Vulnerability Summary for the Week of May 23, 2022

Released
May 30, 2022
Document ID
SB22-150

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
badminton_center_management_system_project -- badminton_center_management_systemBadminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.2022-05-247.5CVE-2022-30455
MISC
battleye -- battleyeBattlEye v0.9 contains an unquoted service path which allows attackers to escalate privileges to the system level.2022-05-207.2CVE-2022-27095
MISC
chatbot_application_with_a_suggestion_feature_project -- chatbot_application_with_a_suggestion_featureChatBot Application with a Suggestion Feature 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /simple_chat_bot/admin/responses/view_response.php.2022-05-207.5CVE-2022-30518
MISC
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.2022-05-267.5CVE-2022-29660
MISC
covid-19_directory_on_vaccination_system_project -- covid-19_directory_on_vaccination_systemSourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername (aka Username) field.2022-05-207.5CVE-2022-28531
MISC
MISC
covid_19_travel_pass_management_system_project -- covid_19_travel_pass_management_systemCovid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status2022-05-247.5CVE-2022-30838
MISC
merchandise_online_store_project -- merchandise_online_storeMerchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.2022-05-247.5CVE-2022-30454
MISC
minitool -- partition_wizardMiniTool Partition Wizard v12.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.2022-05-207.2CVE-2022-29320
MISC
multi-vendor_online_groceries_management_system_project -- multi-vendor_online_groceries_management_systemMulti-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.2022-05-207.5CVE-2022-26632
MISC
nirweb -- nirweb_supportThe Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection2022-05-237.5CVE-2022-0781
MISC
online_sports_complex_booking_system_project -- online_sports_complex_booking_systemOnline Sports Complex Booking System v1.0 was discovered to allow attackers to take over user accounts via a crafted POST request.2022-05-207.5CVE-2022-28106
MISC
online_sports_complex_booking_system_project -- online_sports_complex_booking_systemOnline Sports Complex Booking System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /scbs/view_facility.php.2022-05-207.5CVE-2022-28105
MISC
pharmacy_management_system_project -- pharmacy_management_systemPharmacy Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted image file.2022-05-207.5CVE-2022-30887
MISC
privateinternetaccess -- private_internet_accessPrivate Internet Access v3.3 contains an unquoted service path which allows attackers to escalate privileges to the system level.2022-05-207.2CVE-2022-27092
MISC
rengine_project -- rengineRengine v1.0.2 was discovered to contain a remote code execution (RCE) vulnerability via the yaml configuration function.2022-05-207.5CVE-2022-28995
MISC
rengine_project -- rengineOS Command Injection in GitHub repository yogeshojha/rengine prior to 1.2.0.2022-05-227.5CVE-2022-1813
MISC
CONFIRM
school_dormitory_management_system_project -- school_dormitory_management_systemSchool Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /dms/admin/reports/daily_collection_report.php.2022-05-207.5CVE-2022-30886
MISC
siemens -- 7kg8500-0aa00-0aa0_firmwareA vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of certain GET and POST requests. This could allow an unauthenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.2022-05-207.5CVE-2022-29873
CONFIRM
simple_student_quarterly_result\/grade_system_project -- simple_student_quarterly_result\/grade_systemSimple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.2022-05-207.5CVE-2022-26633
MISC
sony -- playmemories_homeSony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.2022-05-207.2CVE-2022-27094
MISC
vmware -- identity_managerVMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.2022-05-207.5CVE-2022-22972
MISC
vmware -- identity_managerVMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root'.2022-05-207.2CVE-2022-22973
MISC
water_billing_system_project -- water_billing_systemWater-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id2022-05-247.5CVE-2022-30461
MISC
wp_contacts_manager_project -- wp_contacts_managerThe WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.2022-05-237.5CVE-2022-1014
MISC

Back to top

&#xA0;

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
automotive_shop_management_system_project -- automotive_shop_management_systemAutomotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.2022-05-246.5CVE-2022-30463
MISC
avast -- premium_securityMultiple DLL hijacking vulnerabilities via the components instup.exe and wsc_proxy.exe in Avast Premium Security before v21.11.2500 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via a crafted DLL file.2022-05-204.4CVE-2022-28965
MISC
MISC
chatbot_app_with_suggestion_in_php\/oop_project -- chatbot_app_with_suggestion_in_php\/oopChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id.2022-05-246.5CVE-2022-30459
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.2022-05-266.5CVE-2022-29676
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del.2022-05-266.5CVE-2022-29683
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan.2022-05-266.5CVE-2022-29669
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.2022-05-266.5CVE-2022-29687
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan.2022-05-266.5CVE-2022-29686
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort.2022-05-266.5CVE-2022-29685
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del.2022-05-266.5CVE-2022-29682
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del.2022-05-266.5CVE-2022-29681
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.2022-05-266.5CVE-2022-29680
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.2022-05-266.5CVE-2022-29684
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.2022-05-266.5CVE-2022-29665
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.2022-05-266.5CVE-2022-29666
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy. This vulnerability is exploited via restoring deleted photos.2022-05-266.5CVE-2022-29667
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del.2022-05-266.5CVE-2022-29689
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save.2022-05-266.5CVE-2022-29664
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.2022-05-266.5CVE-2022-29663
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.2022-05-266.5CVE-2022-29662
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.2022-05-266.5CVE-2022-29661
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.2022-05-266.5CVE-2022-29688
MISC
chshcms -- cscms_music_portal_systemCSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.2022-05-266.5CVE-2022-29670
MISC
disable_right_click_for_wp_wordpress -- disable_right_click_for_wpCross-Site Request Forgery (CSRF) vulnerability in Aftab Muni's Disable Right Click For WP plugin <= 1.1.6 at WordPress.2022-05-206.8CVE-2022-29427
CONFIRM
CONFIRM
donate_extra_project -- donate_extraThe Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting2022-05-234.3CVE-2022-1268
MISC
duogeek -- domain_replaceThe Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting2022-05-234.3CVE-2022-1218
MISC
e-diary_management_system_project -- e-diary_management_systemDiary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.2022-05-234.3CVE-2022-29004
MISC
MISC
MISC
gnu -- libredwgA heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.2022-05-236.8CVE-2021-42586
MISC
gnu -- libredwgA heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.2022-05-236.8CVE-2021-42585
MISC
gwyn\'s_imagemap_selector_project -- gwyn\'s_imagemap_selectorThe Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.2022-05-234.3CVE-2022-1221
MISC
imgurl_project -- imgurlimgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.2022-05-246.8CVE-2022-29305
MISC
inoutscripts -- blockchain_altexchangerInout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.2022-05-235CVE-2022-31487
MISC
MISC
inoutscripts -- blockchain_altexchangerInout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.2022-05-235CVE-2022-31489
MISC
inoutscripts -- blockchain_altexchangerInout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.2022-05-235CVE-2022-31488
MISC
jgraph -- drawioServer-Side Request Forgery (SSRF) in GitHub repository jgraph/drawio prior to 18.0.8.2022-05-205CVE-2022-1784
MISC
CONFIRM
kubiq -- cpt_baseCross-Site Request Forgery (CSRF) vulnerability in KubiQ CPT base plugin <= 5.8 at WordPress allows an attacker to delete the CPT base.2022-05-205.8CVE-2022-29431
CONFIRM
CONFIRM
online_banquet_booking_system_project -- online_banquet_booking_systemA Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.2022-05-206.8CVE-2022-28992
MISC
online_birth_certificate_system_project -- online_birth_certificate_systemMultiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.2022-05-234.3CVE-2022-29005
MISC
MISC
MISC
openrazer_project -- openrazerA buffer overflow in the razerkbd driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.2022-05-205CVE-2022-29021
MISC
openrazer_project -- openrazerA buffer overflow in the razeraccessory driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.2022-05-205CVE-2022-29022
MISC
openrazer_project -- openrazerA buffer overflow in the razermouse driver of OpenRazer v3.3.0 and below allows attackers to cause a Denial of Service (DoS) via a crafted buffer sent to the matrix_custom_frame device.2022-05-205CVE-2022-29023
MISC
oracle -- e-business_suiteVulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).2022-05-205CVE-2022-21500
MISC
png_to_jpg_project -- png_to_jpgCross-Site Scripting (XSS) vulnerability in KubiQ's PNG to JPG plugin <= 4.0 at WordPress via Cross-Site Request Forgery (CSRF). Vulnerable parameter &jpg_quality.2022-05-204.3CVE-2022-29430
CONFIRM
CONFIRM
publify_project -- publifyImproper Access Control in GitHub repository publify/publify prior to 9.2.9.2022-05-234CVE-2022-1810
MISC
CONFIRM
rescue_dispatch_management_system_project -- rescue_dispatch_management_systemRescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.2022-05-236.5CVE-2022-30016
MISC
MISC
room_rent_portal_site_project -- room_rent_portal_siteRoom-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id.2022-05-246.5CVE-2022-30843
MISC
room_rent_portal_site_project -- room_rent_portal_siteRoom-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name.2022-05-244.3CVE-2022-30839
MISC
rtx_project -- rtxCross-site Scripting (XSS) - Reflected in GitHub repository rtxteam/rtx prior to checkpoint_2022-05-18.2022-05-204.3CVE-2022-1806
CONFIRM
MISC
siemens -- 7kg8500-0aa00-0aa0_firmwareA vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not encrypt web traffic with clients but communicate in cleartext via HTTP. This could allow an unauthenticated attacker to capture the traffic and interfere with the functionality of the device.2022-05-205CVE-2022-29874
CONFIRM
siemens -- 7kg8500-0aa00-0aa0_firmwareA vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly handle the input of a GET request parameter. The provided argument is directly reflected in the web server response. This could allow an unauthenticated attacker to perform reflected XSS attacks.2022-05-204.3CVE-2022-29876
CONFIRM
siemens -- 7kg8500-0aa00-0aa0_firmwareA vulnerability has been identified in SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P850 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00), SICAM P855 (All versions < V3.00). Affected devices do not properly validate parameters of POST requests. This could allow an authenticated attacker to set the device to a denial of service state or to control the program counter and, thus, execute arbitrary code on the device.2022-05-206.5CVE-2022-29872
CONFIRM
siemens -- teamcenterA vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.2022-05-205CVE-2022-29801
CONFIRM
siemens -- teamcenter_visualizationA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library contains a double free vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.2022-05-206.8CVE-2022-29032
CONFIRM
siemens -- teamcenter_visualizationA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2022-05-204.3CVE-2022-29031
CONFIRM
siemens -- teamcenter_visualizationA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll library is vulnerable to uninitialized pointer free while parsing specially crafted CGM files. An attacker could leverage this vulnerability to execute code in the context of the current process.2022-05-206.8CVE-2022-29033
CONFIRM
siemens -- teamcenter_visualizationA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Tiff_Loader.dll is vulnerable to infinite loop condition while parsing specially crafted TIFF files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2022-05-204.3CVE-2022-29028
CONFIRM
siemens -- teamcenter_visualizationA vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.13), Teamcenter V13.0 (All versions < V13.0.0.9), Teamcenter V13.1 (All versions), Teamcenter V13.2 (All versions < V13.2.0.8), Teamcenter V13.3 (All versions < V13.3.0.3), Teamcenter V14.0 (All versions). The tcserver.exe binary in affected applications is vulnerable to a stack overflow condition during the parsing of user input that may lead the binary to crash.2022-05-205CVE-2022-24290
CONFIRM
siemens -- teamcenter_visualizationA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The CGM_NIST_Loader.dll contains a null pointer dereference vulnerability while parsing specially crafted CGM files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2022-05-204.3CVE-2022-29029
CONFIRM
siemens -- teamcenter_visualizationA vulnerability has been identified in JT2Go (All versions < V13.3.0.3), Teamcenter Visualization V13.3 (All versions < V13.3.0.3), Teamcenter Visualization V14.0 (All versions < V14.0.0.1). The Mono_Loader.dll library is vulnerable to integer overflow condition while parsing specially crafted TG4 files. An attacker could leverage this vulnerability to crash the application causing denial of service condition.2022-05-204.3CVE-2022-29030
CONFIRM
simple_food_website_project -- simple_food_websiteLumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.2022-05-236.8CVE-2022-30014
MISC
MISC
MISC
trudesk_project -- trudeskInteger Overflow or Wraparound in GitHub repository polonel/trudesk prior to 1.2.2.2022-05-204CVE-2022-1754
MISC
CONFIRM
trudesk_project -- trudeskUnrestricted Upload of File with Dangerous Type in GitHub repository polonel/trudesk prior to 1.2.2.2022-05-216CVE-2022-1752
CONFIRM
MISC
trudesk_project -- trudeskImproper Privilege Management in GitHub repository polonel/trudesk prior to 1.2.2.2022-05-206.5CVE-2022-1770
CONFIRM
MISC
turn_off_all_comments_project -- turn_off_all_commentsThe Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting2022-05-234.3CVE-2022-1192
MISC
wasm3_project -- wasm3WASM3 v0.5.0 was discovered to contain a heap overflow via the component /wabt/bin/poc.wasm.2022-05-204.6CVE-2022-28990
MISC
MISC
wow-estore -- herd_effectsAuthenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company's Herd Effects plugin <= 5.2 at WordPress.2022-05-204CVE-2022-29448
CONFIRM
CONFIRM
wpchill -- check_\&_log_emailThe Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting2022-05-234.3CVE-2022-1547
MISC
wpwham -- checkout_files_upload_for_woocommerceCross-Site Scripting (XSS) vulnerability in WP Wham's Checkout Files Upload for WooCommerce plugin <= 2.1.2 at WordPress.2022-05-204.3CVE-2022-29425
CONFIRM
CONFIRM
xmlsitemapgenerator -- xml_sitemap_generatorThe XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.2022-05-234.3CVE-2022-0346
MISC

Back to top

&#xA0;

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
10web -- sliderby10webThe Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2022-05-233.5CVE-2022-1320
MISC
automotive_shop_management_system_project -- automotive_shop_management_systemAutomotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.2022-05-243.5CVE-2022-30458
MISC
badminton_center_management_system_project -- badminton_center_management_systemBadminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental.2022-05-243.5CVE-2022-30456
MISC
chatbot_app_with_suggestion_in_php\/oop_project -- chatbot_app_with_suggestion_in_php\/oopChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response.2022-05-243.5CVE-2022-30464
MISC
collectiveaccess -- providenceCross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.2022-05-233.5CVE-2022-1825
CONFIRM
MISC
covid_19_travel_pass_management_system_project -- covid_19_travel_pass_management_systemCovid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.2022-05-243.5CVE-2022-30842
MISC
curtain_project -- curtainThe Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed2022-05-233.5CVE-2022-1558
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.TensorSummaryV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.2022-05-202.1CVE-2022-29193
MISC
MISC
MISC
MISC
MISC
MISC
CONFIRM
google -- tensorflowTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.Conv3DBackpropFilterV2` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code does not validate that the `filter_sizes` argument is a vector. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.2022-05-202.1CVE-2022-29196
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.StagePeek` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `index` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.2022-05-202.1CVE-2022-29195
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.SparseTensorToCSRSparseMatrix` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `dense_shape` is a vector and `indices` is a matrix (as part of requirements for sparse tensors) but there is no validation for this. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.2022-05-202.1CVE-2022-29198
MISC
CONFIRM
MISC
MISC
MISC
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.UnsortedSegmentJoin` does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `num_segments` is a scalar but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.2022-05-202.1CVE-2022-29197
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
google -- tensorflowTensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of `tf.raw_ops.LoadAndRemapMatrix does not fully validate the input arguments. This results in a `CHECK`-failure which can be used to trigger a denial of service attack. The code assumes `initializing_values` is a vector but there is no validation for this before accessing its value. Versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4 contain a patch for this issue.2022-05-202.1CVE-2022-29199
CONFIRM
MISC
MISC
MISC
MISC
MISC
MISC
joomunited -- wp_meta_seoThe WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.2022-05-233.5CVE-2022-1093
MISC
mariadb -- mariadbMariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.2022-05-252.1CVE-2022-31622
MISC
MISC
mariadb -- mariadbMariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.2022-05-252.1CVE-2022-31624
MISC
MISC
mariadb -- mariadbMariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.2022-05-252.1CVE-2022-31623
MISC
MISC
mariadb -- mariadbMariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.2022-05-252.1CVE-2022-31621
MISC
MISC
mc4wp -- mc4wpAuthenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in ibericode's MC4WP plugin <= 4.8.6 at WordPress.2022-05-203.5CVE-2021-36833
CONFIRM
CONFIRM
muneeb -- wp_sliderCross-Site Scripting (XSS) vulnerability in Muneeb's WP Slider Plugin <= 1.4.5 at WordPress.2022-05-203.5CVE-2022-29428
CONFIRM
CONFIRM
orangehrm -- orangehrmA stored cross-site scripting (XSS) vulnerability in the addNewPost component of OrangeHRM v4.10.1 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request.2022-05-203.5CVE-2022-28985
MISC
oxilab -- image_hover_effects_ultimateAuthenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari's Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress.2022-05-203.5CVE-2022-29424
CONFIRM
CONFIRM
rescue_dispatch_management_system_project -- rescue_dispatch_management_systemRescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.2022-05-233.5CVE-2022-30017
MISC
MISC
simple_food_website_project -- simple_food_websiteIn Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.2022-05-233.5CVE-2022-30015
MISC
MISC
simple_social_networking_site_project -- simple_social_networking_siteSimple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname.2022-05-243.5CVE-2022-30460
MISC
tms-outsource -- wpdatatablesMultiple Authenticated (administrator or higher user role) Persistent Cross-Site Scripting (XSS) vulnerabilities in TMS-Plugins wpDataTables plugin <= 2.1.27 on WordPress via &data-link-text, &data-link-url, &data, &data-shortcode, &data-star-num vulnerable parameters.2022-05-203.5CVE-2022-29432
CONFIRM
CONFIRM
toll_tax_management_system_project -- toll_tax_management_systemToll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name.2022-05-243.5CVE-2022-30837
MISC
water_billing_system_project -- water_billing_systemWater-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.2022-05-243.5CVE-2022-30462
MISC
wpshopmart -- tabs_responsiveThe Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2022-05-233.5CVE-2022-1298
MISC

Back to top

&#xA0;

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- macos_monterey_and_masos_big_surAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.2022-05-26not yet calculatedCVE-2022-26718
MISC
MISC
cisco -- common_services_platform_collector_softwareMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20670
CISCO
phpgurukul -- zoo_managment_systemA vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely.2022-05-26not yet calculatedCVE-2021-4232
N/A
zyxel -- cgi_programA downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.2022-05-24not yet calculatedCVE-2022-0910
CONFIRM
74cmsse_v3.5.1--74cmsse_v3.5.174cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.2022-05-26not yet calculatedCVE-2022-29721
MISC
74cmsse_v3.5.1--74cmsse_v3.5.174cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.2022-05-26not yet calculatedCVE-2022-29720
MISC
academy-lm --academy-lmsAcademy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.2022-05-25not yet calculatedCVE-2022-29380
MISC
action_pack -- action_packAn XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.2022-05-26not yet calculatedCVE-2022-22577
MISC
action_view_tag_helpers -- action_view_tag_helpersA XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.2022-05-26not yet calculatedCVE-2022-27777
MISC
aerialwei-- zkeacmsA cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.2022-05-25not yet calculatedCVE-2022-29362
MISC
agg_software -- web_serverThe AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.2022-05-24not yet calculatedCVE-2021-32964
MISC
agg_software -- web_serverThe AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code.2022-05-24not yet calculatedCVE-2021-32962
MISC
airfield -- onlineA vulnerability has been found in Airfield Online and classified as problematic. This vulnerability affects the path /backups/ of the MySQL backup handler. An attacker is able to get access to sensitive data without proper authentication. It is recommended to the change the configuration settings.2022-05-24not yet calculatedCVE-2021-4230
N/A
angular -- angularA vulnerability was found in Angular up to 11.0.4/11.1.0-next.2. It has been classified as problematic. Affected is the handling of comments. The manipulation leads to cross site scripting. It is possible to launch the attack remotely but it might require an authentication first. Upgrading to version 11.0.5 and 11.1.0-next.3 is able to address this issue. The name of the patch is ba8da742e3b243e8f43d4c63aa842b44e14f2b09. It is recommended to upgrade the affected component.2022-05-26not yet calculatedCVE-2021-4231
MISC
MISC
MISC
MISC
apache -- archivaIn Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.82022-05-25not yet calculatedCVE-2022-29405
MISC
apache --maven-shared-utilsIn Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.2022-05-23not yet calculatedCVE-2022-29599
MISC
MISC
MLIST
apple -- ios_15.5_and_ipados15.5An authorization issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. A person with physical access to an iOS device may be able to access photos from the lock screen.2022-05-26not yet calculatedCVE-2022-26703
MISC
apple -- ios_and_ipadosA memory corruption issue was addressed with improved state management. This issue is fixed in iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26744
MISC
apple -- itunesA logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges.2022-05-26not yet calculatedCVE-2022-26774
MISC
apple -- itunesA logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission.2022-05-26not yet calculatedCVE-2022-26773
MISC
apple -- macos_big_surA memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.6. A malicious application may disclose restricted memory.2022-05-26not yet calculatedCVE-2022-26745
MISC
apple -- macos_montereyA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26750
MISC
apple -- macos_montereyA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26742
MISC
apple -- macos_montereyA logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector.2022-05-26not yet calculatedCVE-2022-26725
MISC
apple -- macos_montereyA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26749
MISC
apple -- macos_montereyThis issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data.2022-05-26not yet calculatedCVE-2022-26693
MISC
apple -- macos_montereyA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26754
MISC
apple -- macos_montereyA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26772
MISC
apple -- macos_montereyA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26752
MISC
apple -- macos_montereyThis issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data.2022-05-26not yet calculatedCVE-2022-26694
MISC
apple -- macos_montereyA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26753
MISC
apple -- macos_montereyDescription: A race condition was addressed with additional validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to modify protected parts of the file system.2022-05-26not yet calculatedCVE-2022-26690
MISC
apple -- macos_montereyAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges.2022-05-26not yet calculatedCVE-2022-26743
MISC
apple -- macos_montereyThis issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.2022-05-26not yet calculatedCVE-2022-26708
MISC
apple -- macos_montereyA validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges.2022-05-26not yet calculatedCVE-2022-26704
MISC
apple -- macos_monterey_and_masos_big_surA memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.2022-05-26not yet calculatedCVE-2022-26723
MISC
MISC
apple -- macos_monterey_and_masos_big_surThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to modify protected parts of the file system.2022-05-26not yet calculatedCVE-2022-26712
MISC
MISC
apple -- multiple_productsAn integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. An attacker may be able to cause unexpected application termination or arbitrary code execution.2022-05-26not yet calculatedCVE-2022-26775
MISC
MISC
apple -- multiple_productsA cookie management issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Big Sur 11.6.5. Processing maliciously crafted web content may disclose sensitive user information.2022-05-26not yet calculatedCVE-2022-22662
MISC
MISC
apple -- multiple_productsA race condition was addressed with improved locking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26701
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-22672
MISC
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. A malicious application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26771
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26737
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen.2022-05-26not yet calculatedCVE-2022-26726
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26756
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26770
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Monterey 12.3.1, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. A local user may be able to read kernel memory.2022-05-26not yet calculatedCVE-2022-22674
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, watchOS 8.6, tvOS 15.5, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26768
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26740
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26720
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26736
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26738
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved environment sanitization. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to break out of its sandbox.2022-05-26not yet calculatedCVE-2022-26755
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4. A malicious application may be able to modify protected parts of the file system.2022-05-26not yet calculatedCVE-2022-26727
MISC
MISC
apple -- multiple_productsA certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious app may be able to bypass signature validation.2022-05-26not yet calculatedCVE-2022-26766
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26741
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution.2022-05-26not yet calculatedCVE-2022-26748
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious website may be able to track users in Safari private browsing mode.2022-05-26not yet calculatedCVE-2022-26731
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved entitlements. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to access restricted files.2022-05-26not yet calculatedCVE-2022-26728
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges.2022-05-26not yet calculatedCVE-2022-26715
MISC
MISC
MISC
apple -- multiple_productsA race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.2022-05-26not yet calculatedCVE-2022-26765
MISC
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.2022-05-26not yet calculatedCVE-2022-26764
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.2022-05-26not yet calculatedCVE-2022-26698
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26757
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in iOS 15.4 and iPadOS 15.4, Security Update 2022-004 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.6. A malicious application may bypass Gatekeeper checks.2022-05-26not yet calculatedCVE-2022-22663
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed by removing the vulnerable code. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.2022-05-26not yet calculatedCVE-2022-26746
MISC
MISC
MISC
apple -- multiple_productsThe issue was addressed with additional permissions checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to bypass Privacy preferences.2022-05-26not yet calculatedCVE-2022-26767
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2022-004 Catalina, macOS Big Sur 11.6.6. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26761
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service.2022-05-26not yet calculatedCVE-2022-22673
MISC
apple -- multiple_productsA memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.2022-05-26not yet calculatedCVE-2022-26721
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A malicious application may be able to execute arbitrary code with system privileges.2022-05-26not yet calculatedCVE-2022-26763
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks.2022-05-26not yet calculatedCVE-2022-22616
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26739
MISC
MISC
MISC
apple -- multiple_productsAn integer overflow issue was addressed with improved input validation. This issue is fixed in tvOS 15.5, iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Monterey 12.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.2022-05-26not yet calculatedCVE-2022-26711
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA use after free issue was addressed with improved memory management. This issue is fixed in watchOS 8.6, tvOS 15.5, iOS 15.5 and iPadOS 15.5. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26702
MISC
MISC
MISC
apple -- multiple_productsA memory initialization issue was addressed. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to gain root privileges.2022-05-26not yet calculatedCVE-2022-26722
MISC
MISC
MISC
apple -- multiple_productsA logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.2022-05-26not yet calculatedCVE-2022-26691
MISC
MISC
MISC
apple -- multiple_productsAn access issue was addressed with additional sandbox restrictions on third-party applications. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. A sandboxed process may be able to circumvent sandbox restrictions.2022-05-26not yet calculatedCVE-2022-26706
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution.2022-05-26not yet calculatedCVE-2022-26751
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsThis issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An attacker may be able to cause unexpected application termination or arbitrary code execution.2022-05-26not yet calculatedCVE-2022-26776
MISC
MISC
apple -- multiple_productsAn issue in the handling of symlinks was addressed with improved validation. This issue is fixed in Security Update 2022-003 Catalina, macOS Monterey 12.3, macOS Big Sur 11.6.5. A malicious app with root privileges may be able to modify the contents of system files.2022-05-26not yet calculatedCVE-2022-26688
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. A malicious application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26769
MISC
MISC
MISC
apple -- multiple_productsA memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.4. An application may be able to execute arbitrary code with kernel privileges.2022-05-26not yet calculatedCVE-2022-26714
MISC
MISC
MISC
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory.2022-05-26not yet calculatedCVE-2022-26697
MISC
MISC
MISC
apple -- multiple_productsAn out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6, macOS Monterey 12.3.1, iOS 15.4.1 and iPadOS 15.4.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..2022-05-26not yet calculatedCVE-2022-22675
MISC
MISC
MISC
MISC
MISC
apple -- tvosAn authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.2022-05-26not yet calculatedCVE-2022-26724
MISC
apple -- xcodeThis issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges.2022-05-26not yet calculatedCVE-2022-26747
MISC
apple -- xpc_services_apiAn event handler validation issue in the XPC Services API was addressed by removing the service. This issue is fixed in macOS Monterey 12.2. An application may be able to delete files for which it does not have permission.2022-05-26not yet calculatedCVE-2022-22676
MISC
archer -- archer_platformArcher Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.2022-05-26not yet calculatedCVE-2022-30584
MISC
MISC
archer -- archer_platformThe REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability. A remote authenticated malicious user could potentially exploit this vulnerability to view sensitive information. 6.10 P3 (6.10.0.3) and 6.9 SP3 P4 (6.9.3.4) are also fixed releases.2022-05-26not yet calculatedCVE-2022-30585
MISC
MISC
archibus -- web_centralIn Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr. Through the injection of arbitrary SQL statements, a potential attacker can modify query syntax and perform unauthorized (and unexpected) operations against the remote database. This is fixed in all recent versions, such as version 26.2.2022-05-25not yet calculatedCVE-2022-28862
MISC
MISC
arista -- eosThis advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak MACsec sensitive data in clear text in CVP to other authorized users, which could cause MACsec traffic to be decrypted or modified by other authorized users on the device.2022-05-26not yet calculatedCVE-2021-28509
MISC
arista -- eosThis advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols. The impact of this vulnerability is that, in certain conditions, TerminAttr might leak IPsec sensitive data in clear text in CVP to other authorized users, which could cause IPsec traffic to be decrypted or modified by other authorized users on the device.2022-05-26not yet calculatedCVE-2021-28508
MISC
aveva -- intouch_access_anywhere_and_plant_scada_access_anywhere_applicationsWindows OS can be configured to overlay a &#x201C;language bar&#x201D; on top of any application. When this OS functionality is enabled, the OS language bar UI will be viewable in the browser alongside the AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere applications. It is possible to manipulate the Windows OS language bar to launch an OS command prompt, resulting in a context-escape from application into OS.2022-05-23not yet calculatedCVE-2022-1467
MISC
MISC
azure -- rtos_usbxAzure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. Prior to version 6.1.11, he USBX DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function does not assure that a buffer overflow will not occur during handling of the DFU UPLOAD command. When an attacker issues the `UX_SLAVE_CLASS_DFU_COMMAND_UPLOAD` control transfer request with `wLenght` larger than the buffer size (`UX_SLAVE_REQUEST_CONTROL_MAX_LENGTH`, 256 bytes), depending on the actual implementation of `dfu -> ux_slave_class_dfu_read`, a buffer overflow may occur. In example `ux_slave_class_dfu_read` may read 4096 bytes (or more up to 65k) to a 256 byte buffer ultimately resulting in an overflow. Furthermore in case an attacker has some control over the read flash memory, this may result in execution of arbitrary code and platform compromise. A fix for this issue has been included in USBX release 6.1.11. As a workaround, align request and buffer size to assure that buffer boundaries are respected.2022-05-24not yet calculatedCVE-2022-29246
CONFIRM
MISC
MISC
azure -- rtos_usbxAzure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack. In versions prior to 6.1.10, an attacker can cause a buffer overflow by providing the Azure RTOS USBX host stack a HUB descriptor with `bNbPorts` set to a value greater than `UX_MAX_TT` which defaults to 8. For a `bNbPorts` value of 255, the implementation of `ux_host_class_hub_descriptor_get` function will modify the contents of `hub` -> `ux_host_class_hub_device` -> `ux_device_hub_tt` array violating the end boundary by 255 - `UX_MAX_TT` items. The USB host stack needs to validate the number of ports reported by the hub, and if the value is larger than UX_MAX_TT, USB stack needs to reject the request. This fix has been included in USBX release 6.1.10.2022-05-24not yet calculatedCVE-2022-29223
CONFIRM
MISC
badmington_center -- management_systemA vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at /bcms/admin/?page=user/list. The manipulation of the argument username with the input </td><img src="" onerror="alert(1)"><td>1 leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.2022-05-23not yet calculatedCVE-2022-1817
MISC
MISC
beego -- beegoThe route lookup process in beego through 1.12.4 and 2.x through 2.0.2 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).2022-05-21not yet calculatedCVE-2022-31259
MISC
MISC
MISC
bentley_nevada -- 3500_rack_configurationThe affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No. 3060/00 versions 6.98 and prior, 3500 System 1, Part No. 3071/xx & 3072/xx versions 21.1 HF1 and prior, 3500 Rack Configuration, Part No. 129133-01 versions 6.4 and prior, and 3500/22M Firmware, Part No. 288055-01 versions 5.05 and prior) utilize a weak encryption algorithm for storage and transmission of sensitive data, which may allow an attacker to more easily obtain credentials used for access.2022-05-25not yet calculatedCVE-2021-32997
MISC
bfabiszewski_libmobiBuffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.2022-05-27not yet calculatedCVE-2022-1907
CONFIRM
MISC
bfabiszewski_libmobiBuffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.2022-05-27not yet calculatedCVE-2022-1908
CONFIRM
MISC
c-data -- d702xw-x-r430C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6. This vulnerability allows attackers to execute arbitrary commands via a crafted HTTP request.2022-05-24not yet calculatedCVE-2022-29337
MISC
camptocamp -- terraboardSQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.2022-05-25not yet calculatedCVE-2022-1883
MISC
CONFIRM
cardo_systems -- scala_rider_q3A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permissions is possible. Firewalling or disabling the service is recommended.2022-05-24not yet calculatedCVE-2014-125001
MISC
MISC
causefx_organizrCross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.2022-05-27not yet calculatedCVE-2022-1909
MISC
CONFIRM
chainsafe -- lodestarLodestar is a TypeScript implementation of the Ethereum Consensus specification. Prior to version 0.36.0, there is a possible consensus split given maliciously-crafted `AttesterSlashing` or `ProposerSlashing` being included on-chain. Because the developers represent `uint64` values as native javascript `number`s, there is an issue when those variables with large (greater than 2^53) `uint64` values are included on chain. In those cases, Lodestar may view valid_`AttesterSlashing` or `ProposerSlashing` as invalid, due to rounding errors in large `number` values. This causes a consensus split, where Lodestar nodes are forked away from the main network. Similarly, Lodestar may consider invalid `ProposerSlashing` as valid, thus including in proposed blocks that will be considered invalid by the network. Version 0.36.0 contains a fix for this issue. As a workaround, use `BigInt` to represent `Slot` and `Epoch` values in `AttesterSlashing` and `ProposerSlashing` objects. `BigInt` is too slow to be used in all `Slot` and `Epoch` cases, so one may carefully use `BigInt` just where necessary for consensus.2022-05-24not yet calculatedCVE-2022-29219
CONFIRM
MISC
MISC
circutor -- compact_dc-s_basicA buffer overflow vulnerability has been detected in the firewall function of the device management web portal. The device runs a CGI binary (index.cgi) to offer a management web application. Once authenticated with valid credentials in this web portal, a potential attacker could submit any "Address" value and it would be copied to a second variable with a "strcpy" vulnerable function without checking its length. Because of this, it is possible to send a long address value to overflow the process stack, controlling the function return address.2022-05-24not yet calculatedCVE-2022-1669
MISC
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20668
CISCO
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20667
CISCO
cisco -- common_services_platform_collectorMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20666
CISCO
cisco -- common_services_platform_collector_softwareMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20672
CISCO
cisco -- common_services_platform_collector_softwareMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20673
CISCO
cisco -- common_services_platform_collector_softwareMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20669
CISCO
cisco -- common_services_platform_collector_softwareMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20674
CISCO
cisco -- common_services_platform_collector_softwareMultiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.2022-05-27not yet calculatedCVE-2022-20671
CISCO
cisco -- expressway_series_and_telepresenceMultiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-27not yet calculatedCVE-2022-20807
CISCO
cisco -- expressway_series_and_telepresenceMultiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-27not yet calculatedCVE-2022-20806
CISCO
cisco -- expressway_series_and_telepresenceMultiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.2022-05-26not yet calculatedCVE-2022-20809
CISCO
cisco -- ios_xrA vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container. This vulnerability exists because the health check RPM opens TCP port 6379 by default upon activation. An attacker could exploit this vulnerability by connecting to the Redis instance on the open port. A successful exploit could allow the attacker to write to the Redis in-memory database, write arbitrary files to the container filesystem, and retrieve information about the Redis database. Given the configuration of the sandboxed container that the Redis instance runs in, a remote attacker would be unable to execute remote code or abuse the integrity of the Cisco IOS XR Software host system.2022-05-26not yet calculatedCVE-2022-20821
CISCO
cisco -- secure_network_analyticsA vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system. This vulnerability is due to insufficient user input validation by the web-based management interface of the affected software. An attacker could exploit this vulnerability by injecting arbitrary commands in the web-based management interface. A successful exploit could allow the attacker to make configuration changes on the affected device or cause certain services to restart unexpectedly.2022-05-27not yet calculatedCVE-2022-20797
CISCO
cisco -- web_applicationsA vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system. This vulnerability is due to unsanitized user input. An attacker could exploit this vulnerability by submitting custom JavaScript to affected web applications. A successful exploit could allow the attacker to rewrite web page content, access sensitive information stored in the applications, and alter data by submitting forms.2022-05-27not yet calculatedCVE-2022-20765
CISCO
cisco -- enterprise_chat_and_emailA vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. To successfully exploit this vulnerability, an attacker would need valid agent credentials.2022-05-27not yet calculatedCVE-2022-20802
CISCO
citrix -- gateway_plug-inAn improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.2022-05-26not yet calculatedCVE-2022-21827
MISC
claroty -- secure_remote_access_siteSuccessful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI). With access to the web UI an attacker can access assets managed by the SRA installation and could compromise the installation.2022-05-23not yet calculatedCVE-2021-32958
MISC
cognex -- in-sight_opc_serverAnnke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root).2022-05-23not yet calculatedCVE-2021-32941
MISC
cognex -- in-sight_opc_serverThe affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation.2022-05-23not yet calculatedCVE-2021-32935
MISC
cszcms -- cszcmsCSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.2022-05-23not yet calculatedCVE-2022-28997
MISC
MISC
MISC
MISC
MISC
curl -- curlAn improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).2022-05-26not yet calculatedCVE-2022-22576
MISC
cyberlink -- power_directorA vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file.2022-05-24not yet calculatedCVE-2022-29333
MISC
MISC
MISC
MISC
d-link -- dsl-g2452dgD-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.2022-05-23not yet calculatedCVE-2022-28932
MISC
MISC
MISC
MISC
dedecms -- dedecmsDedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.2022-05-26not yet calculatedCVE-2022-30508
MISC
dell -- biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.2022-05-26not yet calculatedCVE-2022-24418
MISC
dell -- biosDell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM.2022-05-26not yet calculatedCVE-2022-24417
MISC
dell -- emc_cloudlinkDell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests. These request parameters can get logged in reverse proxies and server logs. Attackers may potentially use these tokens to access CloudLink server. Tokens should not be used in request URL to avoid such attacks.2022-05-26not yet calculatedCVE-2022-24414
MISC
dell -- emc_networkerDell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.2022-05-26not yet calculatedCVE-2022-29082
MISC
dell -- idrac9Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access to the VNC Console.2022-05-26not yet calculatedCVE-2022-24422
MISC
dell -- multiple_productsDell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI. An Unauthenticated Remote Attacker could potentially exploit this vulnerability, leading to the execution of malicious HTML or JavaScript code in a victim user's web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery.2022-05-26not yet calculatedCVE-2022-29091
MISC
dell -- openmanage_enterpriseDell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability. A remote authenticated malicious user with low privileges may potentially exploit this vulnerability to bypass blocked functionalities and perform unauthorized actions.2022-05-26not yet calculatedCVE-2022-26857
MISC
dell -- support_assist_os_recoveryDell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability. An unauthenticated attacker with physical access to the system may exploit this vulnerability by bypassing OS Recovery authentication in order to run arbitrary code on the system as Administrator.2022-05-26not yet calculatedCVE-2022-26865
MISC
delta_electronics -- diascreenDelta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.2022-05-24not yet calculatedCVE-2021-32965
MISC
delta_electronics -- diascreenDelta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.2022-05-24not yet calculatedCVE-2021-32969
MISC
dev-cpp -- dev-cppInsecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.2022-05-23not yet calculatedCVE-2022-28999
MISC
divvydrives -- aciklama_parameterA Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations.2022-05-23not yet calculatedCVE-2022-0900
CONFIRM
docker -- desktopDocker Desktop 4.3.0 has Incorrect Access Control.2022-05-25not yet calculatedCVE-2021-44719
MISC
MISC
MISC
dpkg -- dpkgDpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs.2022-05-26not yet calculatedCVE-2022-1664
MISC
MISC
MISC
MISC
MISC
MISC
emco -- emco_softwareCertain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for Windows 9.1.4 and Remote Installer for Windows 6.0.13 and Ping Monitor for Windows 8.0.18 and Remote Shutdown for Windows 7.2.2 and WakeOnLan 2.0.8 and Network Inventory for Windows 5.8.22 and Network Software Scanner for Windows 2.0.8 and UnLock IT for Windows 6.1.1. The impact is: execute arbitrary code (remote). The component is: Updater. The attack vector is: To exploit this vulnerability, a user must trigger an update of an affected installation of EMCO Software. &#xB6;&#xB6; Multiple products from EMCO Software are affected by a remote code execution vulnerability during the update process.2022-05-23not yet calculatedCVE-2022-28944
MISC
MISC
MISC
epub2txt2 -- epub2txt2epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted XML file.2022-05-25not yet calculatedCVE-2022-29358
MISC
erudika -- paraBusiness Logic Errors in GitHub repository erudika/para prior to 1.45.11.2022-05-24not yet calculatedCVE-2022-1848
MISC
CONFIRM
f-secure-- atlantA Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine. The exploit can be triggered remotely by an attacker.2022-05-25not yet calculatedCVE-2022-28875
MISC
MISC
f-secure-- atlantMultiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker.2022-05-23not yet calculatedCVE-2022-28874
MISC
MISC
filegator -- filegatorPath Traversal in GitHub repository filegator/filegator prior to 7.8.0.2022-05-24not yet calculatedCVE-2022-1850
CONFIRM
MISC
filegator -- filegatorSession Fixation in GitHub repository filegator/filegator prior to 7.8.0.2022-05-24not yet calculatedCVE-2022-1849
MISC
CONFIRM
fortiguard -- fortiosAn improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.2022-05-24not yet calculatedCVE-2022-22306
CONFIRM
gibbon -- v23Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.2022-05-25not yet calculatedCVE-2022-27305
MISC
MISC
MISC
ginadmin -- ginadminIn ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal.2022-05-25not yet calculatedCVE-2022-30427
MISC
ginadmin -- ginadminIn ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading.2022-05-25not yet calculatedCVE-2022-30428
MISC
gitblit -- gitblitGitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value.2022-05-21not yet calculatedCVE-2022-31267
MISC
MISC
gitblit -- gitblitA Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).2022-05-21not yet calculatedCVE-2022-31268
MISC
gjson -- gjsonGJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.2022-05-24not yet calculatedCVE-2021-42248
MISC
gost -- gost_engineGOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL. TLS clients using GOST engine when ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is agreed and the server uses 512 bit GOST secret keys are vulnerable to buffer overflow. GOST engine version 3.0.1 contains a patch for this issue. Disabling ciphersuite `TLS_GOSTR341112_256_WITH_KUZNYECHIK_CTR_OMAC` is a possible workaround.2022-05-24not yet calculatedCVE-2022-29242
MISC
MISC
MISC
MISC
CONFIRM
guzzle -- guzzleGuzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to the handler stack or construct the client with ['cookies' => true] are affected. Moreover, those who do not use the same Guzzle client to call multiple domains and have disabled redirect forwarding are not affected by this vulnerability. Guzzle versions 6.5.6 and 7.4.3 contain a patch for this issue. As a workaround, turn off the cookie middleware.2022-05-25not yet calculatedCVE-2022-29248
MISC
MISC
CONFIRM
CONFIRM
h -- hAn issue in H v1.0 allows attackers to bypass authentication via a session replay attack.2022-05-24not yet calculatedCVE-2022-29334
MISC
halibut -- halibutA use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.2022-05-24not yet calculatedCVE-2021-42612
MISC
halibut -- halibutA use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.2022-05-24not yet calculatedCVE-2021-42614
MISC
halibut -- halibutA double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.2022-05-24not yet calculatedCVE-2021-42613
MISC
hashicorp -- go-getterHashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3).2022-05-25not yet calculatedCVE-2022-30323
MISC
MISC
MISC
hashicorp -- go-getterHashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3).2022-05-25not yet calculatedCVE-2022-30322
MISC
MISC
MISC
hashicorp -- go-getterHashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).2022-05-25not yet calculatedCVE-2022-30321
MISC
MISC
MISC
hashicorp -- go-getterHashiCorp go-getter before 2.0.2 allows Command Injection.2022-05-25not yet calculatedCVE-2022-26945
MISC
MISC
hcl_software -- bigfix_mobile/modern_client_management_versionThe software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.2022-05-27not yet calculatedCVE-2021-27780
CONFIRM
hcl_software -- bigfix_mobile/modern_client_management_versionThe Master operator may be able to embed script tag in HTML with alert pop-up display cookie.2022-05-27not yet calculatedCVE-2021-27781
CONFIRM
hcl_software -- bigfix_mobile/modern_client_management_versionUser generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.2022-05-25not yet calculatedCVE-2021-27783
MISC
hcl_software --hcl_versionvault_expressVersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.2022-05-25not yet calculatedCVE-2021-27779
MISC
home_clean_services_management_system --home_clean_services_management_systemA vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects register.php?link=registerand. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely but demands authentication. Exploit details have been disclosed to the public.2022-05-24not yet calculatedCVE-2022-1840
MISC
MISC
home_clean_services_management_system --home_clean_services_management_systemA vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(2)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. The attack can be initiated remotely but it requires authentication. Exploit details have been disclosed to the public.2022-05-24not yet calculatedCVE-2022-1839
MISC
MISC
home_clean_services_management_system --home_clean_services_management_systemA vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this issue is register.php?link=registerand. The manipulation with the input <?php phpinfo();?> leads to code execution. The attack may be launched remotely but demands an authentication. Exploit details have been disclosed to the public.2022-05-24not yet calculatedCVE-2022-1837
MISC
MISC
home_clean_services_management_system --home_clean_services_management_systemA vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part of admin/login.php. The manipulation of the argument username with the input admin%'/**/AND/**/(SELECT/**/5383/**/FROM/**/(SELECT(SLEEP(5)))JPeh)/**/AND/**/'frfq%'='frfq leads to sql injection. It is possible to initiate the attack remotely but it requires authentication. Exploit details have been disclosed to the public.2022-05-24not yet calculatedCVE-2022-1838
MISC
MISC
hospital-management-system -- hospital-management-systemIn Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.2022-05-26not yet calculatedCVE-2022-30516
MISC
ibm -- aspera_faspexIBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token. IBM X-Force ID: 226951.2022-05-24not yet calculatedCVE-2022-22497
XF
CONFIRM
ibm -- elastic_storage_systemA vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191600.2022-05-24not yet calculatedCVE-2020-4926
XF
CONFIRM
CONFIRM
ibm -- iIBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 226941.2022-05-24not yet calculatedCVE-2022-22495
XF
CONFIRM
ibm -- power_systemsThe POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface. This vulnerability can be more critical if the serial port is connected to a serial-over-lan device. IBM X-Force ID: 217095.2022-05-24not yet calculatedCVE-2022-22309
CONFIRM
XF
java -- javaezJavaEZ is a library that adds new functions to make Java easier. A weakness in JavaEZ 1.6 allows force decryption of locked text by unauthorized actors. The issue is NOT critical for non-secure applications, however may be critical in a situation where the highest levels of security are required. This issue ONLY affects v1.6 and does not affect anything pre-1.6. The vulnerability has been patched in release 1.7. Currently, there is no way to fix the issue without upgrading.2022-05-24not yet calculatedCVE-2022-29249
CONFIRM
MISC
jfinal -- jfinal_cmsJfinal cms 5.1.0 is vulnerable to SQL Injection.2022-05-26not yet calculatedCVE-2022-30500
MISC
jfrog -- artifactoryJFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.2022-05-23not yet calculatedCVE-2021-41834
CONFIRM
jgraph -- drawioExposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.2022-05-25not yet calculatedCVE-2022-1815
CONFIRM
MISC
kkfileview -- kkfileviewkkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.2022-05-25not yet calculatedCVE-2022-29349
MISC
kuka -- kr_c4An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.2022-05-26not yet calculatedCVE-2021-33016
MISC
kuka -- kr_c4An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.2022-05-26not yet calculatedCVE-2021-33014
MISC
lcds-- laquis_scada_applicationWhen a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.2022-05-25not yet calculatedCVE-2021-32989
MISC
limesurvey -- limesurveyA cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.2022-05-25not yet calculatedCVE-2022-29710
MISC
linglong -- linglongAn access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.2022-05-26not yet calculatedCVE-2022-29633
MISC
linux -- linux_kernelAn issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.2022-05-25not yet calculatedCVE-2022-1678
MISC
CONFIRM
MISC
MISC
linux -- linux_kernelA flaw use after free in the Linux kernel pipes functionality was found in the way user do some manipulations with pipe ex. with the post_one_notification() after free_pipe_info() already called. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.2022-05-26not yet calculatedCVE-2022-1882
MISC
logrotate -- logrotateA vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.2022-05-25not yet calculatedCVE-2022-1348
MISC
MLIST
MLIST
MLIST
luxsoft -- luxcal_web_calendarIn LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.2022-05-24not yet calculatedCVE-2021-45914
MISC
MISC
MISC
CONFIRM
luxsoft -- luxcal_web_calendarIn LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.2022-05-24not yet calculatedCVE-2021-45915
MISC
MISC
MISC
CONFIRM
manageengine -- appmanager15ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.2022-05-24not yet calculatedCVE-2022-23050
MISC
MISC
mastodon -- mastodonapp/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.2022-05-24not yet calculatedCVE-2022-31263
CONFIRM
CONFIRM
matrikon -- matrikon_opc_serverMatrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.2022-05-26not yet calculatedCVE-2022-1261
CONFIRM
mindoc -- mindocAn arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file.2022-05-26not yet calculatedCVE-2022-29637
MISC
mini-xml -- mini-xmlA stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxml_string_getc:2611.2022-05-26not yet calculatedCVE-2021-42860
MISC
mini-xml -- mini-xmlA memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service.2022-05-26not yet calculatedCVE-2021-42859
MISC
morpheus -- morpheusAn XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.2022-05-24not yet calculatedCVE-2022-31261
MISC
MISC
mysiteforme -- mysistefomemysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.2022-05-24not yet calculatedCVE-2022-29309
MISC
nginx -- njsNginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c.2022-05-25not yet calculatedCVE-2022-29379
MISC
MISC
MISC
nokia -- broadcast_message_centerNokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user, database name, and database version information, and potentially database data.2022-05-25not yet calculatedCVE-2021-35487
MISC
MISC
oas -- oas_platformAn improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.2022-05-25not yet calculatedCVE-2022-26833
MISC
oas -- oas_platformAn external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.2022-05-25not yet calculatedCVE-2022-26303
MISC
oas -- oas_platformAn information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.2022-05-25not yet calculatedCVE-2022-27169
MISC
oas -- oas_platformAn external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability.2022-05-25not yet calculatedCVE-2022-26043
MISC
oas -- oas_platformAn information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.2022-05-25not yet calculatedCVE-2022-26067
MISC
oas -- oas_platformA cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.2022-05-25not yet calculatedCVE-2022-26077
MISC
oas -- oas_platformA file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.2022-05-25not yet calculatedCVE-2022-26082
MISC
oas -- oas_platformA denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.2022-05-25not yet calculatedCVE-2022-26026
MISC
online_food -- ordering_systemOnline Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.2022-05-25not yet calculatedCVE-2022-29650
MISC
online_food -- ordering_systemAn arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.2022-05-25not yet calculatedCVE-2022-29651
MISC
opencast -- opencastOpencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 and 11.7, users could pass along URLs for files belonging to organizations other than the user's own, which Opencast would then import into the current organization, bypassing organizational barriers. Attackers must have full access to Opencast's ingest REST interface, and also know internal links to resources in another organization of the same Opencast cluster. Users who do not run a multi-tenant cluster are not affected by this issue. This issue is fixed in Opencast 10.14 and 11.7.2022-05-24not yet calculatedCVE-2022-29237
CONFIRM
MISC
oretnom23 -- automotive_shop_management_systemIn oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).2022-05-26not yet calculatedCVE-2022-30493
MISC
oretnom23 -- automotive_shop_management_systemIn oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)2022-05-26not yet calculatedCVE-2022-30495
MISC
oretnom23 -- automotive_shop_management_systemIn oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.2022-05-26not yet calculatedCVE-2022-30494
MISC
pallets -- werkzeugImproper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.2022-05-25not yet calculatedCVE-2022-29361
MISC
philips -- interoperability_solution_xdsPhilips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.2022-05-25not yet calculatedCVE-2021-32966
MISC
php -- zoo_management_systemA vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is /zoo/admin/public_html/view_accounts?type=zookeeper of the content module. The manipulation of the argument admin_name with the input <script>alert(1)</script> leads to an authenticated cross site scripting. Exploit details have been disclosed to the public.2022-05-23not yet calculatedCVE-2022-1816
MISC
MISC
pillow -- pyhton_pillowlibImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.2022-05-25not yet calculatedCVE-2022-30595
MISC
MISC
piwigo -- piwigoPiwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.2022-05-26not yet calculatedCVE-2021-40317
MISC
protobufjs -- protobufjsThe package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype. This vulnerability can occur in multiple ways: 1. by providing untrusted user input to util.setProperty or to ReflectionObject.setParsedOption functions 2. by parsing/loading .proto files2022-05-27not yet calculatedCVE-2022-25878
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
publify -- publifyUnrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.2022-05-23not yet calculatedCVE-2022-1811
MISC
CONFIRM
pyjwt -- pythonPyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.2022-05-24not yet calculatedCVE-2022-29217
CONFIRM
MISC
MISC
qnap --qnap_nas_running_proxy_serverA cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later QuTS hero h5.0.0: Proxy Server 1.4.3 ( 2022/01/18 ) and later QuTScloud c4.5.6: Proxy Server 1.4.2 ( 2021/12/30 ) and later2022-05-26not yet calculatedCVE-2021-34360
MISC
quick_heal -- total_securityQuick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.2022-05-23not yet calculatedCVE-2022-31467
MISC
quick_heal -- total_securityQuick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a symlink that was created after a malware check.2022-05-23not yet calculatedCVE-2022-31466
MISC
radareorg -- radare2Access of Uninitialized Pointer in GitHub repository radareorg/radare2 prior to 5.7.0.2022-05-21not yet calculatedCVE-2022-1809
CONFIRM
MISC
radereorg -- radareradareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.2022-05-25not yet calculatedCVE-2021-44974
MISC
MISC
MLIST
radereorg -- radareradareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.2022-05-24not yet calculatedCVE-2021-44975
MISC
MISC
MLIST
radereorg -- radare2Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.2022-05-26not yet calculatedCVE-2022-1899
CONFIRM
MISC
rails -- active_storageA code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.2022-05-26not yet calculatedCVE-2022-21831
MISC
roncoo -- roncoo_educationAn arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file.2022-05-26not yet calculatedCVE-2022-29632
MISC
school_club_application_system --school_club_application_systemA stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.2022-05-25not yet calculatedCVE-2022-29359
MISC
MISC
sharp -- sharpsharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build environment then they might be able to use this to inject an arbitrary command at `npm install` time. This is not part of any runtime code, does not affect Windows users at all, and is unlikely to affect anyone that already cares about the security of their build environment. This problem is fixed in version 0.30.5.2022-05-25not yet calculatedCVE-2022-29256
CONFIRM
MISC
siteserver -- cmsSiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.2022-05-24not yet calculatedCVE-2021-42655
MISC
MISC
MISC
siteserver -- cmsSiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.2022-05-24not yet calculatedCVE-2021-42654
MISC
MISC
MISC
siteserver -- cmsSiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.2022-05-24not yet calculatedCVE-2021-42656
MISC
MISC
MISC
smarty-php -- smartySmarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds.2022-05-24not yet calculatedCVE-2022-29221
MISC
CONFIRM
MISC
MISC
solana -- solana_rbpfSolana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.2022-05-21not yet calculatedCVE-2022-31264
MISC
MISC
sox -- soxIn SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.2022-05-25not yet calculatedCVE-2022-31651
MISC
sox -- soxIn SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.2022-05-25not yet calculatedCVE-2022-31650
MISC
student_information_system -- student_information_systemA vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have been disclosed to the public.2022-05-24not yet calculatedCVE-2022-1819
MISC
MISC
suse -- rancherA Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.2022-05-25not yet calculatedCVE-2022-21951
CONFIRM
CONFIRM
tableau -- tableau_serverTableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users. The vulnerability allows a malicious site administrator to change passwords for users in different sites hosted on the same Tableau Server, resulting in the potential for unauthorized access to data.Tableau Server versions affected are:2020.4.16, 2021.1.13, 2021.2.10, 2021.3.9, 2021.4.4 and earlierNote: All future releases of Tableau Server will address this security issue. Versions that are no longer supported are not tested and may be vulnerable.2022-05-25not yet calculatedCVE-2022-22127
MISC
talend_administration_center -- sso_login_endpointTalend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.2022-05-26not yet calculatedCVE-2022-31648
MISC
MISC
telecommunication_software_gmbh -- software_samwin_contact_center_suiteA vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1. This vulnerability affects the function passwordScramble in the library SAMwinLIBVB.dll of the component Password Handler. Incorrect implementation of a hashing function leads to predictable authentication possibilities. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.2022-05-24not yet calculatedCVE-2013-10004
MISC
MISC
telecommunication_software_gmbh -- software_samwin_contact_center_suiteA vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1. It has been rated as critical. Affected by this issue is the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the credential handler. Authentication is possible with hard-coded credentials. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.2022-05-24not yet calculatedCVE-2013-10002
MISC
MISC
telecommunication_software_gmbh -- software_samwin_contact_center_suiteA vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1. This affects the function getCurrentDBVersion in the library SAMwinLIBVB.dll of the database handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 6.2 is able to address this issue. It is recommended to upgrade the affected component.2022-05-24not yet calculatedCVE-2013-10003
MISC
MISC
tenda -- web_server_httpdThere is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi. When setting the virtual service, the httpd program will crash and exit when the super-long list parameter occurs.2022-05-24not yet calculatedCVE-2021-42659
MISC
MISC
tenda -- ac_series_routerTenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.2022-05-26not yet calculatedCVE-2022-30474
MISC
tenda -- ac_series_routerTenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat2022-05-26not yet calculatedCVE-2022-30472
MISC
tenda -- ac_series_routerTenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set2022-05-26not yet calculatedCVE-2022-30473
MISC
tenda -- ac_series_routerTenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request.2022-05-26not yet calculatedCVE-2022-30475
MISC
tenda -- ac_series_routerTenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.2022-05-26not yet calculatedCVE-2022-30476
MISC
tenda -- ac_series_routerTenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.2022-05-26not yet calculatedCVE-2022-30477
MISC
thorfdbg&#xA0;-- libjpegIn libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.2022-05-25not yet calculatedCVE-2022-31620
MISC
MISC
tinytoml -- tinytomlThere is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.2022-05-26not yet calculatedCVE-2021-42692
MISC
tipask -- tipaskIn Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.2022-05-23not yet calculatedCVE-2021-41714
MISC
MISC
MISC
totolink -- a3600rTotolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi. This vulnerability allows attackers to cause a Denial of Service (DoS) via the parameter CONTENT_LENGTH.2022-05-24not yet calculatedCVE-2022-29377
MISC
tp-link -- tl-wr840nTP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console. This vulnerability allows attackers to connect to the UART port via a serial connection and execute commands as the root user without authentication.2022-05-25not yet calculatedCVE-2022-29402
MISC
trend_micro -- maximum_securityTrend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product’s secure erase feature to delete arbitrary files.2022-05-27not yet calculatedCVE-2022-30687
N/A
N/A
trend_micro -- apex_one An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-05-27not yet calculatedCVE-2022-30700
N/A
N/A
trend_micro -- apex_oneAn uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.2022-05-27not yet calculatedCVE-2022-30701
N/A
N/A
trend_micro -- password_manager
 
EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Please note that this was reported on an EOL version of the product, and users are advised to upgrade to the latest supported version (5.x).2022-05-27not yet calculatedCVE-2022-28394
N/A
N/A
N/A
truestack -- direct_connectTrueStack Direct Connect 1.4.7 has Incorrect Access Control.2022-05-25not yet calculatedCVE-2022-23775
MISC
MISC
tuxera -- ntfs-3gAn invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.2022-05-26not yet calculatedCVE-2022-30783
MISC
MISC
tuxera -- ntfs-3gA crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.2022-05-26not yet calculatedCVE-2022-30786
MISC
MISC
tuxera -- ntfs-3gA crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.2022-05-26not yet calculatedCVE-2022-30784
MISC
MISC
tuxera -- ntfs-3gA file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.2022-05-26not yet calculatedCVE-2022-30785
MISC
MISC
tuxera -- ntfs-3gAn integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.2022-05-26not yet calculatedCVE-2022-30787
MISC
MISC
tuxera -- ntfs-3gA crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.2022-05-26not yet calculatedCVE-2022-30789
MISC
MISC
tuxera -- ntfs-3gA crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.2022-05-26not yet calculatedCVE-2022-30788
MISC
MISC
ua-parser-js -- ua-parser-jsA vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This issue affects the crypto mining component which introduces a backdoor. Upgrading to version 0.7.30, 0.8.1 and 1.0.1 is able to address this issue. It is recommended to upgrade the affected component.2022-05-24not yet calculatedCVE-2021-4229
MISC
MISC
MISC
undertow -- undertowA flaw was found in undertow. The HTTP2SourceChannel fails to write the final frame under some circumstances, resulting in a denial of service. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.35.SP1, prior to 2.2.6.SP1, prior to 2.2.7.SP1, prior to 2.0.36.SP1, prior to 2.2.9.Final and prior to 2.0.39.Final.2022-05-24not yet calculatedCVE-2021-3597
MISC
undertow -- undertowA flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final.2022-05-24not yet calculatedCVE-2021-3629
MISC
vaadin -- vaadinThe default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.2022-05-24not yet calculatedCVE-2022-29567
MISC
MISC
vim -- vimOut-of-bounds Read in GitHub repository vim/vim prior to 8.2.2022-05-25not yet calculatedCVE-2022-1851
MISC
CONFIRM
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.2022-05-26not yet calculatedCVE-2022-1886
CONFIRM
MISC
vim -- vimOut-of-bounds Write in GitHub repository vim/vim prior to 8.2.2022-05-27not yet calculatedCVE-2022-1897
CONFIRM
MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 8.2.2022-05-27not yet calculatedCVE-2022-1898
MISC
CONFIRM
vmware -- vmware_tools_for_windowsVMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.2022-05-24not yet calculatedCVE-2022-22977
MISC
wildfly -- wildflyA flaw was found in Wildfly. An incorrect JBOSS_LOCAL_USER challenge location when using the elytron configuration may lead to JBOSS_LOCAL_USER access to all users on the machine. The highest threat from this vulnerability is to confidentiality, integrity, and availability. This flaw affects wildfly-core versions prior to 17.0.2022-05-24not yet calculatedCVE-2021-3717
MISC
wondercms -- simple_blog_pluginThe Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur.2022-05-23not yet calculatedCVE-2021-42233
MISC
MISC
MISC
wordpress -- vsourz_digitial_advanced_contact_formPersistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.2022-05-25not yet calculatedCVE-2022-29408
CONFIRM
CONFIRM
world_of_warships -- wargamingThe replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source.2022-05-26not yet calculatedCVE-2022-31265
MISC
xampp_for_windows -- xampp_for_windowsXampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.2022-05-23not yet calculatedCVE-2022-29376
MISC
xlight -- ftpXlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.2022-05-23not yet calculatedCVE-2022-28998
MISC
MISC
MISC
MISC
xwiki -- xwiki_platformXWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue.2022-05-25not yet calculatedCVE-2022-29253
MISC
CONFIRM
MISC
xwiki -- xwiki_platform_flamingo_theme_uiXWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.2022-05-25not yet calculatedCVE-2022-29252
MISC
MISC
CONFIRM
xwiki -- xwiki_platform_flamingo_theme_uiXWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.2022-05-25not yet calculatedCVE-2022-29251
MISC
MISC
CONFIRM
xxl-job -- xxl-jobA Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.2022-05-23not yet calculatedCVE-2022-29002
MISC
zyxel -- cgi_programA cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.2022-05-24not yet calculatedCVE-2022-0734
CONFIRM
zyxel -- multiple_productsA argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.2022-05-24not yet calculatedCVE-2022-26532
CONFIRM
zyxel -- multiple_productsMultiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.2022-05-24not yet calculatedCVE-2022-26531
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.