Vulnerability Summary for the Week of July 4, 2022

Released
Jul 11, 2022
Document ID
SB22-192

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
gitlab -- gitlabA critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 where it was possible for an unauthorised user to execute arbitrary code on the server using the project import feature.2022-07-017.5CVE-2022-2185
CONFIRM
MISC
MISC
hospital_management_system_project -- hospital_management_systemHospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php.2022-07-017.5CVE-2022-32093
MISC
hospital_management_system_project -- hospital_management_systemHospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at doctorlogin.php.2022-07-017.5CVE-2022-32094
MISC
hospital_management_system_project -- hospital_management_systemHospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter at orders.php.2022-07-017.5CVE-2022-32095
MISC
tenda -- ax1806_firmwareTenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the deviceList parameter in the function formAddMacfilterRule.2022-07-0110CVE-2022-32032
MISC
tenda -- ax1806_firmwareTenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function formSetQosBand.2022-07-017.8CVE-2022-32030
MISC
tenda -- ax1806_firmwareTenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetRouteStatic.2022-07-017.8CVE-2022-32031
MISC
tenda -- ax1806_firmwareTenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the function formSetVirtualSer.2022-07-017.8CVE-2022-32033
MISC
tendacn -- m3_firmwareTenda M3 V1.0.0.12 was discovered to contain a stack overflow via the items parameter in the function formdelMasteraclist.2022-07-017.8CVE-2022-32034
MISC
tendacn -- m3_firmwareTenda M3 V1.0.0.12 was discovered to contain a stack overflow via the function formMasterMng.2022-07-017.8CVE-2022-32035
MISC
tendacn -- m3_firmwareTenda M3 V1.0.0.12 was discovered to contain multiple stack overflow vulnerabilities via the ssidList, storeName, and trademark parameters in the function formSetStoreWeb.2022-07-017.8CVE-2022-32036
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
college_management_system_project -- college_management_systemCollege Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP file.2022-07-016.8CVE-2022-32420
MISC
gitlab -- gitlabIncorrect authorization in GitLab EE affecting all versions from 10.7 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allowed an attacker already in possession of a valid Deploy Key or a Deploy Token to misuse it from any location to access Container Registries even when IP address restrictions were configured.2022-07-014CVE-2022-1983
MISC
CONFIRM
ibm -- infosphere_information_serverAn improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps and BW Packs may lead to creation of directories and files on the server file system that may contain non-sensitive debugging information like stack traces. IBM X-Force ID: 221323.2022-07-015.5CVE-2022-22373
XF
CONFIRM
libmobi_project -- libmobiNULL Pointer Dereference in GitHub repository bfabiszewski/libmobi prior to 0.11.2022-07-014.3CVE-2022-2279
CONFIRM
MISC
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.2022-07-016.8CVE-2022-2264
MISC
CONFIRM
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.2022-07-026.8CVE-2022-2284
CONFIRM
MISC
vim -- vimInteger Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.2022-07-026.8CVE-2022-2285
MISC
CONFIRM
vim -- vimOut-of-bounds Read in GitHub repository vim/vim prior to 9.0.2022-07-026.8CVE-2022-2286
CONFIRM
MISC
vim -- vimOut-of-bounds Read in GitHub repository vim/vim prior to 9.0.2022-07-025.8CVE-2022-2287
MISC
CONFIRM

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
gitlab -- gitlabImproper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows a previous maintainer of a project with a specific runner to access job and project meta data under certain conditions2022-07-013.5CVE-2022-2227
MISC
MISC
CONFIRM
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 22106.2022-07-012.1CVE-2022-22366
CONFIRM
XF
ibm -- urbancode_deployIBM UrbanCode Deploy (UCD) 6.2.7.15, 7.0.5.10, 7.1.2.6, and 7.2.2.1 could disclose sensitive database information to a local user in plain text. IBM X-Force ID: 221008.2022-07-012.1CVE-2022-22367
CONFIRM
XF
microweber -- microweberCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.2022-07-013.5CVE-2022-2280
MISC
CONFIRM

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adminlte -- adminlte
 
AdminLTE is a Pi-hole Dashboard for stats and configuration. In affected versions inserting code like `<script>alert("XSS")</script>` in the field marked with "Domain to look for" and hitting <kbd>enter</kbd> (or clicking on any of the buttons) will execute the script. The user must be logged in to use this vulnerability. Usually only administrators have login access to pi-hole, minimizing the risks. Users are advised to upgrade. There are no known workarounds for this issue.2022-07-07not yet calculatedCVE-2022-31029
CONFIRM
MISC
agilepoint -- agilepoint_nx
 
Editable SQL Queries behind Base64 encoding sending from the Client-Side to The Server-Side for a particular API used in legacy Work Center module. The attack is available for any authenticated user, in any kind of rule. under the function : /AgilePointServer/Extension/FetchUsingEncodedData in the parameter: EncodedData2022-07-06not yet calculatedCVE-2022-30619
MISC
akashi -- akashi
 
Akashi is an open source server implementation of the Attorney Online video game based on the Ace Attorney universe. Affected versions of Akashi are subject to a denial of service attack. An attacker can use a specially crafted evidence packet to make an illegal modification, causing a server crash. This can be used to mount a denial-of-service exploit. Users are advised to upgrade. There is no known workaround for this issue.2022-07-07not yet calculatedCVE-2022-31135
CONFIRM
MISC
apache -- commons_configuration
 
Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: - "script" - execute expressions using the JVM script execution engine (javax.script) - "dns" - resolve dns records - "url" - load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Configuration 2.8.0, which disables the problematic interpolators by default.2022-07-06not yet calculatedCVE-2022-33980
CONFIRM
apache -- druidIn Apache Druid 0.22.1 and earlier, the server did not set appropriate headers to prevent clickjacking. Druid 0.23.0 and later prevent clickjacking using the Content-Security-Policy header.2022-07-07not yet calculatedCVE-2022-28889
MISC
apache -- druid
 
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.2022-07-07not yet calculatedCVE-2021-44791
MISC
apache -- superset
 
Apache Superset up to 1.5.1 allowed for authenticated users to access metadata information related to datasets they have no permission on. This metadata included the dataset name, columns and metrics.2022-07-06not yet calculatedCVE-2021-37839
MISC
asus -- rt-a88u
 
ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device.2022-07-05not yet calculatedCVE-2021-43702
MISC
MISC
atlassian -- jiraThe Appfire Jira Misc Custom Fields (JMCF) app 2.4.6 for Atlassian Jira allows XSS via a crafted project name to the Add Auto Indexing Rule function.2022-07-07not yet calculatedCVE-2022-32567
MISC
MISC
atoms183_cms -- atoms183_cms
 
SQL Injection vulnerability in product_admin.php in atoms183 CMS 1.0, allows attackers to execute arbitrary commands via the Name, Fname, and ID parameters to search.php.2022-07-07not yet calculatedCVE-2021-35283
MISC
beego -- beegoThe leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.2022-07-05not yet calculatedCVE-2022-31836
MISC
bookwyrm -- bookwyrm
 
Bookwyrm is an open source social reading and reviewing program. Versions of Bookwyrm prior to 0.4.1 did not properly sanitize html being rendered to users. Unprivileged users are able to inject scripts into user profiles, book descriptions, and statuses. These vulnerabilities may be exploited as cross site scripting attacks on users viewing these fields. Users are advised to upgrade to version 0.4.1. There are no known workarounds for this issue.2022-07-07not yet calculatedCVE-2022-31136
CONFIRM
MISC
burp_suite -- burp_suiteA URL disclosure issue was discovered in Burp Suite before 2022.6. If a user views a crafted response in the Repeater or Intruder, it may be incorrectly interpreted as a redirect.2022-07-08not yet calculatedCVE-2022-35406
MISC
check_point -- endpointCheck Point Endpoint before version E86.50 failed to protect against specific registry change which allowed to disable endpoint protection by a local administrator.2022-07-07not yet calculatedCVE-2022-23744
MISC

cisco -- expressway_series_and_telepresence_video_communication_server

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.2022-07-06not yet calculatedCVE-2022-20813
CISCO
cisco -- expressway_series_and_telepresence_video_communication_server
 
Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device. For more information about these vulnerabilities, see the Details section of this advisory.2022-07-06not yet calculatedCVE-2022-20812
CISCO
cisco -- smart_software_manager_onprem
 
A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to incorrect handling of multiple simultaneous device registrations on Cisco SSM On-Prem. An attacker could exploit this vulnerability by sending multiple device registration requests to Cisco SSM On-Prem. A successful exploit could allow the attacker to cause a DoS condition on an affected device.2022-07-06not yet calculatedCVE-2022-20808
CISCO
cisco -- telepresence_collaboration_endpoint_and_roomos
 
A vulnerability in the logging component of Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system. This vulnerability is due to the storage of certain unencrypted credentials. An attacker could exploit this vulnerability by accessing the audit logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to access confidential information, some of which may contain personally identifiable information (PII). Note: To access the logs that are stored in the RoomOS Cloud, an attacker would need valid Administrator-level credentials.2022-07-06not yet calculatedCVE-2022-20768
CISCO
cisco -- unified_communications_manager_and_unity_connection
 
A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to perform a timing attack. This vulnerability is due to insufficient protection of a system password. An attacker could exploit this vulnerability by observing the time it takes the system to respond to various queries. A successful exploit could allow the attacker to determine a sensitive system password.2022-07-06not yet calculatedCVE-2022-20752
CISCO
cisco --  unified_communications_manager
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the operating system.2022-07-06not yet calculatedCVE-2022-20862
CISCO
cisco --  unified_communications_manager_and_unified_communications_manager_im_and_presence_serviceA vulnerability in the database user privileges of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM and Presence Service (Unified CM IM and P) could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. This vulnerability is due to insufficient file permission restrictions. An attacker could exploit this vulnerability by sending a crafted command from the API to the application. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. The attacker would need valid user credentials to exploit this vulnerability.2022-07-06not yet calculatedCVE-2022-20791
CISCO
cisco --  unified_communications_manager_and_unified_communications_manager_im_and_presence_service
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.2022-07-06not yet calculatedCVE-2022-20815
CISCO
cisco --  unified_communications_manager_and_unified_communications_manager_im_and_presence_service
 
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.2022-07-06not yet calculatedCVE-2022-20800
CISCO
cisco --  unified_communications_manager_and_unified_communications_manager_im_and_presence_service
 
A vulnerability in the Disaster Recovery framework of Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P), and Cisco Unity Connection could allow an authenticated, remote attacker to perform certain administrative actions they should not be able to. This vulnerability is due to insufficient access control checks on the affected device. An attacker with read-only privileges could exploit this vulnerability by executing a specific vulnerable command on an affected device. A successful exploit could allow the attacker to perform a set of administrative actions they should not be able to.2022-07-06not yet calculatedCVE-2022-20859
CISCO
codoforum -- codoforumCodoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.2022-07-07not yet calculatedCVE-2022-31854
MISC
MISC
curl -- curlWhen curl < 7.84.0 does FTP transfers secured by krb5, it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.2022-07-07not yet calculatedCVE-2022-32208
MISC
curl -- curlWhen curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended.2022-07-07not yet calculatedCVE-2022-32207
MISC
curl -- curlcurl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.2022-07-07not yet calculatedCVE-2022-32206
MISC
curl -- curlA malicious server can serve excessive amounts of `Set-Cookie:` headers in a HTTP response to curl and curl < 7.84.0 stores all of them. A sufficiently large amount of (big) cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger than the threshold that curl uses internally to avoid sending crazy large requests (1048576 bytes) and instead returns an error.This denial state might remain for as long as the same cookies are kept, match and haven't expired. Due to cookie matching rules, a server on `foo.example.com` can set cookies that also would match for `bar.example.com`, making it it possible for a "sister server" to effectively cause a denial of service for a sibling site on the same second level domain using this method.2022-07-07not yet calculatedCVE-2022-32205
MISC
cybozu -- garoonBrowse restriction bypass vulnerability in Bulletin of Cybozu Garoon allows a remote authenticated attacker to obtain the data of Bulletin.2022-07-04not yet calculatedCVE-2022-29471
MISC
MISC
cybozu -- garoonImproper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to repeatedly display errors in certain functions and cause a denial-of-service (DoS).2022-07-04not yet calculatedCVE-2022-29892
MISC
MISC
cybozu -- garoonImproper authentication vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote attacker to obtain some data of Facility Information without logging in to the product.2022-07-04not yet calculatedCVE-2022-28713
MISC
MISC
cybozu -- garoonCross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.10.0 to 5.5.1 allows a remote authenticated attacker with an administrative privilege to execute an arbitrary script.2022-07-04not yet calculatedCVE-2022-29513
MISC
MISC
cybozu -- garoonOperation restriction bypass vulnerability in Space of Cybozu Garoon 4.0.0 to 5.9.0 allows a remote authenticated attacker to delete the data of Space.2022-07-04not yet calculatedCVE-2022-29484
MISC
MISC
cybozu -- garoonAddress information disclosure vulnerability in Cybozu Garoon 4.2.0 to 5.5.1 allows a remote authenticated attacker to obtain some data of Address.2022-07-04not yet calculatedCVE-2022-29467
MISC
MISC
cybozu -- garoonOperation restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.5.1 allow a remote authenticated attacker to alter the data of Bulletin.2022-07-04not yet calculatedCVE-2022-28718
MISC
MISC
cybozu -- garoonOperation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Link.2022-07-04not yet calculatedCVE-2022-26054
MISC
MISC
cybozu -- garoonImproper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Scheduler.2022-07-04not yet calculatedCVE-2022-28692
MISC
MISC
cybozu -- garoonOperation restriction bypass vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Workflow.2022-07-04not yet calculatedCVE-2022-27661
MISC
MISC
cybozu -- garoonImproper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to disable to add Categories.2022-07-04not yet calculatedCVE-2022-27807
MISC
MISC
cybozu -- garoonOperation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Portal.2022-07-04not yet calculatedCVE-2022-26051
MISC
MISC
cybozu -- garoonCross-site scripting vulnerability in Organization's Information of Cybozu Garoon 4.10.2 to 5.5.1 allows a remote attacker to execute an arbitrary script on the logged-in user's web browser.2022-07-04not yet calculatedCVE-2022-27627
MISC
MISC
cybozu -- garoonImproper input validation vulnerability in Space of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter the data of Space.2022-07-04not yet calculatedCVE-2022-27803
MISC
MISC
cybozu -- garoonBrowse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet.2022-07-04not yet calculatedCVE-2022-26368
MISC
MISC
dell -- cloud_mobility_for_dell_emc_storage
 
Cloud Mobility for Dell EMC Storage, 1.3.0.XXX contains a RCE vulnerability. A non-privileged user could potentially exploit this vulnerability, leading to achieving a root shell. This is a critical issue; so Dell recommends customers to upgrade at the earliest opportunity.2022-07-07not yet calculatedCVE-2022-33936
CONFIRM
dell -- powerprotect_cyber_recoveryDell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged authenticated user can chain docker commands to escalate privileges to root leading to complete system takeover.2022-07-07not yet calculatedCVE-2022-32481
CONFIRM
devolutions -- devolutions_serverHTML injection vulnerability in secure messages of Devolutions Server before 2022.2 allows attackers to alter the rendering of the page or redirect a user to another site.2022-07-06not yet calculatedCVE-2022-2316
MISC
devolutions -- devolutions_serverIncorrect permission management in Devolutions Server before 2022.2 allows a new user with a preexisting username to inherit the permissions of that previous user.2022-07-07not yet calculatedCVE-2022-33996
MISC
MISC
dice -- diceAn arbitrary file upload vulnerability in Dice v4.2.0 allows attackers to execute arbitrary code via a crafted file.2022-07-05not yet calculatedCVE-2022-32413
MISC
digital_guardian_agent -- digital_guardian_agent
 
Digital Guardian Agent 7.7.4.0042 allows an administrator (who ordinarily does not have a supported way to uninstall the product) to disable some of the agent functionality and then exfiltrate files to an external USB device.2022-07-08not yet calculatedCVE-2022-35412
MISC
MISC
django -- django
 
An issue was discovered in Django 3.2 before 3.2.14 and 4.0 before 4.0.6. The Trunc() and Extract() database functions are subject to SQL injection if untrusted data is used as a kind/lookup_name value. Applications that constrain the lookup name and kind choice to a known safe list are unaffected.2022-07-04not yet calculatedCVE-2022-34265
CONFIRM
MISC
MISC
eclipse -- eclipse_jetty
 
In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario.2022-07-07not yet calculatedCVE-2022-2047
CONFIRM
eclipse -- eclipse_jetty
 
In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests.2022-07-07not yet calculatedCVE-2022-2048
CONFIRM
eclipse -- eclipse_lyo
 
In Eclipse Lyo versions 1.0.0 to 4.1.0, a TransformerFactory is initialized with the defaults that do not restrict DTD loading when working with RDF/XML. This allows an attacker to cause an external DTD to be retrieved.2022-07-07not yet calculatedCVE-2021-41042
CONFIRM
eclipse -- eclipse_p2
 
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, it's possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source.2022-07-08not yet calculatedCVE-2021-41037
CONFIRM
eclipse -- jetty
 
In Eclipse Jetty versions 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, SslConnection does not release ByteBuffers from configured ByteBufferPool in case of error code paths.2022-07-07not yet calculatedCVE-2022-2191
CONFIRM
eidogo -- eidogo
 
EidoGo is susceptible to Cross-Site Scripting (XSS) attacks via maliciously crafted SGF input.2022-07-06not yet calculatedCVE-2015-3172
MISC
MISC
elastic -- endpoint_security_for_windowsA local privilege escalation (LPE) issue was discovered in the ransomware canaries features of Elastic Endpoint Security for Windows, which could allow unprivileged users to elevate their privileges to those of the LocalSystem account.2022-07-06not yet calculatedCVE-2022-23714
MISC
MISC
elastic -- kibanaA cross-site-scripting (XSS) vulnerability was discovered in the Vega Charts Kibana integration which could allow arbitrary JavaScript to be executed in a victim’s browser.2022-07-06not yet calculatedCVE-2022-23713
MISC
MISC
eqs_group -- eqs_integrity_line
 
EQS Integrity Line through 2022-07-01 allows a stored XSS via a crafted whistleblower entry.2022-07-07not yet calculatedCVE-2022-34007
MISC
MISC
MISC
MISC
MISC
gallagher -- command_centre
 
Command Centre Server is vulnerable to SQL Injection via Windows Registry settings for date fields on the server. The Windows Registry setting allows an attacker using the Visitor Management Kiosk, an application designed for public use, to invoke an arbitrary SQL query that has been preloaded into the registry of the Windows Server to obtain sensitive information. This issue affects: Gallagher Command Centre 8.60 versions prior to 8.60.1652; 8.50 versions prior to 8.50.2245; 8.40 versions prior to 8.40.2216; 8.30 versions prior to 8.30.1470; version 8.20 and prior versions.2022-07-06not yet calculatedCVE-2022-26348
MISC
gallagher -- controller_6000
 
Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a.2022-07-06not yet calculatedCVE-2022-26078
MISC
gfi_software -- mail_archiver
 
File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.2022-07-07not yet calculatedCVE-2021-29281
MISC
MISC
MISC
MISC
MISC
giftpd -- giftpd
 
An issue was discovered in glFTPd 2.11a that allows remote attackers to cause a denial of service via exceeding the connection limit.2022-07-07not yet calculatedCVE-2021-31645
MISC
MISC
gitlab -- gitlab_ee
 
An issue has been discovered in GitLab EE affecting all versions starting from 12.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. In GitLab, if a group enables the setting to restrict access to users belonging to specific domains, that allow-list may be bypassed if a Maintainer uses the 'Invite a group' feature to invite a group that has members that don't comply with domain allow-list.2022-07-01not yet calculatedCVE-2022-1981
MISC
MISC
CONFIRM
gnu -- grub2
 
A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.2022-07-06not yet calculatedCVE-2021-3697
MISC
gnu -- grub2
 
A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.2022-07-06not yet calculatedCVE-2021-3695
MISC
gnu -- grub2
 
A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.2022-07-06not yet calculatedCVE-2021-3696
MISC
gnupg -- gnupg
 
GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.2022-07-01not yet calculatedCVE-2022-34903
MISC
MISC
MISC
MLIST
DEBIAN
FEDORA
google -- androidIn Autoboot, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06713894; Issue ID: ALPS06713894.2022-07-06not yet calculatedCVE-2022-21777
MISC
google -- androidIn TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641388; Issue ID: ALPS06641388.2022-07-06not yet calculatedCVE-2022-21773
MISC
google -- androidIn TEEI driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641447; Issue ID: ALPS06641447.2022-07-06not yet calculatedCVE-2022-21774
MISC
google -- androidIn sched driver, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479032; Issue ID: ALPS06479032.2022-07-06not yet calculatedCVE-2022-21775
MISC
google -- androidIn MDP, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06545450; Issue ID: ALPS06545450.2022-07-06not yet calculatedCVE-2022-21776
MISC
google -- androidIn WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704462.2022-07-06not yet calculatedCVE-2022-21784
MISC
google -- androidIn WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704393.2022-07-06not yet calculatedCVE-2022-21779
MISC
google -- androidIn CCCI, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641687.2022-07-06not yet calculatedCVE-2022-21769
MISC
google -- androidIn WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06807363; Issue ID: ALPS06807363.2022-07-06not yet calculatedCVE-2022-21785
MISC
google -- androidIn audio DSP, there is a possible memory corruption due to improper casting. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558822; Issue ID: ALPS06558822.2022-07-06not yet calculatedCVE-2022-21786
MISC
google -- androidIn audio DSP, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558844; Issue ID: ALPS06558844.2022-07-06not yet calculatedCVE-2022-21787
MISC
google -- androidIn CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641673.2022-07-06not yet calculatedCVE-2022-21765
MISC
google -- android
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704508.2022-07-06not yet calculatedCVE-2022-21782
MISC
google -- android
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704526.2022-07-06not yet calculatedCVE-2022-21780
MISC
google -- android
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704433.2022-07-06not yet calculatedCVE-2022-21781
MISC
google -- android
 
In TEEI driver, there is a possible type confusion due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06493842; Issue ID: ALPS06493842.2022-07-06not yet calculatedCVE-2022-21772
MISC
google -- android
 
In GED driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641585; Issue ID: ALPS06641585.2022-07-06not yet calculatedCVE-2022-21771
MISC
google -- android
 
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784351; Issue ID: ALPS06784351.2022-07-06not yet calculatedCVE-2022-21768
MISC
google -- android
 
In WLAN driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06704526; Issue ID: ALPS06704482.2022-07-06not yet calculatedCVE-2022-21783
MISC
google -- android
 
In CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06641673; Issue ID: ALPS06641653.2022-07-06not yet calculatedCVE-2022-21766
MISC
google -- android
 
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06784430; Issue ID: ALPS06784430.2022-07-06not yet calculatedCVE-2022-21767
MISC
google -- android
 
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044708.2022-07-06not yet calculatedCVE-2022-21763
MISC
google -- android
 
In sound driver, there is a possible information disclosure due to symlink following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06558663; Issue ID: ALPS06558663.2022-07-06not yet calculatedCVE-2022-21770
MISC
google -- android
 
In telecom service, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044717; Issue ID: ALPS07044717.2022-07-06not yet calculatedCVE-2022-21764
MISC
google -- google_login_plugin
 
The Google Login Plugin (versions 1.0 and 1.1) allows malicious anonymous users to authenticate successfully against Jenkins instances that are supposed to be locked down to a particular Google Apps domain through client-side request modification.2022-07-07not yet calculatedCVE-2015-5298
MISC
MISC
gpu -- gpu
 
In GPU, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07044730; Issue ID: ALPS07044730.2022-07-06not yet calculatedCVE-2022-20082
MISC
hcl_technologies -- hcl_launchHCL Launch stores user credentials in plain clear text which can be read by a local user.2022-07-06not yet calculatedCVE-2022-27548
MISC
hcl_technologies -- hcl_launchHCL Launch may store certain data for recurring activities in a plain text format.2022-07-06not yet calculatedCVE-2022-27549
MISC
heroic_labs -- nakama
 
Old session tokens can be used to authenticate to the application and send authenticated requests.2022-07-05not yet calculatedCVE-2022-2306
MISC
CONFIRM
heroiclabs -- nakamaImproper Restriction of Excessive Authentication Attempts in GitHub repository heroiclabs/nakama prior to 3.13.0. This results in login brute-force attacks.2022-07-05not yet calculatedCVE-2022-2321
CONFIRM
MISC
hewlett_packard_enterprise -- flexnetwork_and_flexfabric
 
A potential security vulnerability has been identified in certain HPE FlexNetwork and FlexFabric switch products. The vulnerability could be remotely exploited to allow cross site scripting (XSS). HPE has made the following software updates to resolve the vulnerability. HPE FlexNetwork 5130EL_7.10.R3507P02 and HPE FlexFabric 5945_7.10.R6635.2022-07-08not yet calculatedCVE-2022-28624
MISC
hewlett_packard_enterprise -- icewall_sso
 
Security vulnerabilities in HPE IceWall SSO 10.0 certd could be exploited remotely to allow SQL injection or unauthorized data injection. HPE has provided the following updated modules to resolve these vulnerabilities. HPE IceWall SSO version 10.0 certd library Patch 9 for RHEL and HPE IceWall SSO version 10.0 certd library Patch 9 for HP-UX.2022-07-08not yet calculatedCVE-2022-28623
MISC
hex-rays -- hex-rays-ida-pro
 
A memory corruption in Hex Rays Ida Pro v6.6 allows attackers to cause a Denial of Service (DoS) via a crafted file. Related to Data from Faulting Address controls subsequent Write Address starting at msvcrt!memcpy+0x0000000000000056.2022-07-07not yet calculatedCVE-2022-32441
MISC
hpjansson -- chafaBuffer Over-read in GitHub repository hpjansson/chafa prior to 1.10.3.2022-07-04not yet calculatedCVE-2022-2301
MISC
CONFIRM
humhub -- humhub
 
HumHub is an Open Source Enterprise Social Network. Affected versions of HumHub are vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, the attacker would need a permission to administer the Spaces feature. The names of individual "spaces" are not properly escaped and so an attacker with sufficient privilege could insert malicious javascript into a space name and exploit system users who visit that space. It is recommended that the HumHub is upgraded to 1.11.4, 1.10.5. There are no known workarounds for this issue.2022-07-07not yet calculatedCVE-2022-31133
MISC
MISC
MISC
CONFIRM
ibm -- app_connect_enterprise_certified_containerIBM App Connect Enterprise Certified Container 4.2 could allow a user from the administration console to cause a denial of service by creating a specially crafted request. IBM X-Force ID: 228221.2022-07-05not yet calculatedCVE-2022-31770
CONFIRM
XF
ibm -- cics_tx_standard_and_advancedIBM CICS TX Standard and Advanced 11.1 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 229330.2022-07-08not yet calculatedCVE-2022-34160
CONFIRM
CONFIRM
XF
ibm -- cics_tx_standard_and_advancedIBM CICS TX Standard and Advanced 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229430.2022-07-08not yet calculatedCVE-2022-34166
CONFIRM
XF
CONFIRM
ibm -- cics_tx_standard_and_advancedIBM CICS TX Standard and Advanced 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 229432.2022-07-08not yet calculatedCVE-2022-34167
CONFIRM
XF
CONFIRM
ibm -- cics_tx_standard_and_advancedIBM CICS TX Standard and Advanced 11.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 229435.2022-07-08not yet calculatedCVE-2022-34306
XF
CONFIRM
CONFIRM
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 could allow a local user to obtain elevated privileges due to improper access permissions. IBM X-Force ID: 225082.2022-07-08not yet calculatedCVE-2022-22465
CONFIRM
XF
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 225081.2022-07-08not yet calculatedCVE-2022-22464
CONFIRM
XF
ibm -- security_access_manager_appliance
 
IBM Security Access Manager Appliance 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 225079.2022-07-08not yet calculatedCVE-2022-22463
CONFIRM
XF
ibm -- security_verify_access
 
IBM Security Verify Access 10.0.0.0, 10.0.1.0, 10.0.2.0, and 10.0.3.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 221194.2022-07-08not yet calculatedCVE-2022-22370
CONFIRM
XF
ibm -- websphere_application_server_liberty_and_open_liberty
 
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.7 and Open Liberty are vulnerable to identity spoofing by an authenticated user using a specially crafted request. IBM X-Force ID: 225604.2022-07-08not yet calculatedCVE-2022-22476
CONFIRM
XF
immersive_labs -- centos_web_panelThe password reset token in CWP v0.9.8.1126 is generated using known or predictable values.2022-07-07not yet calculatedCVE-2022-25047
MISC
immersive_labs -- centos_web_panelCommand injection vulnerability in CWP v0.9.8.1126 that allows normal users to run commands as the root user.2022-07-07not yet calculatedCVE-2022-25048
MISC
immersive_labs -- centos_web_panelA path traversal vulnerability in loader.php of CWP v0.9.8.1122 allows attackers to execute arbitrary code via a crafted POST request.2022-07-07not yet calculatedCVE-2022-25046
MISC
ingredient_stock_management_system -- ingredient_stock_management_systemAn access control issue in Ingredient Stock Management System v1.0 allows attackers to take over user accounts via a crafted POST request to /isms/classes/Users.php.2022-07-05not yet calculatedCVE-2022-32310
MISC
ingredient_stock_management_system -- ingredient_stock_management_systemIngredient Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /isms/admin/stocks/view_stock.php.2022-07-05not yet calculatedCVE-2022-32311
MISC
iobit -- advanced_system_care
 
In IOBit Advanced System Care (AscService.exe) 15, an attacker with SEImpersonatePrivilege can create a named pipe with the same name as one of ASCService's named pipes. ASCService first tries to connect before trying to create the named pipes, because of that during login the service will try to connect to the attacker which will lead to either escalation of privileges (through token manipulation and ImpersonateNamedPipeClient() ) from ADMIN -> SYSTEM or from Local ADMIN-> Domain ADMIN depending on the user and named pipe that is used.2022-07-06not yet calculatedCVE-2022-24139
MISC
MISC
MISC
iobit -- advanced_system_care_and_action_download_center
 
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of IOBit suite into ProgramData folder, ProgramData folder has "rwx" permissions for unprivileged users. Low privilege users can use SetOpLock to wait for CreateProcess and switch the genuine component with a malicious executable thus gaining code execution as a high privilege user (Low Privilege -> high integrity ADMIN).2022-07-06not yet calculatedCVE-2022-24138
MISC
MISC
MISC
iobit -- itop_vpnThe iTopVPNmini.exe component of iTop VPN 3.2 will try to connect to datastate_iTopVPN_Pipe_Server on a loop. An attacker that opened a named pipe with the same name can use it to gain the token of another user by listening for connections and abusing ImpersonateNamedPipeClient().2022-07-06not yet calculatedCVE-2022-24141
MISC
MISC
MISC
iobit -- multiple_products
 
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop Screenshot sends HTTP requests in their update procedure in order to download a config file. After downloading the config file, the products will parse the HTTP location of the update from the file and will try to install the update automatically with ADMIN privileges. An attacker Intercepting this communication can supply the product a fake config file with malicious locations for the updates thus gaining a remote code execution on an endpoint.2022-07-06not yet calculatedCVE-2022-24140
MISC
MISC
MISC
jfrog -- jfrog_artifactory
 
JFrog Artifactory prior to version 7.29.8 and 6.23.38 is vulnerable to Reflected Cross-Site Scripting (XSS) through one of the XHR parameters in Users REST API endpoint. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.36.1 versions prior to 7.29.8; JFrog Artifactory versions before 6.23.41 versions prior to 6.23.38.2022-07-06not yet calculatedCVE-2021-45721
MISC
MISC
jfrog -- jfrog_artifactory
 
JFrog Artifactory prior to version 7.31.10 and 6.23.38 is vulnerable to Sensitive Data Exposure through the Project Administrator REST API. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.31.10 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.2022-07-06not yet calculatedCVE-2021-46687
MISC
MISC
jfrog -- jfrog_artifactory
 
JFrog Artifactory prior to version 7.33.6 and 6.23.38, is vulnerable to CSRF ( Cross-Site Request Forgery) for specific endpoints. This issue affects: JFrog JFrog Artifactory JFrog Artifactory versions before 7.33.6 versions prior to 7.x; JFrog Artifactory versions before 6.23.38 versions prior to 6.x.2022-07-06not yet calculatedCVE-2021-23163
MISC
MISC
kddi_corporation -- home_spot_cube2HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product.2022-07-04not yet calculatedCVE-2022-33948
MISC
MISC
keycloak -- keycloak
 
A privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.2022-07-08not yet calculatedCVE-2022-1245
MISC
known -- knownKnown v1.3.1+2020120201 was discovered to allow attackers to perform an account takeover via a host header injection attack.2022-07-08not yet calculatedCVE-2022-33011
MISC
MISC
MISC
MISC
known -- knownA cross-site scripting (XSS) vulnerability in Known v1.2.2+2020061101 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Your Name text field.2022-07-08not yet calculatedCVE-2022-31290
MISC
MISC
MISC
MISC
known -- known
 
An issue in the isSVG() function of Known v1.2.2+2020061101 allows attackers to execute arbitrary code via a crafted SVG file.2022-07-08not yet calculatedCVE-2022-32115
MISC
MISC
MISC
known -- known
 
Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR).2022-07-08not yet calculatedCVE-2022-30852
MISC
MISC
MISC
linux -- hyperledger_fabric
 
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.2022-07-07not yet calculatedCVE-2022-31121
MISC
MISC
MISC
CONFIRM
linux -- linux_kernelThere are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges.2022-07-06not yet calculatedCVE-2022-2318
MISC
linux -- linux_kernel
 
An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.2022-07-04not yet calculatedCVE-2022-34918
MISC
MISC
MISC
MLIST
lxml -- lxml
 
NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.2022-07-05not yet calculatedCVE-2022-2309
CONFIRM
MISC
magnolia_cms -- magnolia_cms
 
Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload.2022-07-07not yet calculatedCVE-2022-33098
MISC
mat2 -- mat2
 
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process. This primarily affects mat2 web instances, in which clients could obtain sensitive information via a crafted archive.2022-07-08not yet calculatedCVE-2022-35410
MISC
MISC
MISC
mediatek -- modem_2g_and_3g_cc
 
In Modem 2G/3G CC, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding combined FACILITY with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00803883; Issue ID: MOLY00803883.2022-07-06not yet calculatedCVE-2022-20083
MISC
mediatek -- modem_2g_rr
 
In Modem 2G RR, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when decoding GPRS Packet Neighbour Cell Data (PNCD) improper neighbouring cell size with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00810064; Issue ID: ALPS06641626.2022-07-06not yet calculatedCVE-2022-21744
MISC
mediawiki -- mediawikiAn issue was discovered in MediaWiki before 1.37.3 and 1.38.x before 1.38.1. The contributions-title, used on Special:Contributions, is used as page title without escaping. Hence, in a non-default configuration where a username contains HTML entities, it won't be escaped.2022-07-02not yet calculatedCVE-2022-34912
MISC
mediawiki -- mediawiki
 
An issue was discovered in MediaWiki before 1.35.7, 1.36.x and 1.37.x before 1.37.3, and 1.38.x before 1.38.1. XSS can occur in configurations that allow a JavaScript payload in a username. After account creation, when it sets the page title to "Welcome" followed by the username, the username is not escaped: SpecialCreateAccount::successfulAction() calls ::showSuccessPage() with a message as second parameter, and OutputPage::setPageTitle() uses text().2022-07-02not yet calculatedCVE-2022-34911
MISC
microsoft -- edgeMicrosoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-30192, CVE-2022-33638, CVE-2022-33639.2022-07-07not yet calculatedCVE-2022-33680
N/A
microweber -- microweberPrior to microweber/microweber v1.2.20, due to improper neutralization of input, an attacker can steal tokens to perform cross-site request forgery, fetch contents from same-site and redirect a user.2022-07-09not yet calculatedCVE-2022-2353
MISC
CONFIRM
microweber -- microweberCross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.19.2022-07-04not yet calculatedCVE-2022-2300
CONFIRM
MISC
mini-tmall -- mini-tmall
 
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper.2022-07-06not yet calculatedCVE-2022-30929
MISC
MISC
moment -- moment
 
moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.2022-07-06not yet calculatedCVE-2022-31129
MISC
MISC
CONFIRM
MISC
nacos -- nacos
 
An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.2022-07-05not yet calculatedCVE-2021-43116
MISC
MISC
nesote_technologies -- inout_homestay_script
 
Inout Homestay v2.2 was discovered to contain a SQL injection vulnerability via the guests parameter at /index.php?page=search/rentals.2022-07-07not yet calculatedCVE-2022-32055
MISC
nextauth.js -- nextauth.js
 
NextAuth.js is a complete open source authentication solution for Next.js applications. An attacker can pass a compromised input to the e-mail [signin endpoint](https://next-auth.js.org/getting-started/rest-api#post-apiauthsigninprovider) that contains some malicious HTML, tricking the e-mail server to send it to the user, so they can perform a phishing attack. Eg.: `balazs@email.com, <a href="http://attacker.com">Before signing in, claim your money!</a>`. This was previously sent to `balazs@email.com`, and the content of the email containing a link to the attacker's site was rendered in the HTML. This has been remedied in the following releases, by simply not rendering that e-mail in the HTML, since it should be obvious to the receiver what e-mail they used: next-auth v3 users before version 3.29.8 are impacted. (We recommend upgrading to v4, as v3 is considered unmaintained. next-auth v4 users before version 4.9.0 are impacted. If for some reason you cannot upgrade, the workaround requires you to sanitize the `email` parameter that is passed to `sendVerificationRequest` and rendered in the HTML. If you haven't created a custom `sendVerificationRequest`, you only need to upgrade. Otherwise, make sure to either exclude `email` from the HTML body or efficiently sanitize it.2022-07-06not yet calculatedCVE-2022-31127
MISC
CONFIRM
MISC
MISC
MISC
nextcloud -- nextcloud_mail
 
Nextcloud mail is a Mail app for the Nextcloud home server product. Versions of Nextcloud mail prior to 1.12.2 were found to be missing user account ownership checks when performing tasks related to mail attachments. Attachments may have been exposed to incorrect system users. It is recommended that the Nextcloud Mail app is upgraded to 1.12.2. There are no known workarounds for this issue. ### Workarounds No workaround available ### References * [Pull request](https://github.com/nextcloud/mail/pull/6600) * [HackerOne](https://hackerone.com/reports/1579820) ### For more information If you have any questions or comments about this advisory: * Create a post in [nextcloud/security-advisories](https://github.com/nextcloud/security-advisories/discussions) * Customers: Open a support ticket at [support.nextcloud.com](https://support.nextcloud.com)2022-07-06not yet calculatedCVE-2022-31131
MISC
CONFIRM
MISC
nextcloud -- nextcloud_server
 
Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue.2022-07-05not yet calculatedCVE-2022-31014
CONFIRM
MISC
MISC
nocodb -- nocodbWith this SSRF vulnerability, an attacker can reach internal addresses to make a request as the server and read it's contents. This attack can lead to leak of sensitive information.2022-07-07not yet calculatedCVE-2022-2339
CONFIRM
MISC
northern.tech -- mender
 
The client in Northern.tech Mender 3.2.0, 3.2.1, and 3.2.2 has Incorrect Access Control. It listens on a random, unprivileged TCP port and exposes an HTTP proxy to facilitate API calls from additional client components running on the device. However, it listens on all network interfaces instead of only the localhost interface. Therefore, any client on the same network can connect to this TCP port and send HTTP requests. The Mender Client will forward these requests to the Mender Server. Additionally, if mTLS is set up, the Mender Client will connect to the Mender Server using the device's client certificate, making it possible for the attacker to bypass mTLS authentication and send requests to the Mender Server without direct access to the client certificate and related private key. Accessing the HTTP proxy from the local network doesn't represent a direct threat, because it doesn't expose any device or server-specific data. However, it increases the attack surface and can be a potential vector to exploit other vulnerabilities both on the Client and the Server.2022-07-06not yet calculatedCVE-2022-32290
MISC
MISC
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 contains a vulnerability in SBIOS in the SmbiosPei, which may allow a highly privileged local attacker to cause an out-of-bounds write, which may lead to code execution, denial of service, compromised integrity, and information disclosure.2022-07-04not yet calculatedCVE-2022-31601
CONFIRM
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with high privileges and preconditioned IpSecDxe global data can exploit improper validation of an array index to cause code execution, which may lead to denial of service, data integrity impact, and information disclosure.2022-07-04not yet calculatedCVE-2022-31603
CONFIRM
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 contains a vulnerability in SBIOS in the IpSecDxe, where a user with elevated privileges and a preconditioned heap can exploit an out-of-bounds write vulnerability, which may lead to code execution, denial of service, data integrity impact, and information disclosure.2022-07-04not yet calculatedCVE-2022-31602
CONFIRM
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 contains a vulnerability in SBIOS in the SmmCore, where a user with high privileges can chain another vulnerability to this vulnerability, causing an integer overflow, possibly leading to code execution, escalation of privileges, denial of service, compromised integrity, and information disclosure. The scope of impact can extend to other components.2022-07-04not yet calculatedCVE-2022-31600
CONFIRM
nvidia -- dgx_a100_firmware
 
NVIDIA DGX A100 contains a vulnerability in SBIOS in the BiosCfgTool, where a local user with elevated privileges can read and write beyond intended bounds in SMRAM, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.2022-07-02not yet calculatedCVE-2022-28200
MISC
nvidia -- dgx_a100_firmware
 
NVIDIA DGX A100 contains a vulnerability in SBIOS in the Ofbd, where a local user with elevated privileges can cause access to an uninitialized pointer, which may lead to code execution, escalation of privileges, denial of service, and information disclosure. The scope of impact can extend to other components.2022-07-04not yet calculatedCVE-2022-31599
CONFIRM
omron -- machine_automation_controller
 
Use of hard-coded credentials vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who successfully obtained the user credentials by analyzing the affected product to access the controller.2022-07-04not yet calculatedCVE-2022-34151
MISC
MISC
omron -- machine_automation_controller
 
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, and Machine automation controller NJ series all models V 1.48 and earlier, which may allow an adjacent attacker who can analyze the communication between the controller and the specific software used by OMRON internally to cause a denial-of-service (DoS) condition or execute a malicious program.2022-07-04not yet calculatedCVE-2022-33971
MISC
MISC
omron -- machine_automation_controller_nj_series_and_nx_series
 
Authentication bypass by capture-replay vulnerability exists in Machine automation controller NJ series all models V 1.48 and earlier, Machine automation controller NX7 series all models V1.28 and earlier, Machine automation controller NX1 series all models V1.48 and earlier, Automation software 'Sysmac Studio' all models V1.49 and earlier, and Programmable Terminal (PT) NA series NA5-15W/NA5-12W/NA5-9W/NA5-7W models Runtime V1.15 and earlier, which may allow a remote attacker who can analyze the communication between the affected controller and automation software 'Sysmac Studio' and/or a Programmable Terminal (PT) to access the controller.2022-07-04not yet calculatedCVE-2022-33208
MISC
MISC
online_accreditation_management -- online_accreditation_management
 
Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.2022-07-07not yet calculatedCVE-2022-32056
MISC
opencart -- newsletter_moduleNewsletter Module v3.x was discovered to contain a SQL injection vulnerability via the zemez_newsletter_email parameter at /index.php.2022-07-05not yet calculatedCVE-2022-31856
MISC
opencti -- opencti
 
A stored Cross-site Scripting (XSS) vulnerability was identified in the Data Import functionality of OpenCTI through 5.2.4. An attacker can abuse the vulnerability to upload a malicious file that will then be executed by a victim when they open the file location.2022-07-05not yet calculatedCVE-2022-30289
MISC
MISC
opencti -- opencti
 
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the interface, legitimately.2022-07-05not yet calculatedCVE-2022-30290
MISC
MISC
openssh_key_parser -- openssh_key_parser
 
openssh_key_parser is an open source Python package providing utilities to parse and pack OpenSSH private and public key files. In versions prior to 0.0.6 if a field of a key is shorter than it is declared to be, the parser raises an error with a message containing the raw field value. An attacker able to modify the declared length of a key's sensitive field can thus expose the raw value of that field. Users are advised to upgrade to version 0.0.6, which no longer includes the raw field value in the error message. There are no known workarounds for this issue.2022-07-06not yet calculatedCVE-2022-31124
MISC
CONFIRM
MISC
MISC
MISC
openssl -- openssl
 
The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines and memory corruption will happen during the computation. As a consequence of the memory corruption an attacker may be able to trigger a remote code execution on the machine performing the computation. SSL/TLS servers or other servers using 2048 bit RSA private keys running on machines supporting AVX512IFMA instructions of the X86_64 architecture are affected by this issue.2022-07-01not yet calculatedCVE-2022-2274
CONFIRM
CONFIRM
CONFIRM
openssl -- openssl
 
AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4). Fixed in OpenSSL 1.1.1q (Affected 1.1.1-1.1.1p).2022-07-05not yet calculatedCVE-2022-2097
CONFIRM
CONFIRM
CONFIRM
FEDORA
openvpn -- openvpn_access_serverThe OpenVPN Access Server installer creates a log file readable for everyone, which from version 2.10.0 and before 2.11.0 may contain a random generated admin password2022-07-06not yet calculatedCVE-2022-33737
MISC
openvpn -- openvpn_access_serverOpenVPN Access Server before 2.11 uses a weak random generator used to create user session token for the web portal2022-07-06not yet calculatedCVE-2022-33738
MISC
openvpn -- openvpn_access_server
 
OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset packet sent from the client which the client again does not respond to, resulting in a limited amplification attack.2022-07-06not yet calculatedCVE-2021-4234
MISC
otfcc -- otfccOTFCC v0.10.4 was discovered to contain a heap buffer overflow after free via otfccbuild.c.2022-07-06not yet calculatedCVE-2022-33047
MISC
MISC
outline -- outlineCross-site Scripting (XSS) - Stored in GitHub repository outline/outline prior to v0.64.4.2022-07-07not yet calculatedCVE-2022-2342
MISC
CONFIRM
parity_technologies -- frontier
 
Frontier is Substrate's Ethereum compatibility layer. In affected versions the truncation done when converting between EVM balance type and Substrate balance type was incorrectly implemented. This leads to possible discrepancy between appeared EVM transfer value and actual Substrate value transferred. It is recommended that an emergency upgrade to be planned and EVM execution temporarily paused in the mean time. The issue is patched in Frontier master branch commit fed5e0a9577c10bea021721e8c2c5c378e16bf66 and polkadot-v0.9.22 branch commit e3e427fa2e5d1200a784679f8015d4774cedc934. This vulnerability affects only EVM internal states, but not Substrate balance states or node. You can temporarily pause EVM execution (by setting up a Substrate `CallFilter` that disables `pallet-evm` and `pallet-ethereum` calls before the patch can be applied.2022-07-06not yet calculatedCVE-2022-31111
MISC
CONFIRM
MISC
MISC
pescms -- pescms
 
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that allows attackers to delete admin and other members' account numbers.2022-07-06not yet calculatedCVE-2021-31679
MISC
MISC
MISC
pescms -- pescms
 
A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction.2022-07-06not yet calculatedCVE-2021-31676
MISC
MISC
MISC
pescms -- pescms
 
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can delete import information about a user's company.2022-07-06not yet calculatedCVE-2021-31678
MISC
MISC
MISC
pescms -- pescms
 
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords.2022-07-06not yet calculatedCVE-2021-31677
MISC
MISC
MISC
priority -- priorityThis vulnerability affect user that even not allowed to access via the web interface. First of all, the attacker needs to access the "Login menu - demo site" then he can see in this menu all the functionality of the application. If the attacker will try to click on one of the links, he will get an answer that he is not authorized because he needs to log in with credentials. after he performed log in to the system there are some functionalities that the specific user is not allowed to perform because he was configured with low privileges however all the attacker need to do in order to achieve his goals is to change the value of the prog step parameter from 0 to 1 or more and then the attacker could access to some of the functionality the web application that he couldn't perform it before the parameter changed.2022-07-06not yet calculatedCVE-2022-23173
MISC
priority -- priorityAn attacker can access to "Forgot my password" button, as soon as he puts users is valid in the system, the system would issue a message that a password reset email had been sent to user. This way you can verify which users are in the system and which are not.2022-07-06not yet calculatedCVE-2022-23172
MISC
redhat -- cloudforms
 
A insecure configuration for certificate verification (http.verify_mode = OpenSSL::SSL::VERIFY_NONE) may lead to verification bypass in Red Hat CloudForms 5.x.2022-07-06not yet calculatedCVE-2014-8164
MISC
redhat -- icedtea-web
 
It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase value.2022-07-07not yet calculatedCVE-2015-5236
MISC
redhat -- openshift_origin
 
In Openshift Origin 3 the cookies being set in console have no 'secure', 'HttpOnly' attributes.2022-07-07not yet calculatedCVE-2015-3207
MISC
MISC
MISC
roxy-wi -- roxy-wiRoxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 6.1.1.0 are subject to a remote code execution vulnerability. System commands can be run remotely via the subprocess_execute function without processing the inputs received from the user in the /app/options.py file. Attackers need not be authenticated to exploit this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability.2022-07-08not yet calculatedCVE-2022-31137
CONFIRM
MISC
roxy-wi -- roxy-wi
 
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to code execution by sending a specially crafted HTTP request to /app/options.py file. This affects Roxy-wi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.2022-07-06not yet calculatedCVE-2022-31126
CONFIRM
roxy-wi -- roxy-wi
 
Roxy-wi is an open source web interface for managing Haproxy, Nginx, Apache and Keepalived servers. A vulnerability in Roxy-wi allows a remote, unauthenticated attacker to bypass authentication and access admin functionality by sending a specially crafted HTTP request. This affects Roxywi versions before 6.1.1.0. Users are advised to upgrade. There are no known workarounds for this issue.2022-07-06not yet calculatedCVE-2022-31125
CONFIRM
rpc.py -- rpc.py
 
rpc.py through 0.6.0 allows Remote Code Execution because an unpickle occurs when the "serializer: pickle" HTTP header is sent. In other words, although JSON (not Pickle) is the default data format, an unauthenticated client can cause the data to be processed with unpickle.2022-07-08not yet calculatedCVE-2022-35411
MISC
MISC
MISC
snipe_it -- snipe_it_asset_managementAn arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.2022-07-07not yet calculatedCVE-2022-32060
MISC
snipe_it -- snipe_it_asset_managementAn arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file.2022-07-07not yet calculatedCVE-2022-32061
MISC
so_filter_shop -- so_filter_shop
 
So Filter Shop v3.x was discovered to contain multiple blind SQL injection vulnerabilities via the att_value_id , manu_value_id , opt_value_id , and subcate_value_id parameters at /index.php?route=extension/module/so_filter_shop_by/filter_data.2022-07-05not yet calculatedCVE-2022-34972
MISC
symantec -- symantec_advanced_secure_gateway_and_proxysg
 
Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync vulnerability. When a remote unauthenticated attacker and other web clients communicate through the proxy with the same web server, the attacker can send crafted HTTP requests and cause the proxy to forward web server responses to unintended clients. Severity/CVSSv3: High / 8.1 AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N2022-07-07not yet calculatedCVE-2021-46825
MISC
synology -- photo_stationSession fixation vulnerability in access control management in Synology Photo Station before 6.8.16-3506 allows remote attackers to bypass security constraint via unspecified vectors.2022-07-06not yet calculatedCVE-2022-22681
CONFIRM
t:mon -- h3c_magic_r100_router
 
The udpserver in H3C Magic R100 V200R004 and V100R005 has the 9034 port opened, allowing attackers to execute arbitrary commands.2022-07-06not yet calculatedCVE-2022-34598
MISC
t:mon -- h3c_magic_r100_v200r004_and_v100r005
 
SQL Injection vulnerability in admin interface (/vicidial/admin.php) of VICIdial via modify_email_accounts, access_recordings, and agentcall_email parameters allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.2022-07-05not yet calculatedCVE-2022-34876
CONFIRM
MISC
taocms -- taocms
 
Taocms 3.0.2 was discovered to contain a blind SQL injection vulnerability via the function Edit category.2022-07-05not yet calculatedCVE-2021-44915
MISC
tenda -- ac10Tenda AC10 US_AC10V1.0RTL_V15.03.06.26_multi_TD01 was discovered to contain a remote code execution (RCE) vulnerability via the lanIp parameter.2022-07-07not yet calculatedCVE-2022-32054
MISC
tenda -- ac1803Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function WanParameterSetting.2022-07-06not yet calculatedCVE-2022-34596
MISC
tenda -- ac1803Tenda AX1803 v1.0.0.1_2890 was discovered to contain a command injection vulnerability via the function setipv6status.2022-07-06not yet calculatedCVE-2022-34595
MISC
tenda -- ac1806Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability via the function WanParameterSetting.2022-07-06not yet calculatedCVE-2022-34597
MISC
tenda -- ac23Tenda AC23 v16.03.07.44 is vulnerable to Stack Overflow that will allow for the execution of arbitrary code (remote).2022-07-06not yet calculatedCVE-2022-32385
MISC
MISC
MISC
MISC
tenda -- ac23Tenda AC23 v16.03.07.44 was discovered to contain a stack overflow via the AdvSetMacMtuWan function.2022-07-06not yet calculatedCVE-2022-32383
MISC
MISC
tenda -- ac23Tenda AC23 v16.03.07.44 was discovered to contain a buffer overflow via fromAdvSetMacMtuWan.2022-07-06not yet calculatedCVE-2022-32386
MISC
MISC
MISC
MISC
totolink -- ex300_firmwareTOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.2022-07-07not yet calculatedCVE-2022-32449
MISC
totolink -- multiple_productsTotolink A830R V5.9c.4729_B20191112, Totolink A3100R V4.1.2cu.5050_B20200504, Totolink A950RG V4.1.2cu.5161_B20200903, Totolink A800R V4.1.2cu.5137_B20200730, Totolink A3000RU V5.9c.5185_B20201128, Totolink A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability.2022-07-06not yet calculatedCVE-2022-28935
MISC
MISC
tp-link -- tp-link_tl-wr741n_router_and_tl-wr742n_router
 
An infinite loop in the function httpRpmPass of TP-Link TL-WR741N/TL-WR742N V1/V2/V3_130415 allows attackers to cause a Denial of Service (DoS) via a crafted packet.2022-07-07not yet calculatedCVE-2022-32058
MISC
ultrajson -- ultrajsonUltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. In versions prior to 5.4.0 an error occurring while reallocating a buffer for string decoding can cause the buffer to get freed twice. Due to how UltraJSON uses the internal decoder, this double free is impossible to trigger from Python. This issue has been resolved in version 5.4.0 and all users should upgrade to UltraJSON 5.4.0. There are no known workarounds for this issue.2022-07-05not yet calculatedCVE-2022-31117
CONFIRM
MISC
ultrajson -- ultrajson
 
UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Affected versions were found to improperly decode certain characters. JSON strings that contain escaped surrogate characters not part of a proper surrogate pair were decoded incorrectly. Besides corrupting strings, this allowed for potential key confusion and value overwriting in dictionaries. All users parsing JSON from untrusted sources are vulnerable. From version 5.4.0, UltraJSON decodes lone surrogates in the same way as the standard library's `json` module does, preserving them in the parsed output. Users are advised to upgrade. There are no known workarounds for this issue.2022-07-05not yet calculatedCVE-2022-31116
MISC
CONFIRM
vicidial -- vicidialReflected Cross Site Scripting (XSS) vulnerabilities in AST Agent Time Sheet interface (/vicidial/AST_agent_time_sheet.php) of VICIdial via agent, and search_archived_data parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.2022-07-05not yet calculatedCVE-2022-34879
CONFIRM
vicidial -- vicidial
 
SQL Injection vulnerability in User Stats interface (/vicidial/user_stats.php) of VICIdial via the file_download parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server.2022-07-05not yet calculatedCVE-2022-34878
CONFIRM
MISC
vicidial -- vicidial
 
SQL Injection vulnerability in AST Agent Time Sheet interface ((/vicidial/AST_agent_time_sheet.php) of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. This issue affects: VICIdial 2.14b0.5 versions prior to 3555.2022-07-05not yet calculatedCVE-2022-34877
CONFIRM
MISC
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045.2022-07-08not yet calculatedCVE-2022-2344
MISC
CONFIRM
vim -- vimHeap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.2022-07-08not yet calculatedCVE-2022-2343
CONFIRM
MISC
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.2022-07-03not yet calculatedCVE-2022-2289
MISC
CONFIRM
vim -- vimUse After Free in GitHub repository vim/vim prior to 9.0.0046.2022-07-08not yet calculatedCVE-2022-2345
CONFIRM
MISC
vim -- vimOut-of-bounds Write in GitHub repository vim/vim prior to 9.0.2022-07-03not yet calculatedCVE-2022-2288
CONFIRM
MISC
vim -- vimStack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.2022-07-05not yet calculatedCVE-2022-2304
MISC
CONFIRM
wavlink -- wavlink_wl-wn575a3_extender
 
Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.2022-07-07not yet calculatedCVE-2022-34592
MISC
webswing -- webswing
 
Webswing before 22.1.3 allows X-Forwarded-For header injection. The client IP address is associated with a variable in the configuration page. The {clientIp} variable can be used as an application startup argument. The X-Forwarded-For header can be manipulated by a client to store an arbitrary value that is used to replace the clientIp variable (without sanitization). A client can thus inject multiple arguments into the session startup. Systems that do not use the clientIP variable in the configuration are not vulnerable. The vulnerability is fixed in these versions: 20.1.16, 20.2.19, 21.1.8, 21.2.12, and 22.1.3.2022-07-08not yet calculatedCVE-2022-34914
MISC
MISC
wordpress -- wordpressThe Import any XML or CSV File to WordPress plugin before 3.6.8 accepts all zip files and automatically extracts the zip file without validating the extracted file type. Allowing high privilege users such as admin to upload an arbitrary file like PHP, leading to RCE2022-07-04not yet calculatedCVE-2022-2268
MISC
wordpress -- wordpress
 
The Gallery WordPress plugin before 2.0.0 does not sanitise and escape a parameter before outputting it back in the response of an AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue2022-07-04not yet calculatedCVE-2022-1946
MISC
wordpress -- wordpress
 
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitize and escape some imported data, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-07-04not yet calculatedCVE-2021-25066
MISC
wordpress -- wordpress
 
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed2022-07-04not yet calculatedCVE-2022-1301
MISC
wordpress -- wordpress
 
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.2022-07-07not yet calculatedCVE-2015-1784
MISC
MISC
wordpress -- wordpress
 
The Ninja Forms Contact Form WordPress plugin before 3.6.10 does not sanitise and escape field labels, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.2022-07-04not yet calculatedCVE-2021-25056
MISC
wordpress -- wordpress
 
The Redirection for Contact Form 7 WordPress plugin before 2.5.0 does not escape a link generated before outputting it in an attribute, leading to a Reflected Cross-Site Scripting2022-07-04not yet calculatedCVE-2022-0250
MISC
wordpress -- wordpress
 
custom-content-type-manager Wordpress plugin can be used by an administrator to achieve arbitrary PHP remote code execution.2022-07-06not yet calculatedCVE-2015-3173
MISC
MISC
MISC
wordpress -- wordpress
 
The WP Championship WordPress plugin before 9.3 is lacking CSRF checks in various places, allowing attackers to make a logged in admin perform unwanted actions, such as create and delete arbitrary teams as well as update the plugin's settings. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues2022-07-04not yet calculatedCVE-2022-1967
MISC
wordpress -- wordpress
 
In nextgen-galery wordpress plugin before 2.0.77.3 there are two vulnerabilities which can allow an attacker to gain full access over the web application. The vulnerabilities lie in how the application validates user uploaded files and lack of security measures preventing unwanted HTTP requests.2022-07-07not yet calculatedCVE-2015-1785
MISC
MISC
xen -- xenArm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of other guests' memory pages.2022-07-05not yet calculatedCVE-2022-33744
MISC
CONFIRM
MLIST
xen -- xen
 
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).2022-07-05not yet calculatedCVE-2022-33742
MISC
CONFIRM
MLIST
xen -- xen
 
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).2022-07-05not yet calculatedCVE-2022-33741
MISC
CONFIRM
MLIST
xen -- xen
 
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).2022-07-05not yet calculatedCVE-2022-33740
MISC
CONFIRM
MLIST
xen -- xen
 
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).2022-07-05not yet calculatedCVE-2022-26365
MISC
CONFIRM
MLIST
xen -- xen
 
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.2022-07-05not yet calculatedCVE-2022-33743
MISC
CONFIRM
MLIST
yokogawa -- wide_area_communication_router_aw810d
 
Use of insufficiently random values vulnerability exists in Vnet/IP communication module VI461 of YOKOGAWA Wide Area Communication Router (WAC Router) AW810D, which may allow a remote attacker to cause denial-of-service (DoS) condition by sending a specially crafted packet.2022-07-04not yet calculatedCVE-2022-32284
MISC
MISC
MISC
MISC
zabbix -- zabbixAn authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.2022-07-06not yet calculatedCVE-2022-35229
CONFIRM
zabbix -- zabbixAn authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict.2022-07-06not yet calculatedCVE-2022-35230
CONFIRM
zadam -- triliumCross-site Scripting (XSS) - Reflected in GitHub repository zadam/trilium prior to 0.52.4, 0.53.1-beta.2022-07-03not yet calculatedCVE-2022-2290
MISC
CONFIRM
zoho_manageengine -- adselfservice_plusZoho ManageEngine ADSelfService Plus before 6203 allows a denial of service (application restart) via a crafted payload to the Mobile App Deployment API.2022-07-04not yet calculatedCVE-2022-34829
MISC
zoho_manageengine -- servicedesk_plusZoho ManageEngine ServiceDesk Plus MSP before 10604 allows path traversal (to WEBINF/web.xml from sample/WEB-INF/web.xml or sample/META-INF/web.xml).2022-07-02not yet calculatedCVE-2022-32551
MISC
zoo_management_system -- zoo_management_system
 
A stored cross-site scripting (XSS) vulnerability in the Add Classification function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via unspecified vectors.2022-07-05not yet calculatedCVE-2022-33075
MISC
MISC
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.