing HTTPS requests. An attacker could exploit this vulnerability by sending a crafted HTTPS request to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20745
CISCO cisco — firepower_threat_defense_software
  A vulnerability in the TCP proxy functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper handling of TCP flows. An attacker could exploit this vulnerability by sending a crafted stream of TCP traffic through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20746
CISCO cisco — firepower_threat_defense_software A vulnerability in the local malware analysis process of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the affected device. This vulnerability is due to insufficient error handling in the local malware analysis process of an affected device. An attacker could exploit this vulnerability by sending a crafted file through the device. A successful exploit could allow the attacker to cause the local malware analysis process to crash, which could result in a DoS condition. Notes: Manual intervention may be required to recover from this situation. Malware cloud lookup and dynamic analysis will not be impacted. 2022-05-03 not yet calculated CVE-2022-20748
CISCO cisco — firepower_threat_defense_software A vulnerability in the Snort detection engine integration for Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause unlimited memory consumption, which could lead to a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient memory management for certain Snort events. An attacker could exploit this vulnerability by sending a series of crafted IP packets that would generate specific Snort events on an affected device. A sustained attack could cause an out of memory condition on the affected device. A successful exploit could allow the attacker to interrupt all traffic flowing through the affected device. In some circumstances, the attacker may be able to cause the device to reload, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20751
CISCO cisco — small_business_rv340_and_rv345_routers
  A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. 2022-05-04 not yet calculated CVE-2022-20753
CISCO cisco — firepower_threat_defense_software A vulnerability in the connection handling function in Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper traffic handling when platform limits are reached. An attacker could exploit this vulnerability by sending a high rate of UDP traffic through an affected device. A successful exploit could allow the attacker to cause all new, incoming connections to be dropped, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20757
CISCO cisco — adaptive_security_and_firepower_threat_defense
  A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only. 2022-05-03 not yet calculated CVE-2022-20759
CISCO cisco — adaptive_security_and_firepower_threat_defense
  A vulnerability in the DNS inspection handler of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service condition (DoS) on an affected device. This vulnerability is due to a lack of proper processing of incoming requests. An attacker could exploit this vulnerability by sending crafted DNS requests at a high rate to an affected device. A successful exploit could allow the attacker to cause the device to stop responding, resulting in a DoS condition. 2022-05-03 not yet calculated CVE-2022-20760
CISCO cisco — multiple_products
  Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20764
CISCO cisco — firepwer_threat_defense
  A vulnerability in the Snort rule evaluation function of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of the DNS reputation enforcement rule. An attacker could exploit this vulnerability by sending crafted UDP packets through an affected device to force a buildup of UDP connections. A successful exploit could allow the attacker to cause traffic that is going through the affected device to be dropped, resulting in a DoS condition. Note: This vulnerability only affects Cisco FTD devices that are running Snort 3. 2022-05-03 not yet calculated CVE-2022-20767
CISCO cisco — clamav
  On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 2022-05-04 not yet calculated CVE-2022-20770
CISCO cisco — clamav
  On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 2022-05-04 not yet calculated CVE-2022-20771
CISCO cisco — enterprise_nfv_infrastructure
  Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20777
CISCO cisco — enterprise_nfv_infrastructure
  Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20779
CISCO cisco — enterprise_nfv_infrastructure
  Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20780
CISCO cisco — clamav
  On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. 2022-05-04 not yet calculated CVE-2022-20785
CISCO cisco — multiple_products
  Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. 2022-05-04 not yet calculated CVE-2022-20794
CISCO cisco — clamav
  On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. 2022-05-04 not yet calculated CVE-2022-20796
CISCO cisco — small_business_rv340_and_rv345_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. 2022-05-04 not yet calculated CVE-2022-20799
CISCO cisco — small_business_rv340_and_rv345_routers
  Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. 2022-05-04 not yet calculated CVE-2022-20801
CISCO snyk — synk This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument’s toString value is not a Function object V8 will crash. 2022-05-01 not yet calculated CVE-2022-21144
MISC
MISC
MISC snyk — synk
  The package s-cart/s-cart before 6.9; the package s-cart/core before 6.9 are vulnerable to Cross-site Scripting (XSS) which can lead to cookie stealing of any victim that visits the affected URL so the attacker can gain unauthorized access to that user’s account through the stolen cookie. 2022-05-01 not yet calculated CVE-2022-21149
MISC
MISC snyk — synk
  All versions of package masuit.tools.core are vulnerable to Arbitrary Code Execution via the ReceiveVarData<T> function in the SocketClient.cs component. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. 2022-05-01 not yet calculated CVE-2022-21167
MISC
MISC snyk — synk
  The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like __proto__ or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. **Note:** This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input. 2022-05-01 not yet calculated CVE-2022-21189
MISC
MISC
MISC
MISC snyk — synk
  The package sqlite3 before 5.0.3 are vulnerable to Denial of Service (DoS) which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine. 2022-05-01 not yet calculated CVE-2022-21227
MISC
MISC
MISC snyk — synk
  This affects all versions of package org.nanohttpd:nanohttpd. Whenever an HTTP Session is parsing the body of an HTTP request, the body of the request is written to a RandomAccessFile when the it is larger than 1024 bytes. This file is created with insecure permissions that allow its contents to be viewed by all users on the host machine. **Workaround:** Manually specifying the -Djava.io.tmpdir= argument when launching Java to set the temporary directory to a directory exclusively controlled by the current user can fix this issue. 2022-05-01 not yet calculated CVE-2022-21230
MISC
MISC
MISC
MISC mediatek — ion
  In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108. 2022-05-03 not yet calculated CVE-2022-21743
MISC johnsoncontrols — metasys
  Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2. 2022-05-06 not yet calculated CVE-2022-21934
CERT
CONFIRM suse — open_build_service
  A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. 2022-05-03 not yet calculated CVE-2022-21949
CONFIRM accusoft — imagegear
  A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability. 2022-05-03 not yet calculated CVE-2022-22137
MISC synk — synk
  The package convict before 6.2.2 are vulnerable to Prototype Pollution via the convict function due to missing validation of parentKey. **Note:** This vulnerability derives from an incomplete fix of another [vulnerability](https://security.snyk.io/vuln/SNYK-JS-CONVICT-1062508) 2022-05-01 not yet calculated CVE-2022-22143
MISC
MISC
MISC ibm — spectrum_scale
  IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012. 2022-05-03 not yet calculated CVE-2022-22368
XF
CONFIRM ibm — robotic_process_automation
  A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. 2022-05-05 not yet calculated CVE-2022-22415
CONFIRM
XF ibm — robotic_process_automation
  IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156. 2022-05-05 not yet calculated CVE-2022-22433
XF
CONFIRM ibm — robotic_process_automation
  IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159. 2022-05-05 not yet calculated CVE-2022-22434
XF
CONFIRM shopizer — shopizer
  A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab 2022-05-01 not yet calculated CVE-2022-23060
MISC
MISC shopizer — shopizer In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. 2022-05-01 not yet calculated CVE-2022-23061
MISC
MISC shopizer — shopizer In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. 2022-05-03 not yet calculated CVE-2022-23063
MISC
MISC snipe — snipe-it
  In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over. 2022-05-02 not yet calculated CVE-2022-23064
MISC
MISC vendure — vendure
  In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users. 2022-05-02 not yet calculated CVE-2022-23065
MISC
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-23205
MISC accusoft — imagegear
  A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. 2022-05-03 not yet calculated CVE-2022-23400
MISC fortinet — fortisoar
  An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. 2022-05-04 not yet calculated CVE-2022-23443
CONFIRM pingidentity — pingfederate
  When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. 2022-05-02 not yet calculated CVE-2022-23722
MISC
MISC pingidentity — pingfederate_pingone_fa_integration_kit
  An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter HTML templates are used as part of an authentication flow. 2022-05-02 not yet calculated CVE-2022-23723
MISC
MISC pingidentity — pingid_integration_for_windows_login
  Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. 2022-05-04 not yet calculated CVE-2022-23724
CONFIRM
MISC joomla — guru_exension
  Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users’ information. Information disclosure Access to private information and components, possibility to view other users’ information. 2022-05-06 not yet calculated CVE-2022-23802
MISC rainworx_softwares — autionworx
  Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition. 2022-05-02 not yet calculated CVE-2022-23904
MISC
MISC snyk — snyk
  All versions of package jailed are vulnerable to Sandbox Bypass via an exported alert() method which can access the main application. Exported methods are stored in the application.remote object. 2022-05-01 not yet calculated CVE-2022-23923
MISC
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file. 2022-05-06 not yet calculated CVE-2022-24098
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-24099
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious U3D file. 2022-05-06 not yet calculated CVE-2022-24105
MISC snyk — snyk
  The package git-pull-or-clone before 2.0.2 are vulnerable to Command Injection due to the use of the –upload-pack feature of git which is also supported for git clone. The source includes the use of the secure child process API spawn(). However, the outpath parameter passed to it may be a command-line argument to the git clone command and result in arbitrary command injection. 2022-05-01 not yet calculated CVE-2022-24437
MISC
MISC
MISC fluxcd — flux2
  Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also lead to privilege escalation if the controller’s service account has elevated permissions. Workarounds include disabling functionality via Validating Admission webhooks by restricting users from setting the `spec.kubeConfig` field in Flux `Kustomization` and `HelmRelease` objects. Additional mitigations include applying restrictive AppArmor and SELinux profiles on the controller’s pod to limit what binaries can be executed. This vulnerability is fixed in kustomize-controller v0.23.0 and helm-controller v0.19.0, both included in flux2 v0.29.0 2022-05-06 not yet calculated CVE-2022-24817
CONFIRM netty — netty
  Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one’s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(…) to set the directory to something that is only readable by the current user. 2022-05-06 not yet calculated CVE-2022-24823
MISC
MISC
CONFIRM fluxcd — flux
  Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user’s CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. 2022-05-06 not yet calculated CVE-2022-24877
CONFIRM fluxcd — flux
  Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user’s CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. Users are recommended to upgrade. 2022-05-06 not yet calculated CVE-2022-24878
CONFIRM ecdsautils — ecdsautils
  ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable. 2022-05-06 not yet calculated CVE-2022-24884
MISC
CONFIRM
MISC
MLIST velocity — velocity
  APIs to evaluate content with Velocity is a package for APIs to evaluate content with Velocity. Starting with version 2.3 and prior to 12.6.7, 12.10.3, and 13.0, the velocity scripts are not properly sandboxed against using the Java File API to perform read or write operations on the filesystem. Writing an attacking script in Velocity requires the Script rights in XWiki so not all users can use it, and it also requires finding an XWiki API which returns a File. The problem has been patched in versions 12.6.7, 12.10.3, and 13.0. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. 2022-05-02 not yet calculated CVE-2022-24897
MISC
CONFIRM
MISC
MISC contao — contao
  Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings. 2022-05-06 not yet calculated CVE-2022-24899
CONFIRM
MISC
MISC apple — apple_game_center
  Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it. 2022-05-04 not yet calculated CVE-2022-24901
CONFIRM tkvideoplayer — tkvideoplayer
  TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later. 2022-05-06 not yet calculated CVE-2022-24902
CONFIRM
MISC rsyslog — rsyslog
  Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. 2022-05-06 not yet calculated CVE-2022-24903
CONFIRM
MISC menlo_security — email_isolation_on_premise Links may not be rewritten according to policy in some specially formatted emails. 2022-05-02 not yet calculated CVE-2022-24974
MISC jsgui_lang_essentials — multiple_products
  All versions of package jsgui-lang-essentials are vulnerable to Prototype Pollution due to allowing all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. 2022-05-01 not yet calculated CVE-2022-25301
MISC
MISC bignum — multiple_products
  All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks. 2022-05-06 not yet calculated CVE-2022-25324
CONFIRM
CONFIRM webjars — multiple_products
  All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as &lt;not-a-tag /&gt;) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component. 2022-05-01 not yet calculated CVE-2022-25349
MISC
MISC
MISC webjars — multiple_products
  All versions of package dset are vulnerable to Prototype Pollution via ‘dset/merge’ mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution. 2022-05-01 not yet calculated CVE-2022-25645
MISC
MISC
MISC mvnrepository.com — multiple_products The package com.google.code.gson:gson before 2.8.9 are vulnerable to Deserialization of Untrusted Data via the writeReplace() method in internal classes, which may lead to DoS attacks. 2022-05-01 not yet calculated CVE-2022-25647
MISC
MISC
MISC mvnrepository.com — multiple_products
  All versions of package com.bstek.ureport:ureport2-console are vulnerable to Remote Code Execution by connecting to a malicious database server, causing arbitrary file read and deserialization of local gadgets. 2022-05-01 not yet calculated CVE-2022-25767
MISC
MISC secomea — secomea_gatemanager
  Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. 2022-05-04 not yet calculated CVE-2022-25778
MISC secomea — secomea_gatemanager
  Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25779
MISC secomea — secomea_gatemanager
  Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. 2022-05-04 not yet calculated CVE-2022-25780
MISC secomea — secomea_gatemanager
  Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. 2022-05-04 not yet calculated CVE-2022-25781
MISC secomea — secomea_gatemanager
  Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25782
MISC secomea — secomea_gatemanager
  Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25783
MISC secomea — secomea_sitemanager
  Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25784
MISC secomea — secomea_sitemanager
  Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25785
MISC secomea — secomea_gatemanager
  Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25786
MISC secomea — secomea_gatemanager
  Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7. 2022-05-04 not yet calculated CVE-2022-25787
MISC com_alibaba_ — one_java_agent_plugin
  All versions of package com.alibaba.oneagent:one-java-agent-plugin are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) using a specially crafted archive that holds directory traversal filenames (e.g. ../../evil.exe). The attacker can overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine. 2022-05-01 not yet calculated CVE-2022-25842
MISC
MISC
MISC
MISC org.webjars — angular_package
  The package angular after 1.7.0 are vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ‘ ‘.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1) This package has been deprecated and is no longer maintained. 2) The vulnerable versions are 1.7.0 and higher. 2022-05-01 not yet calculated CVE-2022-25844
MISC
MISC
MISC
MISC
MISC hoppscotch — proxyscotch
  The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server. 2022-05-01 not yet calculated CVE-2022-25850
MISC
MISC f5 — big-ip
  On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-25946
MISC anker_eufy_homebase — anker_eufy_homebase 2 2.1.8.5h
  An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability. 2022-05-05 not yet calculated CVE-2022-25989
MISC f5 — f5os-a_software
  On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-25990
MISC pistacheio_pistache — multiple_products
  This affects the package pistacheio/pistache before 0.0.3.20220425. It is possible to traverse directories to fetch arbitrary files from the server. 2022-05-01 not yet calculated CVE-2022-26068
MISC
MISC splunk — enterprise
  When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. 2022-05-06 not yet calculated CVE-2022-26070
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26071
MISC anker_eufy_homebase — anker_eufy_homebase
  A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability. 2022-05-05 not yet calculated CVE-2022-26073
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26130
MISC netiq — netiq_access_manager Reflected Cross Site Scripting (XSS) vulnerability in NetIQ Access Manager prior to 5.0.2 2022-05-02 not yet calculated CVE-2022-26325
CONFIRM netiq — netiq_access_manager Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 2022-05-02 not yet calculated CVE-2022-26326
CONFIRM f5 — big-ip On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26340
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26370
MISC f5 — big-ip
  On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 2022-05-05 not yet calculated CVE-2022-26372
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26415
MISC f5 — big-ip
  On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26517
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26835
MISC splunk — enterprise The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2. 2022-05-06 not yet calculated CVE-2022-26889
MISC
MISC f5 — big-ip
  On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the “Use APM Username and Session ID” option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-26890
MISC f5 — big-ip
  On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27181
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27182
MISC splunk — enterprise The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. 2022-05-06 not yet calculated CVE-2022-27183
MISC
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27189
MISC f5 — big-ip
  On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27230
MISC gitea_io — gitea_io
  An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. 2022-05-03 not yet calculated CVE-2022-27313
MISC e_commerce_website — e_commerce_website
  A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. 2022-05-03 not yet calculated CVE-2022-27330
MISC poppler — poppler
  A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. 2022-05-05 not yet calculated CVE-2022-27337
MISC foxit — pdf_reader
  Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointer dereference via the component FoxitPDFReader.exe. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PHP file. 2022-05-05 not yet calculated CVE-2022-27359
MISC
MISC springblade — springblade
  SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. 2022-05-05 not yet calculated CVE-2022-27360
MISC
MISC
MISC totolink — totolink_n600r
  TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the “Main” function. 2022-05-05 not yet calculated CVE-2022-27411
MISC hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. 2022-05-03 not yet calculated CVE-2022-27413
MISC hospital_management_system — hospital_management_system Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. 2022-05-04 not yet calculated CVE-2022-27420
MISC wuzhicms — wuzhicms
  Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. 2022-05-04 not yet calculated CVE-2022-27431
MISC nopCommerce — nopCommerce In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. 2022-05-04 not yet calculated CVE-2022-27461
MISC
MISC mcms — mcms MCMS v5.2.27 was discovered to contain a SQL injection vulnerability in the orderBy parameter at /dict/list.do. 2022-05-02 not yet calculated CVE-2022-27466
MISC sdl — sdl_ttf
  SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. 2022-05-04 not yet calculated CVE-2022-27470
MISC
MISC nginx — multiple_products
  On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27495
MISC qnap — qnap We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later 2022-05-05 not yet calculated CVE-2022-27588
MISC f5 — big-ip
  On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27634
MISC f5 — big-ip
  On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27636
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27659
MISC f5 — traffix_sdc
  On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27662
MISC adobe — after_effects
  Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. 2022-05-06 not yet calculated CVE-2022-27783
MISC adobe — after_effects
  Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. 2022-05-06 not yet calculated CVE-2022-27784
MISC f5 — big-ip
  On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27806
MISC f5 — access_for_android
  On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27875
MISC f5 — big-ip
  On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27878
MISC f5 — traffix_sdc
  On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-27880
MISC eve_ng — multiple_products
  An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files. 2022-05-04 not yet calculated CVE-2022-27903
MISC
MISC joomla — jdownloads_3.9.8.2_stable
  In Joomla component ‘jDownloads 3.9.8.2 Stable’ the remote user can change some parameters in the address bar and see the names of other users’ files 2022-05-06 not yet calculated CVE-2022-27909
MISC bluecms — bluecms Bluecms 1.6 has a SQL injection vulnerability at cooike. 2022-05-03 not yet calculated CVE-2022-27962
MISC rg_nbr_e_enterprise_ gateway — rg_nbr2100g_e RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain a remote code execution (RCE) vulnerability via the fileName parameter at /guest_auth/cfg/upLoadCfg.php. 2022-05-02 not yet calculated CVE-2022-27982
MISC rg_nbr_e_enterprise_ gateway — rg_nbr2100g_e RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. 2022-05-02 not yet calculated CVE-2022-27983
MISC 3cx — phone_system_management_console An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITYSYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:WindowsSystem32. 2022-05-06 not yet calculated CVE-2022-28005
MISC
MISC
MISC vandyke — vandyke_software Improper sanitization of trigger action scripts in VanDyke Software VShell for Windows v4.6.2 allows attackers to execute arbitrary code via a crafted value. 2022-05-02 not yet calculated CVE-2022-28054
MISC fusionpbx — fusionpbx Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. 2022-05-04 not yet calculated CVE-2022-28055
MISC shopxo — shopxo ShopXO v2.2.5 and below was discovered to contain a system re-install vulnerability via the Add function in app/install/controller/Index.php. 2022-05-02 not yet calculated CVE-2022-28056
MISC libarchive — libarchivelv Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode. 2022-05-04 not yet calculated CVE-2022-28066
MISC sandboxie_plus — sandboxie_classic An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable. 2022-05-04 not yet calculated CVE-2022-28067
MISC seacms — seacms
  Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. 2022-05-04 not yet calculated CVE-2022-28076
MISC college_management_system — college_management_system College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. 2022-05-05 not yet calculated CVE-2022-28079
MISC
MISC event_mobi — royal_event_management_system
  Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter. 2022-05-05 not yet calculated CVE-2022-28080
MISC
MISC
MISC query_php — arphp_v3.6.0
  A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. 2022-05-04 not yet calculated CVE-2022-28081
MISC tenda — ax12 Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. 2022-05-04 not yet calculated CVE-2022-28082
MISC jspxcms — jspxcms Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. 2022-05-04 not yet calculated CVE-2022-28090
MISC skycaiji — skycaiji Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. 2022-05-04 not yet calculated CVE-2022-28096
MISC poultry_farm_management_system — poultry_farm_management_system Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php. 2022-05-04 not yet calculated CVE-2022-28099
MISC
MISC
MISC mybatis — pagehelper
  MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. 2022-05-04 not yet calculated CVE-2022-28111
MISC
MISC
MISC
MISC siteserver_cms — siteserver_cms
  SiteServer CMS v7.x allows attackers to execute arbitrary code via a crafted plug-in. 2022-05-03 not yet calculated CVE-2022-28118
MISC
MISC
MISC
MISC beijing_runnier_network_technology_co.,_ltd — teaching management_platform_software Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server. 2022-05-05 not yet calculated CVE-2022-28120
MISC broadcom — brocade_sannav
  In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. 2022-05-06 not yet calculated CVE-2022-28163
MISC broadcom — brocade_sannav
  Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. 2022-05-06 not yet calculated CVE-2022-28164
MISC broadcom — brocade_sannav
  A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. 2022-05-06 not yet calculated CVE-2022-28165
MISC adobe — photoshop Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file. 2022-05-06 not yet calculated CVE-2022-28270
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 2022-05-06 not yet calculated CVE-2022-28271
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28272
MISC adobe — photoshop Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28273
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28274
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28275
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28276
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 2022-05-06 not yet calculated CVE-2022-28277
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28278
MISC adobe — photoshop
  Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 2022-05-06 not yet calculated CVE-2022-28279
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, 2022-04-30 not yet calculated CVE-2022-28323
MISC
MISC
MISC nopcommerce — nopcommerce
  nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. 2022-05-02 not yet calculated CVE-2022-28451
MISC
MISC mingyuefusu — multiple_products
  mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection. 2022-05-05 not yet calculated CVE-2022-28461
MISC novelplus — novel_plus novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. 2022-05-05 not yet calculated CVE-2022-28462
MISC ffmeg — ffjpeg
  In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 2022-05-05 not yet calculated CVE-2022-28471
MISC rubygems — multiple_products
  CSV-Safe gem < 3.0.0 doesn’t filter out special characters which could trigger CSV Injection. 2022-05-01 not yet calculated CVE-2022-28481
MISC
MISC
MISC tcpreplay — tcpreplay
  Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. 2022-05-04 not yet calculated CVE-2022-28487
MISC
MISC libwav — libwav The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. 2022-05-04 not yet calculated CVE-2022-28488
MISC
MISC jflyfox — jflyfox Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. 2022-05-03 not yet calculated CVE-2022-28505
MISC dragon_path_technologies — bharti_airtel_routers Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. 2022-05-06 not yet calculated CVE-2022-28507
MISC
MISC mantisbt — browser_search_plugin.php
  An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. 2022-05-04 not yet calculated CVE-2022-28508
MISC
MISC
MISC sourcecodester — fantastic_blog_cms
  A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in “/fantasticblog/single.php” via the “id=5” parameters. 2022-05-04 not yet calculated CVE-2022-28512
MISC
MISC sourcecodester — covid-19_directory Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory. 2022-05-05 not yet calculated CVE-2022-28530
MISC sourcecodester — medical_hub_directory_site
  Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php. 2022-05-05 not yet calculated CVE-2022-28533
MISC fudforum — fudforum
  FUDforum 3.1.1 is vulnerable to Stored XSS. 2022-05-06 not yet calculated CVE-2022-28545
MISC
MISC chshcms — cscms
  Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin. 2022-05-04 not yet calculated CVE-2022-28552
MISC tenda — ac15
  Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971 2022-05-04 not yet calculated CVE-2022-28556
MISC tenda — ac15
  There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution 2022-05-04 not yet calculated CVE-2022-28557
MISC tenda — ac9
  There is a stack overflow vulnerability in the goform/fast_setting_wifi_set function in the httpd service of Tenda ac9 15.03.2.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload 2022-05-03 not yet calculated CVE-2022-28560
MISC tenda — ax12
  There is a stack overflow vulnerability in the /goform/setMacFilterCfg function in the httpd service of Tenda ax12 22.03.01.21_cn router. An attacker can obtain a stable shell through a carefully constructed payload 2022-05-03 not yet calculated CVE-2022-28561
MISC sourcecodester — doctors_appointmemt_system
  Sourcecodester Doctor’s Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. 2022-05-04 not yet calculated CVE-2022-28568
MISC
MISC
MISC d-link — 882_dir882a1_fw130b06 D-link 882 DIR882A1_FW130B06 was discovered to contain a command injection vulnerability in`/usr/bin/cli. 2022-05-02 not yet calculated CVE-2022-28571
MISC
MISC tenda — ax1806
  Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function 2022-05-02 not yet calculated CVE-2022-28572
MISC d-link — dir-823_pro
  D-Link DIR-823-Pro v1.0.2 was discovered to contain a command injection vulnerability in the function SetNTPserverSeting. This vulnerability allows attackers to execute arbitrary commands via the system_time_timezone parameter. 2022-05-02 not yet calculated CVE-2022-28573
MISC
MISC totolink — a7100ru It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload 2022-05-05 not yet calculated CVE-2022-28575
MISC totolink — a7100ru
  It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28577
MISC totolink — a7100ru
  It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28578
MISC totolink — a7100ru
  It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28579
MISC totolink — setwifiadvancedcfg It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28580
MISC totolink — setwifiadvancedcfg
  It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28581
MISC totolink — setwifisignalcfg
  It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28582
MISC totolink — setwifiwpscfg
  It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28583
MISC totolink — setwifiwpsstart
  It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. 2022-05-05 not yet calculated CVE-2022-28584
MISC empirecms — empirecms EmpireCMS 7.5 has a SQL injection vulnerability in AdClass.php 2022-05-03 not yet calculated CVE-2022-28585
MISC springbootmovie — springbootmovie
  In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. 2022-05-03 not yet calculated CVE-2022-28588
MISC pixelimity — pixelimity A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new 2022-05-03 not yet calculated CVE-2022-28589
MISC pixelimity — pixelimity A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. 2022-05-03 not yet calculated CVE-2022-28590
MISC fuelcms — fuelcms A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. 2022-05-03 not yet calculated CVE-2022-28599
MISC wenzhou_huoyin_infor,mation_technology_co — wenzhou_huoyin_infor,mation_technology_co An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. 2022-05-05 not yet calculated CVE-2022-28606
MISC
MISC
MISC cisco — hci_modbus_tcp_component
  A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to reboot the device by sending a special crafted message. This issue affects: Hitachi Energy RTU500 series CMU Firmware 12.0.*; 12.2.*; 12.4.*; 12.6.*; 12.7.*; 13.2.*. 2022-05-02 not yet calculated CVE-2022-28613
CONFIRM f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28691
MISC f5 — big-ip_afm
  On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28695
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28701
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28705
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28706
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28707
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28708
MISC f5 — big-ip_apm
  On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28714
MISC f5 — multiple_products
  On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28716
MISC samsung — smr Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. 2022-05-03 not yet calculated CVE-2022-28780
MISC samsung — smr Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. 2022-05-03 not yet calculated CVE-2022-28781
MISC samsung — contents_to_windows Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. 2022-05-03 not yet calculated CVE-2022-28782
MISC samsung — galaxy_themes
  Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. 2022-05-03 not yet calculated CVE-2022-28783
MISC samsung — galaxy_themes
  Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. 2022-05-03 not yet calculated CVE-2022-28784
MISC samsung — aviextractor_library
  Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. 2022-05-03 not yet calculated CVE-2022-28785
MISC samsung — aviextractor_library Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. 2022-05-03 not yet calculated CVE-2022-28786
MISC samsung — wmfextractor_library
  Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. 2022-05-03 not yet calculated CVE-2022-28787
MISC samsung — aviextractor_library
  Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. 2022-05-03 not yet calculated CVE-2022-28788
MISC samsung — voice_note
  Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. 2022-05-03 not yet calculated CVE-2022-28789
MISC samsung — link
  Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. 2022-05-03 not yet calculated CVE-2022-28790
MISC samsung — installagent
  Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. 2022-05-03 not yet calculated CVE-2022-28791
MISC samsung — gear_iconx_pc_manager DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. 2022-05-03 not yet calculated CVE-2022-28792
MISC samsung — strongbox
  Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time. 2022-05-03 not yet calculated CVE-2022-28793
MISC fujitsu — insyde_firmware
  An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer’s nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler’s code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM. 2022-05-04 not yet calculated CVE-2022-28806
MISC
MISC
MISC
MISC f5 — big-ip
  On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-28859
MISC apache — jena
  A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. 2022-05-05 not yet calculated CVE-2022-28890
MISC

h3c — magicr100

  In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack. 2022-05-04 not yet calculated CVE-2022-28940
MISC tenda — ax1806
  Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28969
MISC tenda — ax1806
  Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28970
MISC tenda — ax1806
  Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28971
MISC tenda — ax1806
  Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28972
MISC tenda — ax1806
  Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS). 2022-05-06 not yet calculated CVE-2022-28973
MISC springbootmovie — springbootmovie
  In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability 2022-05-03 not yet calculated CVE-2022-29001
MISC openldap — openldap
  In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. 2022-05-04 not yet calculated CVE-2022-29155
MISC xwiki — xwiki_platform
  XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module. 2022-05-06 not yet calculated CVE-2022-29161
MISC
CONFIRM
MISC argoproj — argo_workflows
  Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions. 2022-05-06 not yet calculated CVE-2022-29164
MISC
MISC
CONFIRM matrix — matrix-appservice-irc
  matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms. There are no known workarounds for this issue. 2022-05-05 not yet calculated CVE-2022-29166
MISC
CONFIRM mozilla — hawk
  Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack – meaning each added character in the attacker’s input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. 2022-05-05 not yet calculated CVE-2022-29167
MISC
CONFIRM sourcegraph — sourcegraph
  Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command arbitrarily and run it remotely. This grants direct access to the infrastructure underlying the Sourcegraph installation. The attack requires: site-admin privileges on the instance of Sourcegraph, Administrative privileges on the bundled Grafana monitoring instance, Knowledge of the gitserver IP address or DNS name (if running in Kubernetes). This can be found through Grafana. The issue is patched in version 3.38.0. You may disable Gitolite code hosts. We still highly encourage upgrading regardless of workarounds. 2022-05-06 not yet calculated CVE-2022-29171
CONFIRM auth0 — auth0-lock
  Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fieldsâ€? feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient’s name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fieldsâ€? feature in your application. Upgrade to version `11.33.0`. 2022-05-05 not yet calculated CVE-2022-29172
MISC
CONFIRM the_update_framework — go-tuf
  go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading. 2022-05-05 not yet calculated CVE-2022-29173
MISC
CONFIRM vyperlang — vyper
  Vyper is a pythonic smart contract language for the ethereum virtual machine. Since version 0.3.2, decimals use the full range of the underlying int168 type. multiplication of 168 bit integers can wrap in 256-bit arithmetic, but safemul does not check for that. This has been patched in v0.3.4. There are no known workarounds for this issue. 2022-05-05 not yet calculated CVE-2022-29175
CONFIRM
MISC rubygems — rubygems
  Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes in its name creation within 30 days OR no updates for over 100 days At present, we believe this vulnerability has not been exploited. RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without authorization. An audit of gem changes for the last 18 months did not find any examples of this vulnerability being used in a malicious way. A deeper audit for any possible use of this exploit is ongoing, and we will update this advisory once it is complete. Using Bundler in –frozen or –deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit. To audit your application history for possible past exploits, review your Gemfile.lock and look for gems whose platform changed when the version number did not change. For example, gemname-3.1.2 updating to gemname-3.1.2-java could indicate a possible abuse of this vulnerability. RubyGems.org has been patched and is no longer vulnerable to this issue as of the 5th of May 2022. 2022-05-05 not yet calculated CVE-2022-29176
MISC
CONFIRM charmbracelet — charm
  A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven’t been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem. 2022-05-07 not yet calculated CVE-2022-29180
MISC
CONFIRM f5 — big-ip
  On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29263
MISC apache — nifi
  Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. 2022-04-30 not yet calculated CVE-2022-29265
CONFIRM
MISC gpac — gpac
  In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. 2022-05-05 not yet calculated CVE-2022-29339
MISC
MISC gpac — gpac GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. 2022-05-05 not yet calculated CVE-2022-29340
MISC
MISC zeitprax — [email protected]
  An arbitrary file upload vulnerability in [email protected] 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. 2022-05-04 not yet calculated CVE-2022-29347
MISC
MISC
MISC wordpress — countdown-and-clock_plugin
  Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. 2022-05-06 not yet calculated CVE-2022-29420
CONFIRM
CONFIRM wordpress — countdown-and-clock_plugin
  Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. 2022-05-06 not yet calculated CVE-2022-29421
CONFIRM
CONFIRM wordpress — countdown-and-clock_plugin
  Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat’s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. 2022-05-06 not yet calculated CVE-2022-29422
CONFIRM
CONFIRM wordpress — countdown-and-clock_plugin
  Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. 2022-05-06 not yet calculated CVE-2022-29423
CONFIRM
CONFIRM wordpress — cloudway_breeze_plugin
  Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin’s settings including CDN setting which could be further used for XSS attack. 2022-05-02 not yet calculated CVE-2022-29444
CONFIRM
CONFIRM f5 — big-ip
  On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29473
MISC f5 — big-ip
  On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29474
MISC f5 — big-ip
  On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29479
MISC f5 — big-ip
  On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29480
MISC f5 — multiple_products
  On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 2022-05-05 not yet calculated CVE-2022-29491
MISC schedmd — slurm
  SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. 2022-05-05 not yet calculated CVE-2022-29500
MISC
MISC
MISC schedmd — slurm
  SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. 2022-05-05 not yet calculated CVE-2022-29501
MISC
MISC
MISC schedmd — slurm
  SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. 2022-05-05 not yet calculated CVE-2022-29502
MISC
MISC
MISC zoho — manageengine_opmanager
  Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. 2022-05-05 not yet calculated CVE-2022-29535
MISC
MISC tenda — tx9_pro
  Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). 2022-05-05 not yet calculated CVE-2022-29592
MISC gnome — gnome
  In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don’t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2’s buffer functions, for example libxslt through 1.1.35, is affected as well. 2022-05-03 not yet calculated CVE-2022-29824
MISC
MISC
MISC
MISC
FEDORA progress — openedge
  In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system. 2022-05-02 not yet calculated CVE-2022-29849
MISC
MISC
MISC
MISC librehealth — ehr
  In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interfacebillingnew_payment.php via interfacebillingpayment_master.inc.php leads to SQL injection. 2022-05-05 not yet calculated CVE-2022-29938
MISC
MISC
MISC librehealth — ehr
  In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interfacebillingsl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. 2022-05-05 not yet calculated CVE-2022-29939
MISC
MISC
MISC librehealth — ehr
  In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interfaceordersfind_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. 2022-05-05 not yet calculated CVE-2022-29940
MISC
MISC
MISC talend — administration_center
  Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry ‘Add’ functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. 2022-05-04 not yet calculated CVE-2022-29942
MISC
MISC talend — administration_center
  Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. 2022-05-04 not yet calculated CVE-2022-29943
MISC
MISC experian — hunter
  Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. 2022-05-04 not yet calculated CVE-2022-29950
MISC
MISC linux — linux_kernel An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. 2022-05-02 not yet calculated CVE-2022-29968
MISC mediawiki — mediawiki
  The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true). 2022-05-02 not yet calculated CVE-2022-29969
MISC
MISC sinatra — sinatra
  Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. 2022-05-02 not yet calculated CVE-2022-29970
MISC exfat — exfat
  relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength. 2022-05-02 not yet calculated CVE-2022-29973
MISC jquery — jquery.json-viewer_library
  The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. 2022-05-04 not yet calculated CVE-2022-30241
MISC
MISC python — python-libnmap
  In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). 2022-05-04 not yet calculated CVE-2022-30284
MISC
MISC
MISC agoo — agoo
  ** DISPUTED ** Agoo through 2.14.2 does not reject GraphQL fragment spreads that form cycles, leading to an application crash. NOTE: this has been disputed on the grounds that it is not the server’s responsibility to “enforce all the various ways a developer could write code with logic errors.” 2022-05-04 not yet calculated CVE-2022-30288
MISC
MISC
MISC squirrel — squirrel
  thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call. 2022-05-04 not yet calculated CVE-2022-30292
MISC webkit — webkitgtk
  In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. 2022-05-06 not yet calculated CVE-2022-30293
MISC
MISC webkit — webkitgtk
  In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. 2022-05-06 not yet calculated CVE-2022-30294
MISC
MISC uclibc-ng — uclibc-ng
  uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2. 2022-05-06 not yet calculated CVE-2022-30295
MISC shapeshift — keepkey_firmware
  In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspecified other capabilities. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware. 2022-05-07 not yet calculated CVE-2022-30330
MISC
MISC brave — brave_browser
  Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises “Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser.” 2022-05-07 not yet calculated CVE-2022-30334
MISC
MISC
MISC
MISC