Share on facebook
Share on twitter
Share on linkedin
Share on email
News Category

Vulnerability Summary for the Week of August 29, 2022

advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a segmentation fault. 2022-08-29 not yet calculated CVE-2022-35019

MISC

MISC advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a segmentation fault. 2022-08-29 not yet calculated CVE-2022-35018

MISC

MISC advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a heap buffer overflow. 2022-08-29 not yet calculated CVE-2022-35016

MISC

MISC advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h. 2022-08-29 not yet calculated CVE-2022-35015

MISC

MISC advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a heap buffer overflow. 2022-08-29 not yet calculated CVE-2022-35017

MISC

MISC advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc. 2022-08-29 not yet calculated CVE-2022-35020

MISC

MISC advancecomp — advancecomp Advancecomp v2.3 contains a segmentation fault. 2022-08-29 not yet calculated CVE-2022-35014

MISC

MISC aero — aerocms AeroCMS 0.1.1 is vulnerable to SQL Injection via the author parameter. 2022-08-31 not yet calculated CVE-2022-38812

MISC apache — airflow In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. 2022-09-02 not yet calculated CVE-2022-38054

CONFIRM

MLIST apache — airflow In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `–daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver. 2022-09-02 not yet calculated CVE-2022-38170

CONFIRM

MLIST

MLIST apache — geode

  Apache Geode versions up to 1.12.5, 1.13.4 and 1.14.0 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 8. Any user still on Java 8 who wishes to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15 and Java 11. If upgrading to Java 11 is not possible, then upgrade to Apache Geode 1.15 and specify “–J=-Dgeode.enableGlobalSerialFilter=true” when starting any Locators or Servers. Follow the documentation for details on specifying any user classes that may be serialized/deserialized with the “serializable-object-filter” configuration option. Using a global serial filter will impact performance. 2022-08-31 not yet calculated CVE-2022-37021

CONFIRM apache — geode

  Apache Geode versions prior to 1.15.0 are vulnerable to a deserialization of untrusted data flaw when using REST API on Java 8 or Java 11. Any user wishing to protect against deserialization attacks involving REST APIs should upgrade to Apache Geode 1.15 and follow the documentation for details on enabling “validate-serializable-objects=true” and specifying any user classes that may be serialized/deserialized with “serializable-object-filter”. Enabling “validate-serializable-objects” may impact performance. 2022-08-31 not yet calculated CVE-2022-37023

CONFIRM apache — geode

  Apache Geode versions up to 1.12.2 and 1.13.2 are vulnerable to a deserialization of untrusted data flaw when using JMX over RMI on Java 11. Any user wishing to protect against deserialization attacks involving JMX or RMI should upgrade to Apache Geode 1.15. Use of 1.15 on Java 11 will automatically protect JMX over RMI against deserialization attacks. This should have no impact on performance since it only affects JMX/RMI which Gfsh uses to communicate with the JMX Manager which is hosted on a Locator. 2022-08-31 not yet calculated CVE-2022-37022

CONFIRM apache — ofbiz

  Apache OFBiz uses the Birt plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. In Apache OFBiz release 18.12.05, and earlier versions, by leveraging a vulnerability in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142), an unauthenticated malicious user could perform a stored XSS attack in order to inject a malicious payload and execute it using the stored XSS. 2022-09-02 not yet calculated CVE-2022-25370

CONFIRM

MLIST

MLIST apache — ofbiz

  Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports. By leveraging a bug in Birt (https://bugs.eclipse.org/bugs/show_bug.cgi?id=538142) it is possible to perform a remote code execution (RCE) attack in Apache OFBiz, release 18.12.05 and earlier. 2022-09-02 not yet calculated CVE-2022-25371

CONFIRM

MLIST

MLIST apache — ofbiz

  In Apache OFBiz, versions 18.12.05 and earlier, an attacker acting as an anonymous user of the ecommerce plugin, can insert a malicious content in a message “Subject” field from the “Contact us” page. Then a party manager needs to list the communications in the party component to activate the SSTI. A RCE is then possible. 2022-09-02 not yet calculated CVE-2022-25813

CONFIRM

MLIST apache — ofbiz

  Apache OFBiz up to version 18.12.05 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles URLs provided by external, unauthenticated users. Upgrade to 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12599 2022-09-02 not yet calculated CVE-2022-29158

CONFIRM

MLIST apache — shenyu Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator’s passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3. 2022-09-01 not yet calculated CVE-2022-37435

CONFIRM apache — ofbiz

  The Solr plugin of Apache OFBiz is configured by default to automatically make a RMI request on localhost, port 1099. In version 18.12.05 and earlier, by hosting a malicious RMI server on localhost, an attacker may exploit this behavior, at server start-up or on a server restart, in order to run arbitrary code. Upgrade to at least 18.12.06 or apply patches at https://issues.apache.org/jira/browse/OFBIZ-12646. 2022-09-02 not yet calculated CVE-2022-29063

CONFIRM

MLIST apostrophecms — sanitize-html The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal. 2022-08-30 not yet calculated CVE-2022-25887

CONFIRM

CONFIRM

CONFIRM

CONFIRM arcsight — micro_focus_arcsight_logger Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. 2022-08-31 not yet calculated CVE-2022-26331

MISC

MISC arcsight — micro_focus_arcsight_logger

  Potential vulnerabilities have been identified in Micro Focus ArcSight Logger. The vulnerabilities could be remotely exploited resulting in Information Disclosure, or Self Cross-Site Scripting (XSS). This issue affects: Micro Focus ArcSight Logger versions prior to v7.2.2 version and prior versions. 2022-08-31 not yet calculated CVE-2022-26330

MISC

MISC armdeveloper — midgard/bifrost/valhall_kernel_driver

  An issue was discovered in the Arm Mali GPU Kernel Driver. A non-privileged user can make improper GPU processing operations to gain access to already freed memory, write a limited amount outside of buffer bounds, or to disclose details of memory mappings. This affects Midgard r4p0 through r32p0, Bifrost r0p0 through r38p0 and r39p0 before r38p1, and Valhall r19p0 through r38p0 and r39p0 before r38p1. 2022-09-01 not yet calculated CVE-2022-36449

MISC artifex — mupdf A Floating point exception (division-by-zero) flaw was found in Mupdf for zero width pages in muraster.c. It is fixed in Mupdf-1.20.0-rc1 upstream. 2022-08-26 not yet calculated CVE-2021-4216

MISC

MISC asp.net_core — miniblog.core Miniblog.Core v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blog/edit. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Excerpt field. 2022-09-02 not yet calculated CVE-2022-37679

MISC automationdirect — c-more_ea9_http_webserver

  AutomationDirect C-more EA9 HTTP webserver uses an insecure mechanism to transport credentials from client to web server, which may allow an attacker to obtain the login credentials and login as a valid user. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; 2022-08-31 not yet calculated CVE-2022-2005

CONFIRM automationdirect — directlogic

  AutomationDirect DirectLOGIC is vulnerable to a specifically crafted serial message to the CPU serial port that will cause the PLC to respond with the PLC password in cleartext. This could allow an attacker to access and make unauthorized changes. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; 2022-08-31 not yet calculated CVE-2022-2003

CONFIRM

CONFIRM automationdirect — directlogic

  AutomationDirect DirectLOGIC is vulnerable to a a specially crafted packet can be sent continuously to the PLC to prevent access from DirectSoft and other devices, causing a denial-of-service condition. This issue affects: AutomationDirect DirectLOGIC D0-06 series CPUs D0-06DD1 versions prior to 2.72; D0-06DD2 versions prior to 2.72; D0-06DR versions prior to 2.72; D0-06DA versions prior to 2.72; D0-06AR versions prior to 2.72; D0-06AA versions prior to 2.72; D0-06DD1-D versions prior to 2.72; D0-06DD2-D versions prior to 2.72; D0-06DR-D versions prior to 2.72; 2022-08-31 not yet calculated CVE-2022-2004

CONFIRM automationdirect — directlogic

  AutomationDirect DirectLOGIC has a DLL vulnerability in the install directory that may allow an attacker to execute code during the installation process. This issue affects: AutomationDirect C-more EA9 EA9-T6CL versions prior to 6.73; EA9-T6CL-R versions prior to 6.73; EA9-T7CL versions prior to 6.73; EA9-T7CL-R versions prior to 6.73; EA9-T8CL versions prior to 6.73; EA9-T10CL versions prior to 6.73; EA9-T10WCL versions prior to 6.73; EA9-T12CL versions prior to 6.73; EA9-T15CL versions prior to 6.73; EA9-RHMI versions prior to 6.73; EA9-PGMSW versions prior to 6.73; 2022-08-31 not yet calculated CVE-2022-2006

CONFIRM automationdirect — stride_field_i/o

  Any attempt (good or bad) to log into AutomationDirect Stride Field I/O with a web browser may result in the device responding with its password in the communication packets. 2022-08-31 not yet calculated CVE-2022-2485

CONFIRM

CONFIRM avaya — ip_office_admin_lite_and_usb_creator

  A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions. 2022-09-02 not yet calculated CVE-2021-25657

CONFIRM binary — binary

  Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it’s possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice. 2022-09-02 not yet calculated CVE-2022-36078

CONFIRM

MISC

MISC blogengine — blogengine BlogEngine v3.3.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /blogengine/api/posts. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field. 2022-09-02 not yet calculated CVE-2022-36600

MISC blue_prism — blue_prism_enterprise An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the UpdateOfflineHelpData administrative function. Abusing this function will allow any Blue Prism user to change the offline help URL to one of their choice, opening the possibility of spoofing the help page or executing a local file. 2022-08-26 not yet calculated CVE-2022-36121

MISC

MISC

MISC blue_prism — blue_prism_enterprise An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the getChartData administrative function. Using a low/no privilege Blue Prism user account, the attacker can alter the server’s settings by abusing the getChartData method, allowing the Blue Prism server to execute any MSSQL stored procedure by name. 2022-08-26 not yet calculated CVE-2022-36120

MISC

MISC

MISC bluez — bluez BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c. 2022-09-02 not yet calculated CVE-2022-39177

MISC

MISC bluez — bluez BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len. 2022-09-02 not yet calculated CVE-2022-39176

MISC

MISC broadcom — symantec_privileged_access_management A malicious unauthorized PAM user can access the administration configuration data and change the values. 2022-08-26 not yet calculated CVE-2022-25625

MISC canaan — avalon_asic_miner

  An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request. 2022-09-01 not yet calculated CVE-2022-36604

MISC carel — pcoweb_hvac_bacnet_gateway

  Carel pCOWeb HVAC BACnet Gateway 2.1.0, Firmware: A2.1.0 – B2.1.0, Application Software: 2.15.4A Software v16 13020200 suffers from an unauthenticated arbitrary file disclosure vulnerability. Input passed through the ‘file’ GET parameter through the ‘logdownload.cgi’ Bash script is not properly verified before being used to download log files. This can be exploited to disclose the contents of arbitrary and sensitive files via directory traversal attacks. 2022-08-31 not yet calculated CVE-2022-37122

MISC

MISC

MISC centreon — centreon Centreon 22.04.0 is vulnerable to Cross Site Scripting (XSS) from the function Pollers > Broker Configuration by adding a crafted payload into the name parameter. 2022-08-29 not yet calculated CVE-2022-36194

MISC

MISC clinic’s_patient_management_system — clinic’s_patient_management_system Clinic’s Patient Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /pms/update_patient.php. 2022-09-02 not yet calculated CVE-2022-36609

MISC clusterlabs — hawk An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive “shell” that isn’t limited to the commands specified in hawk_invoke, allowing escalation to root. 2022-08-26 not yet calculated CVE-2021-3020

MISC

MISC

MISC cobub — razor Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel(). 2022-08-30 not yet calculated CVE-2022-36747

MISC contiki-ng — contiki-ng

  Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in the Contiki-NG operating system (file os/net/ipv6/sicslowpan.c) contains an input function that processes incoming packets and copies them into a packet buffer. Because of a missing length check in the input function, it is possible to write outside the packet buffer’s boundary. The vulnerability can be exploited by anyone who has the possibility to send 6LoWPAN packets to a Contiki-NG system. In particular, the vulnerability is exposed when sending either of two types of 6LoWPAN packets: an unfragmented packet or the first fragment of a fragmented packet. If the packet is sufficiently large, a subsequent memory copy will cause an out-of-bounds write with data supplied by the attacker. 2022-09-01 not yet calculated CVE-2022-36054

MISC

CONFIRM contiki-ng — contiki-ng

  Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The low-power IPv6 network stack of Contiki-NG has a buffer module (os/net/ipv6/uipbuf.c) that processes IPv6 extension headers in incoming data packets. As part of this processing, the function uipbuf_get_next_header casts a pointer to a uip_ext_hdr structure into the packet buffer at different offsets where extension headers are expected to be found, and then reads from this structure. Because of a lack of bounds checking, the casting can be done so that the structure extends beyond the packet’s end. Hence, with a carefully crafted packet, it is possible to cause the Contiki-NG system to read data outside the packet buffer. A patch that fixes the vulnerability is included in Contiki-NG 4.8. 2022-09-01 not yet calculated CVE-2022-36053

MISC

CONFIRM contiki-ng — contiki-ng

  Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. The 6LoWPAN implementation in Contiki-NG may cast a UDP header structure at a certain offset in a packet buffer. The code does not check whether the packet buffer is large enough to fit a full UDP header structure from the offset where the casting is made. Hence, it is possible to cause an out-of-bounds read beyond the packet buffer. The problem affects anyone running devices with Contiki-NG versions previous to 4.8, and which may receive 6LoWPAN packets from external parties. The problem has been patched in Contiki-NG version 4.8. 2022-09-01 not yet calculated CVE-2022-36052

MISC

CONFIRM cskefu — cskefu Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts. 2022-08-26 not yet calculated CVE-2022-36521

MISC d-link — dir-816_a2 D-Link DIR-816 A2_v1.10CNB04.img is vulnerable to Command Injection via /goform/SystemCommand. After the user passes in the command parameter, it will be spliced into byte_4836B0 by snprintf, and finally doSystem(&byte_4836B0); will be executed, resulting in a command injection. 2022-08-31 not yet calculated CVE-2022-37129

MISC

MISC d-link — dir-816_a2 In D-Link DIR-816 A2_v1.10CNB04.img the network can be initialized without authentication via /goform/wizard_end. 2022-08-31 not yet calculated CVE-2022-37128

MISC

MISC d-link — dir-816_a2 In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform/setMAC. 2022-08-31 not yet calculated CVE-2022-36619

MISC

MISC d-link — dir-816_a2 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/NTPSyncWithHost. 2022-08-31 not yet calculated CVE-2022-37125

MISC

MISC d-link — dir-816_a2 In D-Link DIR-816 A2_v1.10CNB04.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability 2022-08-31 not yet calculated CVE-2022-37130

MISC

MISC d-link — dir-816_a2 D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Command injection via /goform/form2userconfig.cgi. 2022-08-31 not yet calculated CVE-2022-37123

MISC

MISC d-link — dir-816_a2

  D-link DIR-816 A2_v1.10CNB04.img is vulnerable to Buffer Overflow via /goform/addRouting. 2022-08-31 not yet calculated CVE-2022-36620

MISC

MISC d-link — dir845l D-Link DIR845L v1.00-v1.03 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. 2022-08-28 not yet calculated CVE-2022-38557

MISC

MISC d-link — dir845l_a1 DIR845L A1 v1.00-v1.03 is vulnerable to command injection via /htdocs/upnpinc/gena.php. 2022-08-28 not yet calculated CVE-2022-36756

MISC

MISC d-link — dir845l_a1 D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as demonstrated by a request for getcfg.php. 2022-08-28 not yet calculated CVE-2022-36755

MISC

MISC d-link — go-rt-ac750 D-Link GO-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 is vulnerable to Command Injection via /cgibin, hnap_main, 2022-08-28 not yet calculated CVE-2022-37056

MISC

MISC d-link — go-rt-ac750 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Buffer Overflow via cgibin, hnap_main, 2022-08-28 not yet calculated CVE-2022-37055

MISC

MISC d-link — go-rt-ac750 D-Link Go-RT-AC750 GORTAC750_revA_v101b03 and GO-RT-AC750_revB_FWv200b02 are vulnerable to Command Injection via cgibin, ssdpcgi_main. 2022-08-28 not yet calculated CVE-2022-37057

MISC

MISC databasir — databasir

  Databasir is a database metadata management platform. Databasir <= 1.06 has Server-Side Request Forgery (SSRF) vulnerability. The SSRF is triggered by a sending a **single** HTTP POST request to create a databaseType. By supplying a `jdbcDriverFileUrl` that returns a non `200` response code, the url is executed, the response is logged (both in terminal and in database) and is included in the response. This would allow an attackers to obtain the real IP address and scan Intranet information. This issue was fixed in version 1.0.7. 2022-09-02 not yet calculated CVE-2022-31196

MISC

CONFIRM

MISC debian — schroot Schroot before 1.6.13 had too permissive rules on chroot or session names, allowing a denial of service on the schroot service for all users that may start a schroot session. 2022-08-27 not yet calculated CVE-2022-2787

MISC

MISC

MISC dedecms — dedecms DedeCMS V5.7.97 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities at /dede/co_do.php via the dopost, rpok, and aid parameters. 2022-09-01 not yet calculated CVE-2022-36583

MISC dell — cloudlink Dell EMC CloudLink 7.1.2 and all prior versions contain an Authentication Bypass Vulnerability. A remote attacker, with the knowledge of the active directory usernames, could potentially exploit this vulnerability to gain unauthorized access to the system. 2022-09-01 not yet calculated CVE-2022-34379

CONFIRM dell — cloudlink Dell CloudLink 7.1.3 and all earlier versions contain an Authentication Bypass Using an Alternate Path or Channel Vulnerability. A high privileged local attacker may potentially exploit this vulnerability leading to authentication bypass and access the CloudLink system console. This is critical severity vulnerability as it allows attacker to take control of the system. 2022-09-01 not yet calculated CVE-2022-34380

CONFIRM dell — command_integration_suite Dell Command | Integration Suite for System Center, versions prior to 6.2.0, contains arbitrary file write vulnerability. A locally authenticated malicious user could potentially exploit this vulnerability in order to perform an arbitrary write as system. 2022-08-31 not yet calculated CVE-2022-34373

CONFIRM dell — container_storage_modules Dell Container Storage Modules 1.2 contains an OS command injection in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to to execute arbitrary OS commands on the affected system. 2022-08-30 not yet calculated CVE-2022-34374

MISC dell — container_storage_modules

  Dell Container Storage Modules 1.2 contains a path traversal vulnerability in goiscsi and gobrick libraries. A remote authenticated malicious user with low privileges could exploit this vulnerability leading to unintentional access to path outside of restricted directory. 2022-08-30 not yet calculated CVE-2022-34375

MISC dell — edge_gateway

  Dell Edge Gateway 5200 (EGW) versions before 1.03.10 contain an operating system command injection vulnerability. A local malicious user may potentially exploit this vulnerability by using an SMI to bypass PMC mitigation and gain arbitrary code execution during SMM. 2022-08-31 not yet calculated CVE-2022-34383

CONFIRM dell — emc_data_protection_advisor

  Dell EMC Data Protection Advisor versions 19.6 and earlier, contains a Stored Cross Site Scripting, an attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. 2022-08-30 not yet calculated CVE-2022-33935

MISC dell — emc_networker

  Dell EMC NetWorker 19.2.1.x 19.3.x, 19.4.x, 19.5.x, 19.6.x and 19.7.0.0 contain an Improper Handling of Insufficient Permissions or Privileges vulnerability. Authenticated non admin user could exploit this vulnerability and gain access to restricted resources. 2022-08-30 not yet calculated CVE-2022-34368

MISC dell — multiple_products Dell Command Update, Dell Update and Alienware Update versions prior to 4.6.0 contains a Local Privilege Escalation Vulnerability in the custom catalog configuration. A local malicious user may potentially exploit this vulnerability in order to elevate their privileges. 2022-09-02 not yet calculated CVE-2022-34382

MISC dell — powermax

  Unisphere for PowerMax versions before 9.2.3.15 contain a privilege escalation vulnerability. An adjacent malicious user may potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to. 2022-08-31 not yet calculated CVE-2022-31233

CONFIRM dell — powerprotect Dell PowerProtect Cyber Recovery versions before 19.11.0.2 contain an authentication bypass vulnerability. A remote unauthenticated attacker may potentially access and interact with the docker registry API leading to an authentication bypass. The attacker may potentially alter the docker images leading to a loss of integrity and confidentiality 2022-09-01 not yet calculated CVE-2022-34372

CONFIRM dell — powerscale Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, 9.3.0.6, and 9.4.0.3, contain an unprotected transport of credentials vulnerability. A malicious unprivileged network attacker could potentially exploit this vulnerability, leading to full system compromise. 2022-09-02 not yet calculated CVE-2022-34371

MISC dell — powerscale

  Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3 , contain an insertion of sensitive information in log files vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to exposure of this sensitive data. 2022-09-02 not yet calculated CVE-2022-34369

MISC dell — powerscale

  Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.20, 9.2.1.13, 9.3.0.6, and 9.4.0.3, contain a relative path traversal vulnerability. A low privileged local attacker could potentially exploit this vulnerability, leading to denial of service. 2022-09-02 not yet calculated CVE-2022-34378

MISC dell — smartfabric_storage

  SmartFabric storage software version 1.0.0 contains a Command-Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability to gain access and perform actions on the affected system. 2022-08-30 not yet calculated CVE-2022-31232

MISC delta_electronics — cncsoft CNCSoft: All versions prior to 1.01.32 does not properly sanitize input while processing a specific project file, allowing a possible stack-based buffer overflow condition. 2022-08-31 not yet calculated CVE-2022-1405

MISC delta_electronics — cncsoft

  Delta Electronics CNCSoft (All versions prior to 1.01.32) does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 2022-08-31 not yet calculated CVE-2022-1404

MISC delta_electronics — robot_automation_studio Delta Electronics Delta Robot Automation Studio (DRAS) versions prior to 1.13.20 are affected by improper restrictions where the software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output. This may allow an attacker to view sensitive documents and information on the affected host. 2022-08-31 not yet calculated CVE-2022-2759

MISC deluge-torrent — deluge_web-ui The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user’s browser session. 2022-08-26 not yet calculated CVE-2021-3427

MISC

MISC discourse — discourse Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate. 2022-09-02 not yet calculated CVE-2022-37458

MISC

MISC

MISC dlink — wireless_ac1200_dual_band_vdsl_adsl_modem_router_dsl-3782 D-Link Wireless AC1200 Dual Band VDSL ADSL Modem Router DSL-3782 Firmware v1.01 allows unauthenticated attackers to cause a Denial of Service (DoS) via the User parameter or Pwd parameter to Login.asp. 2022-08-26 not yet calculated CVE-2022-35192

MISC

MISC

MISC

MISC doctor’s_appointment_system — doctor’s_appointment_system Doctor’s Appointment System 1.0 is vulnerable to SQL Injection via booking.php has ?id=. 2022-08-31 not yet calculated CVE-2022-36201

MISC

MISC

MISC doctor’s_appointment_system — doctor’s_appointment_system Doctor’s Appointment System 1.0 is vulnerable to Cross Site Scripting (XSS) via the admin panel. In addition, it leads to takeover the administrator account by stealing the cookie via XSS. 2022-08-31 not yet calculated CVE-2022-36203

MISC

MISC

MISC doctor’s_appointment_system — doctor’s_appointment_system Doctor’s Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter. 2022-08-31 not yet calculated CVE-2022-36202

MISC

MISC

MISC dpdk — dpdk A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service. 2022-08-29 not yet calculated CVE-2022-0669

MISC

MISC

MISC

MISC

MISC dpdk — dpdk

  A permissive list of allowed inputs flaw was found in DPDK. This issue allows a remote attacker to cause a denial of service triggered by sending a crafted Vhost header to DPDK. 2022-08-31 not yet calculated CVE-2022-2132

MISC

MISC

MLIST dpdk– dpdk

  NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality. 2022-09-01 not yet calculated CVE-2022-28199

MISC draytek — vigor3910 An issue was discovered on certain DrayTek Vigor routers before July 2022 such as the Vigor3910 before 4.3.1.1. /cgi-bin/wlogin.cgi has a buffer overflow via the username or password to the aa or ab field. 2022-08-29 not yet calculated CVE-2022-32548

MISC

MISC eclipse_foundation — jasminer-x4-server

  The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands. 2022-09-01 not yet calculated CVE-2022-36601

MISC edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/booking.php. 2022-08-26 not yet calculated CVE-2022-36544

MISC

MISC edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability at /patient/settings.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field. 2022-08-26 not yet calculated CVE-2022-36548

MISC

MISC edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/doctors.php. 2022-08-26 not yet calculated CVE-2022-36543

MISC

MISC edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a SQL injection vulnerability via the id parameter at /patient/settings.php. 2022-08-26 not yet calculated CVE-2022-36545

MISC

MISC edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a Cross-Site Request Forgery (CSRF) via /patient/settings.php. 2022-08-26 not yet calculated CVE-2022-36546

MISC

MISC edoc-doctor-appointment-system — edoc-doctor-appointment-system Edoc-doctor-appointment-system v1.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability at /patient/index.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search field. 2022-08-26 not yet calculated CVE-2022-36547

MISC

MISC edoc-doctor-appointment-system — edoc-doctor-appointment-system An access control issue in the component /ip/admin/ of Edoc-doctor-appointment-system v1.0.1 allows attackers to arbitrarily edit, read, and delete Administrator data. 2022-08-26 not yet calculated CVE-2022-36542

MISC

MISC ericsson — network_manager In Ericsson Network Manager (ENM) releases before 21.2, users belonging to the same AMOS authorization group can retrieve the data from certain log files. All AMOS users are considered to be highly privileged users in ENM system and all must be previously defined and authorized by the Security Administrator. Those users can access some log’s files, under a common path, and read information stored in the log’s files in order to conduct privilege escalation. 2022-08-26 not yet calculated CVE-2021-32570

MISC

MISC eurosoft-uk — uefi_bootloader A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26 not yet calculated CVE-2022-34303

MISC

MISC exotel — exotel The exotel (aka exotel-py) package in PyPI as of 0.1.6 includes a code execution backdoor inserted by a third party. 2022-08-27 not yet calculated CVE-2022-38792

MISC

MISC

MISC

MISC fast_food_ordering_system — fast_food_ordering_system A vulnerability, which was classified as problematic, has been found in oretnom23 Fast Food Ordering System. This issue affects some unknown processing of the file admin/?page=reports. The manipulation of the argument date leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-207425 was assigned to this vulnerability. 2022-08-27 not yet calculated CVE-2022-3015

N/A fast_food_ordering_system — fast_food_ordering_system A vulnerability was found in oretnom23 Fast Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file ffos/admin/reports/index.php. The manipulation of the argument date leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-207422 is the identifier assigned to this vulnerability. 2022-08-27 not yet calculated CVE-2022-3012

N/A

N/A fatek — fvdesigner FATEK FvDesigner version 1.5.103 and prior is vulnerable to an out-of-bounds write while processing project files. If a valid user is tricked into using maliciously crafted project files, an attacker could achieve arbitrary code execution. 2022-08-31 not yet calculated CVE-2022-2866

CONFIRM fiberhome — vdsl2_modem_hg150-ub_v3.0 In FiberHome VDSL2 Modem HG150-Ub_V3.0, Credentials of Admin are submitted in URL, which can be logged/sniffed. 2022-08-29 not yet calculated CVE-2022-36200

MISC

MISC flux — flux

  Flux is a tool for keeping Kubernetes clusters in sync with sources of configuration (like Git repositories), and automating updates to configuration when there is new code to deploy. Flux CLI allows users to deploy Flux components into a Kubernetes cluster via command-line. The vulnerability allows other applications to replace the Flux deployment information with arbitrary content which is deployed into the target Kubernetes cluster instead. The vulnerability is due to the improper handling of user-supplied input, which results in a path traversal that can be controlled by the attacker. Users sharing the same shell between other applications and the Flux CLI commands could be affected by this vulnerability. In some scenarios no errors may be presented, which may cause end users not to realize that something is amiss. A safe workaround is to execute Flux CLI in ephemeral and isolated shell environments, which can ensure no persistent values exist from previous processes. However, upgrading to the latest version of the CLI is still the recommended mitigation strategy. 2022-08-31 not yet calculated CVE-2022-36035

CONFIRM

MISC font-converter — font-converter All versions of package font-converter are vulnerable to Arbitrary Command Injection due to missing sanitization of input that potentially flows into the child_process.exec() function. 2022-08-29 not yet calculated CVE-2022-21165

CONFIRM

CONFIRM foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41783

MISC foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, mishandle hidden and incremental data in signed documents. An attacker can write to an arbitrary file, and display controlled contents, during signature verification. 2022-08-29 not yet calculated CVE-2021-40326

MISC foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41784

MISC foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41785

MISC foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41782

MISC foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41781

MISC foxit — multiple_products Foxit PDF Reader before 11.1 and PDF Editor before 11.1, and PhantomPDF before 10.1.6, allow attackers to trigger a use-after-free and execute arbitrary code because JavaScript is mishandled. 2022-08-29 not yet calculated CVE-2021-41780

MISC foxit — pdf_editor Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. 2022-08-29 not yet calculated CVE-2022-25641

MISC freeciv — freeciv Freeciv before 2.6.7 and before 3.0.3 is prone to a buffer overflow vulnerability in the Modpack Installer utility’s handling of the modpack URL. 2022-08-31 not yet calculated CVE-2022-39047

MISC

MISC

MISC

MLIST freedesktop — poppler Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2022-38171 in Xpdf. 2022-08-30 not yet calculated CVE-2022-38784

CONFIRM

MISC

MISC

CONFIRM

MISC

MLIST froxlor — froxlor Cross-Site Request Forgery (CSRF) in GitHub repository froxlor/froxlor prior to 0.10.38. 2022-08-28 not yet calculated CVE-2022-3017

CONFIRM

MISC fuji_electric — alpha_7_pc_loader

  Alpha7 PC Loader (All versions) is vulnerable to a stack-based buffer overflow while processing a specifically crafted project file, which may allow an attacker to execute arbitrary code. 2022-08-31 not yet calculated CVE-2022-1888

MISC garage management system — garage management system The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. 2022-08-31 not yet calculated CVE-2022-37184

MISC garage_management_system — garage_management_system Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. 2022-09-02 not yet calculated CVE-2022-36636

MISC

MISC garage_management_system — garage_management_system Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. 2022-09-02 not yet calculated CVE-2022-36637

MISC

MISC garage_management_system — garage_management_system An access control issue in the component print.php of Garage Management System v1.0 allows unauthenticated attackers to access data for all existing orders. 2022-09-02 not yet calculated CVE-2022-36638

MISC

MISC garage_management_system — garage_management_system A stored cross-site scripting (XSS) vulnerability in /client.php of Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. 2022-09-02 not yet calculated CVE-2022-36639

MISC

MISC garage_management_system — garage_management_system An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. 2022-08-31 not yet calculated CVE-2022-36582

MISC gcc — gcc

  In gcc, a crafted input source file could cause g++ to crash during compilation when provided certain optimization flags. The problem resides in the ipcp_store_vr_results function in gcc/ipa-cp.c. 2022-08-31 not yet calculated CVE-2020-35537

MISC gcc — gcc

  In gcc, an internal compiler error in match_reload function at lra-constraints.c may cause a crash through a crafted input file. 2022-08-31 not yet calculated CVE-2020-35536

MISC gcc — libiberty

  Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol. 2022-09-01 not yet calculated CVE-2021-3826

MISC

MISC get-process-by-name — get-process-by-name All versions of package @pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution due to improper sanitization of getProcessByName function. 2022-08-29 not yet calculated CVE-2022-25644

CONFIRM

CONFIRM glyphandcog — xpdfreader In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the ‘interleaved’ flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. 2022-08-30 not yet calculated CVE-2022-24106

CONFIRM

CONFIRM

CONFIRM

CONFIRM glyphandcog — xpdfreader Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. 2022-08-30 not yet calculated CVE-2022-24107

CONFIRM

CONFIRM

CONFIRM

CONFIRM gnu — binutils Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service. 2022-09-01 not yet calculated CVE-2022-38126

MISC gnu — binutils A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data. 2022-09-01 not yet calculated CVE-2022-38127

MISC gnu — binutils An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker. 2022-09-01 not yet calculated CVE-2022-38128

MISC gnu — binutils In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. 2022-08-26 not yet calculated CVE-2022-38533

MISC

MISC gnu — glibc An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. 2022-08-31 not yet calculated CVE-2022-39046

MISC gnu — zgrep

  An arbitrary file write vulnerability was found in GNU gzip’s zgrep utility. When zgrep is applied on the attacker’s chosen file name (for example, a crafted file name), this can overwrite an attacker’s content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. 2022-08-31 not yet calculated CVE-2022-1271

MISC

MISC

MISC

MISC

MISC

MISC

MISC grafana — image_renderer

  Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome). An internal security review identified an unauthorized file disclosure vulnerability. It is possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake datasource (if user has admin permissions in Grafana). All Grafana installations should be upgraded to version 3.6.1 as soon as possible. As a workaround it is possible to [disable HTTP remote rendering](https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/#plugingrafana-image-renderer). 2022-09-02 not yet calculated CVE-2022-31176

CONFIRM

MISC gvim — gvim An issue in the installer of gvim 9.0.0000 allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:Program.exe. 2022-08-30 not yet calculated CVE-2022-37173

MISC hashicorp — boundary

  HashiCorp Boundary up to 0.10.1 did not properly perform data integrity checks to ensure the resources were associated with the correct scopes, allowing potential privilege escalation for authorized users of another scope. Fixed in Boundary 0.10.2. 2022-09-01 not yet calculated CVE-2022-36130

MISC

MISC hcltech — inotes HCL iNotes is susceptible to a Broken Password Strength Checks vulnerability. Custom password policies are not enforced on certain iNotes forms which could allow users to set weak passwords, leading to easier cracking. 2022-08-29 not yet calculated CVE-2022-27558

CONFIRM hcltech — inotes HCL iNotes is susceptible to a link to non-existent domain vulnerability. An attacker could use this vulnerability to trick a user into supplying sensitive information such as username, password, credit card number, etc. 2022-08-29 not yet calculated CVE-2022-27547

CONFIRM hcltech — inotes HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input supplied with a form POST request. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim’s web browser within the security context of the hosting web site and/or steal the victim’s cookie-based authentication credentials. 2022-08-29 not yet calculated CVE-2022-27546

CONFIRM hcltech — versionvault_express An unauthenticated user can overload a part of HCL VersionVault Express and cause a denial of service. 2022-08-30 not yet calculated CVE-2022-27563

MISC hcltech — versionvault_express HCL VersionVault Express exposes administrator credentials. 2022-08-30 not yet calculated CVE-2022-27560

MISC helm — helm

  Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. Fuzz testing, provided by the CNCF, identified input to functions in the _strvals_ package that can cause an out of memory panic. The _strvals_ package contains a parser that turns strings in to Go structures. The _strvals_ package converts these strings into structures Go can work with. Some string inputs can cause array data structures to be created causing an out of memory panic. Applications that use the _strvals_ package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with input to `–set`, `–set-string`, and other value setting flags that causes an out of memory panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been resolved in 3.9.4. SDK users can validate strings supplied by users won’t create large arrays causing significant memory usage before passing them to the _strvals_ functions. 2022-09-01 not yet calculated CVE-2022-36055

MISC

CONFIRM hgiga — oaklouds_portal OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service. 2022-08-30 not yet calculated CVE-2022-38118

MISC hitachi_kokusai_electric — isnex_hc-ip9100hd An access control issue in Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi. 2022-08-29 not yet calculated CVE-2022-37680

MISC

MISC hitachi_kokusai_electric — isnex_hc-ip9100hd Hitachi Kokusai Electric Inc ISnex HC-IP9100HD Version 1.07 and below allows attackers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi. 2022-08-29 not yet calculated CVE-2022-37681

MISC

MISC honeywell — experion_lx

  Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function. According to FSCT-2022-0055, there is a Honeywell Experion LX Control Data Access (CDA) EpicMo protocol with unauthenticated functionality issue. The affected components are characterized as: Honeywell Control Data Access (CDA) EpicMo (55565/TCP). The potential impact is: Firmware manipulation, Denial of service. The Honeywell Experion LX Distributed Control System (DCS) utilizes the Control Data Access (CDA) EpicMo protocol (55565/TCP) for device diagnostics and maintenance purposes. This protocol does not have any authentication features, allowing any attacker capable of communicating with the ports in question to invoke (a subset of) desired functionality. There is no authentication functionality on the protocol in question. An attacker capable of invoking the protocols’ functionalities could issue firmware download commands potentially allowing for firmware manipulation and reboot devices causing denial of service. 2022-08-31 not yet calculated CVE-2022-30317

MISC

MISC honeywell — controledge

  Honeywell ControlEdge through R151.1 uses Hard-coded Credentials. According to FSCT-2022-0056, there is a Honeywell ControlEdge hardcoded credentials issue. The affected components are characterized as: SSH. The potential impact is: Remote code execution, manipulate configuration, denial of service. The Honeywell ControlEdge PLC and RTU product line exposes an SSH service on port 22/TCP. Login as root to this service is permitted and credentials for the root user are hardcoded without automatically changing them upon first commissioning. The credentials for the SSH service are hardcoded in the firmware. The credentials grant an attacker access to a root shell on the PLC/RTU, allowing for remote code execution, configuration manipulation and denial of service. 2022-08-31 not yet calculated CVE-2022-30318

MISC

MISC horizondatasys — uefi_bootloader A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26 not yet calculated CVE-2022-34302

MISC

MISC hpe — oneview

  A local disclosure of sensitive information vulnerability was discovered in HPE OneView version(s): Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability. To exploit this vulnerability, HPE OneView must be configured with credential access to external repositories. HPE has provided a software update to resolve this vulnerability in HPE OneView. 2022-08-31 not yet calculated CVE-2022-28625

MISC htmly — htmly htmly v2.8.1 was discovered to contain an arbitrary file deletion vulnerability via the component viewsbackup.html.php. 2022-08-26 not yet calculated CVE-2021-40285

MISC hytec_inter — hwl-2511-ss Hytec Inter HWL-2511-SS v1.05 and below implements a SHA512crypt hash for the root account which can be easily cracked via a brute-force attack. 2022-08-29 not yet calculated CVE-2022-36555

MISC

MISC

MISC hytec_inter — hwl-2511-ss A command injection vulnerability in the CLI (Command Line Interface) implementation of Hytec Inter HWL-2511-SS v1.05 and below allows attackers to execute arbitrary commands with root privileges. 2022-08-29 not yet calculated CVE-2022-36554

MISC

MISC

MISC hytec_inter — hwl-2511-ss Hytec Inter HWL-2511-SS v1.05 and below was discovered to contain a command injection vulnerability via the component /www/cgi-bin/popen.cgi. 2022-08-29 not yet calculated CVE-2022-36553

MISC

MISC

MISC ibm — cognos_analytics IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 204465. 2022-09-01 not yet calculated CVE-2021-29823

CONFIRM

XF ibm — cognos_analytics

  IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176609. 2022-09-01 not yet calculated CVE-2020-4301

CONFIRM

XF ibm — cognos_analytics

  IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume all available CPU resources. IBM X-Force ID: 227591. 2022-09-01 not yet calculated CVE-2022-30614

CONFIRM

XF ibm — cognos_analytics

  IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233571. 2022-09-01 not yet calculated CVE-2022-36773

CONFIRM

XF ibm — cognos_analytics

  IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields. IBM X-Force ID: 214345. 2022-09-01 not yet calculated CVE-2021-39045

CONFIRM

XF ibm — cognos_analytics

  IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 213554. 2022-09-01 not yet calculated CVE-2021-39009

CONFIRM

XF ibm — cognos_analytics

  IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 196825. 2022-09-01 not yet calculated CVE-2021-20468

CONFIRM

XF ibm — datapower_gateway IBM DataPower Gateway V10CD, 10.0.1, and 2018.4.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 228357. 2022-08-26 not yet calculated CVE-2022-31773

XF

CONFIRM ibm — engineering_test_management IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671. 2022-08-29 not yet calculated CVE-2021-38934

CONFIRM

XF ibm — maximo_asset_management IBM Maximo Asset Management 7.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231116. 2022-08-26 not yet calculated CVE-2022-35714

CONFIRM

XF ibm — security_identity_manager IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089 2022-08-30 not yet calculated CVE-2021-29864

CONFIRM

XF imagemagick — imagemagick A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks. 2022-08-26 not yet calculated CVE-2021-3574

MISC

MISC

MISC imagemagick — imagemagick A heap-based-buffer-over-read flaw was found in ImageMagick’s GetPixelAlpha() function of ‘pixel-accessor.h’. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure. 2022-08-29 not yet calculated CVE-2022-0284

MISC

MISC

MISC

MISC imagemagick — imagemagick

  A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service. 2022-08-29 not yet calculated CVE-2022-1115

MISC

MISC

MISC

MISC

MISC ingredients_stock_management_systemt — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockin&month=. 2022-08-29 not yet calculated CVE-2022-36686

MISC ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_waste.php. 2022-08-28 not yet calculated CVE-2022-36705

MISC ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img. 2022-08-29 not yet calculated CVE-2022-36687

MISC ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/?page=user/manage_user&id=. 2022-08-29 not yet calculated CVE-2022-36690

MISC ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /stocks/manage_stockout.php. 2022-08-28 not yet calculated CVE-2022-36706

MISC ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=. 2022-08-29 not yet calculated CVE-2022-36689

MISC ingredients_stock_management_system — ingredients_stock_management_system Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=. 2022-08-29 not yet calculated CVE-2022-36688

MISC innosilicon — a10

  InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function. 2022-09-01 not yet calculated CVE-2022-36602

MISC innosilicon — t3t/t2t

  InnoSilicon T3T+ t2t+_soc_20190911_151433.swu was discovered to contain a remote code execution (RCE) vulnerability in the checkUrl function. 2022-09-01 not yet calculated CVE-2022-36603

MISC intelliants — subrion_cms Cross Site Scripting (XSS) in Admin Panel of Subrion CMS 4.2.1 allows attacker to inject arbitrary code via Login Field 2022-08-29 not yet calculated CVE-2022-37059

MISC jcopy_sample_rows() — jcopy_sample_rows()

  A crafted input file could cause a null pointer dereference in jcopy_sample_rows() when processed by libjpeg-turbo. 2022-08-31 not yet calculated CVE-2020-35538

MISC

MISC jgraph/drawi — jgraph/drawi

  Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8. 2022-09-02 not yet calculated CVE-2022-3065

CONFIRM

MISC joomla — joomla! An issue was discovered in Joomla! 4.2.0. Multiple Full Path Disclosures because of missing ‘_JEXEC or die check’ caused by the PSR12 changes. 2022-08-31 not yet calculated CVE-2022-27911

MISC jsoup — jsoup jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks` option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version. Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: – disable `SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs – ensure an appropriate [Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.) 2022-08-29 not yet calculated CVE-2022-36033

CONFIRM

MISC

MISC kensite_cms — kensite_cms Kensite CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities via the name and oldname parameters at /framework/mod/db/DBMapper.xml. 2022-08-26 not yet calculated CVE-2022-36529

MISC

MISC kidan — cryptopro_securedisk_for_bitlocker A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media. 2022-08-26 not yet calculated CVE-2022-34301

MISC

MISC kirby — kirby

  kirby is a content management system (CMS) that adapts to many different projects and helps you build your own ideal interface. Cross-site scripting (XSS) is a type of vulnerability that allows execution of any kind of JavaScript code inside the Panel session of the same or other users. In the Panel, a harmful script can for example trigger requests to Kirby’s API with the permissions of the victim. If bad actors gain access to your group of authenticated Panel users they can escalate their privileges via the Panel session of an admin user. Depending on your site, other JavaScript-powered attacks are possible. The multiselect field allows selection of tags from an autocompleted list. Unfortunately, the Panel in Kirby 3.5 used HTML rendering for the raw option value. This allowed **attackers with influence on the options source** to store HTML code. The browser of the victim who visited a page with manipulated multiselect options in the Panel will then have rendered this malicious HTML code when the victim opened the autocomplete dropdown. Users are *not* affected by this vulnerability if you don’t use the multiselect field or don’t use it with options that can be manipulated by attackers. The problem has been patched in Kirby 3.5.8.1. 2022-08-29 not yet calculated CVE-2022-36037

MISC

CONFIRM

MISC kkfileview — kkfileview

  kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java. 2022-09-02 not yet calculated CVE-2022-36593

MISC lexmark — multiple_products Various Lexmark products through 2022-04-27 allow External Control of a System or Configuration Setting because of Improper Input Validation. 2022-08-26 not yet calculated CVE-2022-29850

MISC

MISC leyan — personnel_and_salary_management_system Le-yan Personnel and Salary Management System has hard-coded database account and password within the website source code. An unauthenticated remote attacker can access, modify system data or disrupt service. 2022-08-30 not yet calculated CVE-2022-38116

MISC libdwarf — libdwarf libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c. 2022-09-02 not yet calculated CVE-2022-39170

MISC

MISC libmodbus — libmodbus A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c. 2022-08-29 not yet calculated CVE-2022-0367

MISC

MISC

MISC

MLIST library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /student/bookdetails.php. 2022-08-28 not yet calculated CVE-2022-36708

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admin/delstu.php. 2022-08-30 not yet calculated CVE-2022-36734

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Id parameter at /librarian/studentdetails.php. 2022-08-28 not yet calculated CVE-2022-36704

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/edit_book_details.php. 2022-08-30 not yet calculated CVE-2022-36709

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admin/delete.php. 2022-08-30 not yet calculated CVE-2022-36735

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bookdetails.php. 2022-08-30 not yet calculated CVE-2022-36711

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/studentdetails.php. 2022-08-30 not yet calculated CVE-2022-36712

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /librarian/lab.php. 2022-08-30 not yet calculated CVE-2022-36713

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /librarian/delete.php. 2022-08-30 not yet calculated CVE-2022-36730

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /staff/lab.php. 2022-08-30 not yet calculated CVE-2022-36714

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /librarian/delstu.php. 2022-08-30 not yet calculated CVE-2022-36731

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /librarian/edit_book_details.php. 2022-08-30 not yet calculated CVE-2022-36657

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/del.php. 2022-08-30 not yet calculated CVE-2022-36733

MISC library_management_system — library_management_system Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /librarian/dele.php. 2022-08-30 not yet calculated CVE-2022-36732

MISC libraw — libraw

  In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (librawsrcx3fx3f_utils_patched.cpp) when reading data from an image file. 2022-09-01 not yet calculated CVE-2020-35531

MISC

MISC libraw — libraw

  In LibRaw, there is a memory corruption vulnerability within the “crxFreeSubbandData()” function (librawsrcdecoderscrx.cpp) when processing cr3 files. 2022-09-01 not yet calculated CVE-2020-35534

MISC

MISC libraw — libraw

  In LibRaw, an out-of-bounds read vulnerability exists within the “LibRaw::adobe_copy_pixel()” function (librawsrcdecodersdng.cpp) when reading data from the image file. 2022-09-01 not yet calculated CVE-2020-35533

MISC

MISC libraw — libraw

  In LibRaw, an out-of-bounds read vulnerability exists within the “simple_decode_row()” function (librawsrcx3fx3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. 2022-09-01 not yet calculated CVE-2020-35532

MISC

MISC libraw — libraw

  In LibRaw, there is an out-of-bounds read vulnerability within the “LibRaw::parseSonySRF()” function (librawsrcmetadatasony.cpp) when processing srf files. 2022-09-01 not yet calculated CVE-2020-35535

MISC

MISC libraw — libraw

  In LibRaw, there is an out-of-bounds write vulnerability within the “new_node()” function (librawsrcx3fx3f_utils_patched.cpp) that can be triggered via a crafted X3F file. 2022-09-01 not yet calculated CVE-2020-35530

MISC

MISC librenms — librenms LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component oxidized-cfg-check.inc.php. 2022-08-30 not yet calculated CVE-2022-36746

MISC librenms — librenms LibreNMS v22.6.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component print-customoid.php. 2022-08-30 not yet calculated CVE-2022-36745

MISC libtiff — libtiff There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1 2022-08-31 not yet calculated CVE-2022-2519

MISC

MISC libtiff — libtiff LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 48d6ece8. 2022-08-29 not yet calculated CVE-2022-2953

MISC

MISC

CONFIRM libtiff — libtiff

  It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input. 2022-08-31 not yet calculated CVE-2022-2521

MISC

MISC libtiff — libtiff

  A flaw was found in libtiff 4.4.0rc1. There is a sysmalloc assertion fail in rotateImage() at tiffcrop.c:8621 that can cause program crash when reading a crafted input. 2022-08-31 not yet calculated CVE-2022-2520

MISC

MISC libvnclient — libvnclient

  libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). 2022-09-02 not yet calculated CVE-2020-29260

MISC linksys — e1200 Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. 2022-08-28 not yet calculated CVE-2022-38555

MISC

MISC linux — kernel An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message. A firewall may be able to be bypassed when users are using unencrypted IRC with nf_conntrack_irc configured. 2022-09-01 not yet calculated CVE-2022-2663

MISC

MISC linux — kernel

  A race condition was found in the way the Linux kernel’s memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system. 2022-08-31 not yet calculated CVE-2022-2590

MISC

MISC linux — kernel

  An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-09-01 not yet calculated CVE-2022-2639

MISC

MISC linux — linux_kernel An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6. A denial of service can occur upon binding to an already bound chain. 2022-09-02 not yet calculated CVE-2022-39190

MISC

MISC

MISC

MISC linux — linux_kernel A use-after-free flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. 2022-08-29 not yet calculated CVE-2022-1204

MISC

MISC

MISC

MISC linux — linux_kernel A flaw was found in the way the dumpable flag setting was handled when certain SUID binaries executed its descendants. The prerequisite is a SUID binary that sets real UID equal to effective UID, and real GID equal to effective GID. The descendant will then have a dumpable value set to 1. As a result, if the descendant process crashes and core_pattern is set to a relative value, its core dump is stored in the current directory with uid:gid permissions. An unprivileged local user with eligible root SUID binary could use this flaw to place core dumps into root-owned directories, potentially resulting in escalation of privileges. 2022-08-26 not yet calculated CVE-2021-3864

MISC

MISC

MISC

MISC

MISC

MISC

MISC linux — linux_kernel A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function. This flaw allows a local user to crash or potentially escalate their privileges on the system. 2022-08-29 not yet calculated CVE-2022-2961

MISC linux — linux_kernel A flaw was found in the Linux kernel. Measuring usage of the shared memory does not scale with large shared memory segment counts which could lead to resource exhaustion and DoS. 2022-08-26 not yet calculated CVE-2021-3669

MISC

MISC

MISC

MISC linux — linux_kernel An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos. 2022-08-29 not yet calculated CVE-2022-0400

MISC

MISC

MISC linux — linux_kernel A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine. CVSS 3.1 Base Score 6.2 (Availability impacts). CVSS Vector (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 2022-08-29 not yet calculated CVE-2022-21385

MISC linux — linux_kernel A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges. 2022-08-29 not yet calculated CVE-2022-1043

MISC

MISC

MISC

MISC linux — linux_kernel An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. 2022-09-02 not yet calculated CVE-2022-39188

MISC

MISC

MISC

MISC

MISC linux — linux_kernel A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component. This flaw allows a local attacker with a user privilege to cause a denial of service. 2022-08-29 not yet calculated CVE-2022-1184

MISC

MISC

MISC linux — linux_kernel A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS) due to an incorrect return from the memdup_user function. This flaw allows a local, privileged (CAP_SYS_ADMIN) attacker to crash the system. 2022-08-26 not yet calculated CVE-2022-0168

MISC

MISC

MISC linux — linux_kernel A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV). 2022-08-26 not yet calculated CVE-2022-0171

MISC

MISC

MISC linux — linux_kernel A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating System Interface (POSIX) file locks. 2022-08-29 not yet calculated CVE-2022-0480

MISC

MISC

MISC

MISC

MISC

MISC linux — linux_kernel An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17. Unprivileged guest users can compromise the guest kernel because TLB flush operations are mishandled in certain KVM_VCPU_PREEMPTED situations. 2022-09-02 not yet calculated CVE-2022-39189

MISC

MISC

MISC

MISC linux — linux_kernel

  A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ. This issue makes it possible for a misbehaving VMM to write to SYNIC/STIMER MSRs, causing a NULL pointer dereference. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. 2022-08-31 not yet calculated CVE-2022-2153

MISC

MISC

MISC

MISC

MISC linux — linux_kernel

  An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c. 2022-09-01 not yet calculated CVE-2022-3078

MISC linux — linux_kernel

  A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). 2022-09-01 not yet calculated CVE-2020-27784

MISC linux — linux_kernel

  A flaw was found in the Linux kernel’s implementation of IO-URING. This flaw allows an attacker with local executable permission to create a string of requests that can cause a use-after-free flaw within the kernel. This issue leads to memory corruption and possible privilege escalation. 2022-08-31 not yet calculated CVE-2022-1976

MISC linux — linux_kernel

  Found Linux Kernel flaw in the i740 driver. The Userspace program could pass any values to the driver through ioctl() interface. The driver doesn’t check the value of ‘pixclock’, so it may cause a divide by zero error. 2022-09-01 not yet calculated CVE-2022-3061

MISC linux — linux_kernel

  A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. 2022-08-29 not yet calculated CVE-2022-0850

MISC

MISC

MISC

MISC linux — linux_kernel

  There is a sleep-in-atomic bug in /net/nfc/netlink.c that allows an attacker to crash the Linux kernel by simulating a nfc device from user-space. 2022-08-31 not yet calculated CVE-2022-1975

MISC linux — linux_kernel

  A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space. 2022-08-29 not yet calculated CVE-2022-1198

MISC

MISC

MISC

MISC linux — linux_kernel

  A race condition was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. This flaw could allow a local attacker to potentially trigger an out-of-bounds write or leak kernel heap memory by performing an out-of-bounds read and copying it into a socket. 2022-08-31 not yet calculated CVE-2022-3028

MISC

MISC

FEDORA

FEDORA

FEDORA linux — linux_kernel

  A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc. 2022-09-01 not yet calculated CVE-2022-1729

MISC

MISC linux — linux_kernel

  An issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero. 2022-08-31 not yet calculated CVE-2022-1247

MISC

MISC linux — linux_kernel

  A NULL pointer dereference flaw was found in the Linux kernel’s Amateur Radio AX.25 protocol functionality in the way a user connects with the protocol. This flaw allows a local user to crash the system. 2022-08-31 not yet calculated CVE-2022-1205

MISC

MISC

MISC

MISC

MISC linux — linux_kernel

  A flaw was found in the Linux kernel. This flaw allows an attacker to crash the Linux kernel by simulating amateur radio from the user space, resulting in a null-ptr-deref vulnerability and a use-after-free vulnerability. 2022-08-29 not yet calculated CVE-2022-1199

MISC

MISC

MISC

MISC

MISC

MISC linux — linux_kernel

  A use-after-free flaw was found in the Linux kernel’s NFC core functionality due to a race condition between kobject creation and delete. This vulnerability allows a local attacker with CAP_NET_ADMIN privilege to leak kernel information. 2022-08-31 not yet calculated CVE-2022-1974

MISC linux — linux_kernel

  An out-of-bounds read flaw was found in the Linux kernel’s io_uring module in the way a user triggers the io_read() function with some special parameters. This flaw allows a local user to read some memory out of bounds. 2022-08-31 not yet calculated CVE-2022-1508

MISC

MISC

MISC

MISC linux — linux_kernel

  An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information. 2022-08-29 not yet calculated CVE-2022-0812

MISC

MISC

MISC

MISC

MISC linux — linux_kernel

  A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free. This issue needs to handle ‘return’ with proper preconditions, as it can lead to a kernel information leak problem caused by a local, unprivileged attacker. 2022-08-29 not yet calculated CVE-2022-1016

MISC

MISC

MISC

MISC ls_industrial_systems — electric_plcs_and_xg5000_plc

  All versions of LS Industrial Systems (LSIS) Co. Ltd LS Electric PLCs and XG5000 PLC programming software are affected where passwords are not adequately encrypted during the communication process between the XG5000 software and the affected PLC. This would allow an attacker to identify and decrypt the affected PLC’s password by sniffing the traffic. 2022-08-31 not yet calculated CVE-2022-2758

MISC mariadb — mariadb In MariaDB before 10.9.2, compress_write in extra/mariabackup/ds_compress.cc does not release data_mutex upon a stream write failure, which allows local users to trigger a deadlock. 2022-08-27 not yet calculated CVE-2022-38791

MISC matrix — synapse

  Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. The Matrix specification specifies a list of [event authorization rules](https://spec.matrix.org/v1.2/rooms/v9/#authorization-rules) which must be checked when determining if an event should be accepted into a room. In versions of Synapse up to and including version 1.61.0, some of these rules are not correctly applied. An attacker could craft events which would be accepted by Synapse but not a spec-conformant server, potentially causing divergence in the room state between servers. Administrators of homeservers with federation enabled are advised to upgrade to version 1.62.0 or higher. Federation can be disabled by setting [`federation_domain_whitelist`](https://matrix-org.github.io/synapse/latest/usage/configuration/config_documentation.html#federation_domain_whitelist) to an empty list (`[]`) as a workaround. 2022-09-02 not yet calculated CVE-2022-31152

MISC

MISC

MISC

CONFIRM mdx-mermaid — mdx-mermaid mdx-mermaid provides plug and play access to Mermaid in MDX. There is a potential for an arbitrary javascript injection in versions less than 1.3.0 and 2.0.0-rc1. Modify any mermaid code blocks with arbitrary code and it will execute when the component is loaded by MDXjs. This vulnerability was patched in version(s) 1.3.0 and 2.0.0-rc2. There are currently no known workarounds. 2022-08-29 not yet calculated CVE-2022-36036

CONFIRM

MISC measuresoft — scadapro_server Measuresoft ScadaPro Server (Versions prior to 6.8.0.1) uses an unmaintained ActiveX control, which may allow an out-of-bounds write condition while processing a specific project file. 2022-08-31 not yet calculated CVE-2022-2892

MISC measuresoft — scadapro_server Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. The controls may allow seven untrusted pointer deference instances while processing a specific project file. 2022-08-31 not yet calculated CVE-2022-2894

MISC measuresoft — scadapro_server Measuresoft ScadaPro Server (All Versions) uses unmaintained ActiveX controls. These controls may allow two stack-based buffer overflow instances while processing a specific project file. 2022-08-31 not yet calculated CVE-2022-2895

MISC measuresoft — scadapro_server Measuresoft ScadaPro Server (All Versions) allows use after free while processing a specific project file. 2022-08-31 not yet calculated CVE-2022-2896

MISC measuresoft — scadapro_server Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow privilege escalation.. 2022-08-31 not yet calculated CVE-2022-2897

MISC measuresoft — scadapro_server Measuresoft ScadaPro Server and Client (All Versions) do not properly resolve links before file access; this could allow a denial-of-service condition. 2022-08-31 not yet calculated CVE-2022-2898

MISC mediawiki — mediawiki An issue was discovered in the MediaWiki through 1.38.2. The community configuration pages for the GrowthExperiments extension could cause a site to become unavailable due to insufficient validation when certain actions (including page moves) were performed. 2022-09-02 not yet calculated CVE-2022-39194

MISC mikrotik — routeros Mikrotik RouterOs through stable v6.48.3 was discovered to contain an assertion failure in the component /advanced-tools/nova/bin/netwatch. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted packet. 2022-08-26 not yet calculated CVE-2022-36522

MISC

MISC mit — krb5 telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a “telnet/tcp server failing (looping), service terminated” error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. 2022-08-30 not yet calculated CVE-2022-39028

MISC

MISC

MISC mm-wiki — mm-wiki mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. 2022-08-26 not yet calculated CVE-2021-39393

MISC mm-wiki — mm-wiki mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. 2022-08-26 not yet calculated CVE-2021-39394

MISC modsecurity — owasp-modsecurity-crs

  Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. 2022-09-02 not yet calculated CVE-2020-22669

CONFIRM

MISC mongoose — mongoose Schema in lib/schema.js in Mongoose before 6.4.6 is vulnerable to prototype pollution. 2022-08-26 not yet calculated CVE-2022-24304

MISC

CONFIRM

CONFIRM morgan-json — morgan-json All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. 2022-08-29 not yet calculated CVE-2022-25921

CONFIRM

CONFIRM moxa — nport_5110

  MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. 2022-08-31 not yet calculated CVE-2022-2044

MISC moxa — nport_5110

  MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of-bounds write that can cause the device to become unresponsive. 2022-08-31 not yet calculated CVE-2022-2043

MISC msys2 — msys2 Incorrect access control in the install directory (C:msys64) of Msys2 v20220603 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-37172

MISC mybatis — mapper Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function. 2022-09-02 not yet calculated CVE-2022-36594

MISC next.js — next.js

  Next.js is a React framework that can provide building blocks to create web applications. All of the following must be true to be affected by this CVE: Next.js version 12.2.3, Node.js version above v15.0.0 being used with strict `unhandledRejection` exiting AND using next start or a [custom server](https://nextjs.org/docs/advanced-features/custom-server). Deployments on Vercel ([vercel.com](https://vercel.com/)) are not affected along with similar environments where `next-server` isn’t being shared across requests. 2022-08-31 not yet calculated CVE-2022-36046

CONFIRM

MISC nitrado.js — nitrado.js nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of `{{` and with many repetitions of `{{|`. This issue has been patched in all versions above `0.2.5`. There are currently no known workarounds. 2022-08-29 not yet calculated CVE-2022-36034

MISC

CONFIRM node.js — node.js

  NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added (and later checked) a nonce was inadvertently rendered opt-in instead of opt-out. This re-exposed a vulnerability in that a specially crafted Man-in-the-Middle (MITM) attack could theoretically take over another user account during the single sign-on process. The issue has been fully patched in version 1.17.2. 2022-09-02 not yet calculated CVE-2022-36076

MISC

CONFIRM

MISC node.js — node.js

  NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. It utilizes web sockets for instant interactions and real-time notifications. `utils.generateUUID`, a helper function available in essentially all versions of NodeBB (as far back as v1.0.1 and potentially earlier) used a cryptographically insecure Pseudo-random number generator (`Math.random()`), which meant that a specially crafted script combined with multiple invocations of the password reset functionality could enable an attacker to correctly calculate the reset code for an account they do not have access to. This vulnerability impacts all installations of NodeBB. The vulnerability allows for an attacker to take over any account without the involvement of the victim, and as such, the remediation should be applied immediately (either via NodeBB upgrade or cherry-pick of the specific changeset. The vulnerability has been patched in version 2.x and 1.19.x. There is no known workaround, but the patch sets listed above will fully patch the vulnerability. 2022-08-31 not yet calculated CVE-2022-36045

MISC

CONFIRM

MISC novel-plus — novel-plus Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session. 2022-09-01 not yet calculated CVE-2022-36672

MISC novel-plus — novel-plus Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API. 2022-09-01 not yet calculated CVE-2022-36671

MISC nvidia — nvflare NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow an unprivileged network attacker to cause Remote Code Execution, Denial Of Service, and Impact to both Confidentiality and Integrity. 2022-08-29 not yet calculated CVE-2022-34668

CONFIRM oauth2-server — oauth2-server

  In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern (“[a-zA-Z][a-zA-Z0-9+.-]+:”) before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741. 2022-08-29 not yet calculated CVE-2020-26938

MISC

MISC

MISC

MISC

MISC oliver_v5_library_server — oliver_v5_library_server

  An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via the FileServlet function allows for arbitrary file download by an attacker using unsanitized user supplied input. 2022-09-01 not yet calculated CVE-2021-45027

MISC

MISC online_food_ordering system — online_food ordering_system

  Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=. 2022-09-02 not yet calculated CVE-2022-36759

MISC online_ordering_system — online_ordering_system Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via the user_email parameter at /admin/login.php. 2022-08-31 not yet calculated CVE-2022-36581

MISC online_ordering_system — online_ordering_system An arbitrary file upload vulnerability in the component /admin/products/controller.php?action=add of Online Ordering System v2.3.2 allows attackers to execute arbitrary code via a crafted PHP file. 2022-08-31 not yet calculated CVE-2022-36580

MISC openscad — openscad A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations. 2022-08-29 not yet calculated CVE-2022-0497

MISC

MISC

MISC openscad — openscad A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import(). 2022-08-29 not yet calculated CVE-2022-0496

MISC

MISC

MISC

MISC ovirt — vdsm A race condition was found in vdsm. Functionality to obfuscate sensitive values in log files that may lead to values being stored in clear text. 2022-08-26 not yet calculated CVE-2022-0207

MISC

MISC

MISC

MISC

MISC ovirt-log-collector/sosreport — ovirt-log-collector/sosreport

  It was found that the ovirt-log-collector/sosreport collects the RHV admin password unfiltered. Fixed in: sos-4.2-20.el8_6, ovirt-log-collector-4.4.7-2.el8ev 2022-09-01 not yet calculated CVE-2022-2806

MISC pagekit — pagekit A cross-site scripting (XSS) vulnerability in Pagekit CMS v1.0.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Markdown text box under /blog/post/edit. 2022-08-29 not yet calculated CVE-2022-36573

MISC perl — strawberry_perl

  Incorrect access control in the install directory (C:Strawberry) of StrawberryPerl v5.32.1.1 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-36564

MISC picuploader — picuploader PicUploader v2.6.3 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /master/index.php. 2022-08-30 not yet calculated CVE-2022-36748

MISC pinniped_supervisor — pinniped_supervisor

  An Insufficient Session Expiration issue was discovered in the Pinniped Supervisor (before v0.19.0). A user authenticating to Kubernetes clusters via the Pinniped Supervisor could potentially use their access token to continue their session beyond what proper use of their refresh token might allow. 2022-08-29 not yet calculated CVE-2022-31677

MISC piwigo — piwigo Piwigo 12.3.0 is vulnerable to Cross Site Scripting (XSS) via /search/1940/created-monthly-list. 2022-08-31 not yet calculated CVE-2022-37183

MISC pkuvcl_davs2 — pkuvcl_davs2 PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parse_sequence_header() at source/common/header.cc:269. 2022-09-02 not yet calculated CVE-2022-36647

MISC prestashop — prestashop

  This package is a PrestaShop module that allows users to post reviews and rate products. There is a vulnerability where the attacker could steal an administrator’s cookie. The issue is fixed in version 5.0.2. 2022-09-02 not yet calculated CVE-2022-35933

CONFIRM

MISC prestashop– prestashop A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data. 2022-08-29 not yet calculated CVE-2022-22897

MISC prosody — prosody It was discovered that an internal Prosody library to load XML based on libexpat does not properly restrict the XML features allowed in parsed XML data. Given suitable attacker input, this results in expansion of recursive entity references from DTDs (CWE-776). In addition, depending on the libexpat version used, it may also allow injections using XML External Entity References (CWE-611). 2022-08-26 not yet calculated CVE-2022-0217

MISC

MISC

MISC publiccms — publiccms

  Server-side Request Forgery (SSRF) vulnerability in PublicCMS before 4.0.202011.b via /publiccms/admin/ueditor when the action is catchimage. 2022-09-02 not yet calculated CVE-2021-27693

MISC

MISC python — python-scciclient

  A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server’s certificate would not be verified. This issue opens up the connection to possible Man-in-the-middle (MITM) attacks. 2022-09-01 not yet calculated CVE-2022-2996

MISC qemu — qemu A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This flaw is strictly related to CVE-2018-13405. A local guest user can create files in the directories shared by virtio-fs with unintended group ownership in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of the group. This could allow a malicious unprivileged user inside the guest to gain access to resources accessible to the root group, potentially escalating their privileges within the guest. A malicious local user in the host might also leverage this unexpected executable file created by the guest to escalate their privileges on the host system. 2022-08-29 not yet calculated CVE-2022-0358

MISC

MISC

MISC qemu — qemu A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. 2022-08-26 not yet calculated CVE-2022-0216

MISC

MISC

MISC

MISC

MISC qemu — qemu A deadlock issue was found in the AHCI controller device of QEMU. It occurs on a software reset (ahci_reset_port) while handling a host-to-device Register FIS (Frame Information Structure) packet from the guest. A privileged user inside the guest could use this flaw to hang the QEMU process on the host, resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. 2022-08-26 not yet calculated CVE-2021-3735

MISC

MISC

MISC qualcomm — snapdragon Out of bounds writing is possible while verifying device IDs due to improper length check before copying the data in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22061

CONFIRM qualcomm — snapdragon Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-25680

CONFIRM qualcomm — snapdragon

  Memory corruption in multimedia due to improper length check while copying the data in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22106

CONFIRM qualcomm — snapdragon

  Potential memory leak in modem during the processing of NSA RRC Reconfiguration with invalid Radio Bearer Config in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22067

CONFIRM qualcomm — snapdragon

  Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22104

CONFIRM qualcomm — snapdragon

  Memory corruption in multimedia due to incorrect type conversion while adding data in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22102

CONFIRM qualcomm — snapdragon

  Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22101

CONFIRM qualcomm — snapdragon

  Memory corruption in multimedia due to improper check on received export descriptors in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22100

CONFIRM qualcomm — snapdragon

  Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-22069

CONFIRM qualcomm — snapdragon

  Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22099

CONFIRM qualcomm — snapdragon

  Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto 2022-09-02 not yet calculated CVE-2022-22098

CONFIRM qualcomm — snapdragon

  An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking 2022-09-02 not yet calculated CVE-2022-22062

CONFIRM qualcomm — snapdragon

  Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT 2022-09-02 not yet calculated CVE-2022-22097

CONFIRM qualcomm — snapdragon

  Memory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22096

CONFIRM qualcomm — snapdragon

  Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music 2022-09-02 not yet calculated CVE-2022-22080

CONFIRM qualcomm — snapdragon

  Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2022-22059

CONFIRM qualcomm — snapdragon

  Memory corruption in audio due to lack of check of invalid routing address into APR Routing table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-22070

CONFIRM qualcomm — snapdragon

  A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35135

CONFIRM qualcomm — snapdragon

  Possible address manipulation from APP-NS while APP-S is configuring an RG where it tries to merge the address ranges in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35109

CONFIRM qualcomm — snapdragon

  Due to insufficient validation of ELF headers, an Incorrect Calculation of Buffer Size can occur in Boot leading to memory corruption in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35134

CONFIRM qualcomm — snapdragon

  Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35133

CONFIRM qualcomm — snapdragon

  Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35132

CONFIRM qualcomm — snapdragon

  Non-secure region can try modifying RG permissions of IO space xPUs due to improper input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35122

CONFIRM qualcomm — snapdragon

  Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35113

CONFIRM qualcomm — snapdragon

  Memory corruption due to buffer overflow occurs while processing invalid MKV clip which has invalid seek header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25657

CONFIRM qualcomm — snapdragon

  Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25658

CONFIRM qualcomm — snapdragon

  Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25659

CONFIRM qualcomm — snapdragon

  Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2022-25668

CONFIRM qualcomm — snapdragon

  Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables 2022-09-02 not yet calculated CVE-2021-35097

CONFIRM qualcomm — snapdragon

  Improper checking of AP-S lock bit while verifying the secure resource group permissions can lead to non secure read and write access in Snapdragon Connectivity, Snapdragon Mobile 2022-09-02 not yet calculated CVE-2021-35108

CONFIRM realtek — bluetooth_mesh_software_development_kit Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the size of segmented packets’ reference parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. 2022-08-30 not yet calculated CVE-2022-26527

MISC realtek — bluetooth_mesh_software_development_kit Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for broadcast network packet length. An unauthenticated attacker in the adjacent network can exploit this vulnerability to disrupt service. 2022-08-30 not yet calculated CVE-2022-25635

MISC realtek — bluetooth_mesh_software_development_kit Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for segmented packets’ link parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. 2022-08-30 not yet calculated CVE-2022-26529

MISC realtek — bluetooth_mesh_software_development_kit Realtek Linux/Android Bluetooth Mesh SDK has a buffer overflow vulnerability due to insufficient validation for the length of segmented packets’ shift parameter. An unauthenticated attacker in the adjacent network can exploit this vulnerability to cause buffer overflow and disrupt service. 2022-08-30 not yet calculated CVE-2022-26528

MISC redhat — openshift_container_platform A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate. 2022-09-01 not yet calculated CVE-2022-2403

MISC

MISC redhat — podman The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056. This issue could possibly allow an attacker to gain access to sensitive information stored in environment variables. 2022-09-01 not yet calculated CVE-2022-2739

MISC

MISC redhat — podman The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code execution in Go applications that use the Go GPGME wrapper library, under certain conditions, during GPG signature verification. 2022-09-01 not yet calculated CVE-2022-2738

MISC

MISC redhat — clmg

  A flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer. 2022-08-31 not yet calculated CVE-2022-1325

MISC

MISC

MISC

MISC

MISC

MISC redhat — convert2rhel

  There is a flaw in convert2rhel. convert2rhel passes the Red Hat account password to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the password via the process command line via e.g. htop or ps. The specific impact varies upon the privileges of the Red Hat account in question, but it could affect the integrity, availability, and/or data confidentiality of other systems that are administered by that account. This occurs regardless of how the password is supplied to convert2rhel. 2022-08-29 not yet calculated CVE-2022-0852

MISC

MISC

MISC

MISC

MISC redhat — convert2rhel

  There is a flaw in convert2rhel. When the –activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager. 2022-08-29 not yet calculated CVE-2022-0851

MISC

MISC redhat — dnsmasq A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service. 2022-08-29 not yet calculated CVE-2022-0934

MISC

MISC

MISC

MISC redhat — fapolicyd A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution. 2022-08-29 not yet calculated CVE-2022-1117

MISC

MISC

MISC

MISC redhat — jboss_core_services_http_server A flaw was found in Red Hat JBoss Core Services HTTP Server in all versions, where it does not properly normalize the path component of a request URL contains dot-dot-semicolon(s). This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. 2022-08-26 not yet calculated CVE-2021-3688

MISC

MISC redhat — keycloak A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS) attack. 2022-08-26 not yet calculated CVE-2022-0225

MISC

MISC redhat — keycloak A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality. 2022-09-01 not yet calculated CVE-2022-2256

MISC

MISC redhat — keycloak A flaw was found in Keycloak. This vulnerability allows anyone to register a new security device or key when there is not a device already registered for any user by using the WebAuthn password-less login flow. 2022-08-26 not yet calculated CVE-2021-3632

MISC

MISC

MISC

MISC

MISC redhat — keycloak A flaw was found in keycloak where an attacker is able to register himself with the username same as the email ID of any existing user. This may cause trouble in getting password recovery email in case the user forgets the password. 2022-08-26 not yet calculated CVE-2021-3754

MISC

MISC redhat — keycloak ClassLoaderTheme and ClasspathThemeResourceProviderFactory allows reading any file available as a resource to the classloader. By sending requests for theme resources with a relative path from an external HTTP client, the client will receive the content of random files if available. 2022-08-26 not yet calculated CVE-2021-3856

MISC

MISC

MISC

MISC

MISC redhat — kubernetes

  A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend. This flaw allows an attacker to craft specific strings containing special characters that lead to crashing the pod and affects system availability while restarting. 2022-09-01 not yet calculated CVE-2022-2238

MISC

MISC redhat — kubernetes

  A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges. 2022-09-01 not yet calculated CVE-2022-1902

MISC

MISC

MISC redhat — kvm

  A NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service. 2022-08-31 not yet calculated CVE-2022-1263

MISC

MISC

MISC

MISC redhat — libnbd A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image. 2022-08-29 not yet calculated CVE-2022-0485

MISC

MISC

MISC

MISC

MISC redhat — libtiff

  A heap buffer overflow flaw was found in Libtiffs’ tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service. 2022-08-31 not yet calculated CVE-2022-1354

MISC

MISC

MISC

MISC redhat — libtiff

  A stack buffer overflow flaw was found in Libtiffs’ tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. 2022-08-31 not yet calculated CVE-2022-1355

MISC

MISC

MISC

MISC redhat — openshift

  In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router’s HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control. 2022-09-01 not yet calculated CVE-2022-1677

MISC

MISC redhat — openshift

  OpenShift doesn’t properly verify subdomain ownership, which allows route takeover. Once a custom route is created, the user must update the DNS provider by creating a canonical name (CNAME) record (if he likes to expose this route externally). The CNAME record should point the custom domain to the OpenShift router as the alias. In a case that the CNAME is not removed when the route is not in use anymore we are dealing with a dangling route. A malicious actor may take over the route. 2022-08-31 not yet calculated CVE-2022-2220

MISC redhat — openshift

  An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality. 2022-09-01 not yet calculated CVE-2022-1632

MISC

MISC redhat — openstack

  A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender’s efforts to remove access. 2022-09-01 not yet calculated CVE-2022-2447

MISC

MISC redhat — openstack-barbican

  An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service. 2022-09-01 not yet calculated CVE-2022-23452

MISC

MISC

MISC

MISC

MISC redhat — openstack-tripleo_heat_templates A flaw was found in openstack-tripleo-heat-templates. Plain passwords from RHSM exist in the logs during OSP13 deployment with subscription-manager. 2022-08-26 not yet calculated CVE-2021-3585

MISC

MISC

MISC

MISC

MISC redhat — openstack_keystone A flaw was found in openstack-keystone. Only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. 2022-08-26 not yet calculated CVE-2021-3563

MISC

MISC

MISC

MISC redhat — postgresql

  A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user’s objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity. 2022-08-31 not yet calculated CVE-2022-1552

MISC

MISC

MISC

MISC redhat — python-oslo-utils A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( ” ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext. 2022-08-29 not yet calculated CVE-2022-0718

MISC

MISC

MISC

MISC

MISC redhat — quarkus

  It was found that Quarkus 2.10.x does not terminate HTTP requests header context which may lead to unpredictable behavior. 2022-08-31 not yet calculated CVE-2022-2466

MISC redhat — satellite A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality. 2022-08-26 not yet calculated CVE-2021-3414

MISC

MISC redhat — serverless It was found that the CVE-2021-27918, CVE-2021-31525 and CVE-2021-33196 have been incorrectly mentioned as fixed in RHSA for Serverless 1.16.0 and Serverless client kn 1.16.0. These have been fixed with Serverless 1.17.0. 2022-08-26 not yet calculated CVE-2021-3703

MISC

MISC redhat — undertow A flaw was found in Undertow that tripped the client-side invocation timeout with certain calls made over HTTP2. This flaw allows an attacker to carry out denial of service attacks. 2022-08-26 not yet calculated CVE-2021-3859

MISC

MISC

MISC

MISC

MISC redhat — undertow

  A flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629. 2022-08-31 not yet calculated CVE-2022-1259

MISC

MISC redhat — undertow

  A flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG. 2022-08-31 not yet calculated CVE-2022-1319

MISC

MISC

MISC

MISC

MISC redhat — vdpa

  A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers. 2022-09-01 not yet calculated CVE-2022-2308

MISC redhat — wildfly-core A flaw was found in wildfly-core in all versions. If a vault expression is in the form of a single attribute that contains multiple expressions, a user who was granted access to the management interface can potentially access a vault expression they should not be able to access and possibly retrieve the item which was stored in the vault. The highest threat from this vulnerability is data confidentiality and integrity. 2022-08-26 not yet calculated CVE-2021-3644

MISC

MISC

MISC

MISC

MISC

MISC redhat — xino A flaw was found in XNIO, specifically in the notifyReadClosed method. The issue revealed this method was logging a message to another expected end. This flaw allows an attacker to send flawed requests to a server, possibly causing log contention-related performance concerns or an unwanted disk fill-up. 2022-08-26 not yet calculated CVE-2022-0084

MISC

MISC

MISC

MISC redhat — xorg-x11-server

  A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root. 2022-09-01 not yet calculated CVE-2022-2320

MISC

MISC

MISC redhat — xorg-x11-server

  A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length. 2022-09-01 not yet calculated CVE-2022-2319

MISC

MISC redhat–undertow

  A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations. 2022-09-01 not yet calculated CVE-2022-2764

MISC rengine — rengine

  Rengine v1.3.0 was discovered to contain a command injection vulnerability via the scan engine function. 2022-08-31 not yet calculated CVE-2022-36566

MISC rosariosis — rosariosis Cross-site Scripting (XSS) – Stored in GitHub repository francoisjacquet/rosariosis prior to 8.9.3. 2022-09-01 not yet calculated CVE-2022-3072

CONFIRM

MISC rpi-jukebox-rfid — rpi-jukebox-rfid

  RPi-Jukebox-RFID v2.3.0 was discovered to contain a command injection vulnerability via the component /htdocs/utils/Files.php. This vulnerability is exploited via a crafted payload injected into the file name of an uploaded file. 2022-08-30 not yet calculated CVE-2022-36749

MISC rpm — rpm It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2022-08-26 not yet calculated CVE-2021-35939

MISC

MISC

MISC

MISC

MISC rubrik — cdm A buffer overflow vulnerability in the Rubrik Backup Service (RBS) Agent for Linux or Unix-based systems in Rubrik CDM 7.0.1, 7.0.1-p1, 7.0.1-p2 or 7.0.1-p3 before CDM 7.0.2-p2 could allow a local attacker to obtain root privileges by sending a crafted message to the RBS agent. 2022-08-26 not yet calculated CVE-2022-30984

MISC

MISC rubyinstaller — rubyinstaller2

  Incorrect access control in the install directory (C:Ruby31-x64) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-36562

MISC rubyinstaller — rubyinstaller2

  Incorrect access control in the install directory (C:RailsInstaller) of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-36563

MISC samba — samba The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity. 2022-08-29 not yet calculated CVE-2022-0336

MISC

MISC

MISC

MISC

MISC

MISC samba — samba

  In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values. 2022-09-01 not yet calculated CVE-2022-1615

MISC

MISC samba — samba

  Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it. 2022-09-01 not yet calculated CVE-2022-32743

MISC

MISC samsung — mtower

  Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. 2022-09-01 not yet calculated CVE-2022-36621

MISC

MISC

MISC samsung — mtower

  Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. 2022-09-01 not yet calculated CVE-2022-36622

MISC

MISC

MISC

MISC sangoma — asterix

  res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk. This is a re-occurrence of the CVE-2019-15297 symptoms but not for exactly the same reason. The crash occurs because there is an append operation relative to the active topology, but this should instead be a replace operation. 2022-08-30 not yet calculated CVE-2021-46837

MISC seiko_solutions — skybridge_mb-a100 Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain a command injection vulnerability via the ipAddress parameter at 07system08execute_ping_01. 2022-08-29 not yet calculated CVE-2022-36556

MISC

MISC seiko_solutions — skybridge_mb-a100 Seiko SkyBridge MB-A100/A110 v4.2.0 and below was discovered to contain an arbitrary file upload vulnerability via the restore backup function. This vulnerability allows attackers to execute arbitrary code via a crafted html file. 2022-08-29 not yet calculated CVE-2022-36557

MISC

MISC seiko_solutions — skybridge_mb-a200 Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain a command injection vulnerability via the Ping parameter at ping_exec.cgi. 2022-08-29 not yet calculated CVE-2022-36559

MISC

MISC seiko_solutions — skybridge_mb-a200 Seiko SkyBridge MB-A200 v01.00.04 and below was discovered to contain multiple hard-coded passcodes for root. Attackers are able to access the passcodes at /etc/srapi/config/system.conf and /usr/sbin/ssol-sshd.sh. 2022-08-29 not yet calculated CVE-2022-36560

MISC

MISC seiko_solutions– skybridge_mb-a100 Seiko SkyBridge MB-A100/A110 v4.2.0 and below implements a hard-coded passcode for the root account. Attackers are able to access the passcord via the file /etc/ciel.cfg. 2022-08-29 not yet calculated CVE-2022-36558

MISC

MISC sensormatic_electronics — istar_ultra

  All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that could allow an unauthenticated user root access to the system. 2022-08-31 not yet calculated CVE-2022-21941

CERT

CONFIRM sftpgo — sftpgo

  SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobile devices that can be lost, stolen or damaged, SFTPGo also supports recovery codes. These are a set of one time use codes that can be used instead of the TOTP. In SFTPGo versions from version 2.2.0 to 2.3.3 recovery codes can be generated before enabling two-factor authentication. An attacker who knows the user’s password could potentially generate some recovery codes and then bypass two-factor authentication after it is enabled on the account at a later time. This issue has been fixed in version 2.3.4. Recovery codes can now only be generated after enabling two-factor authentication and are deleted after disabling it. 2022-09-02 not yet calculated CVE-2022-36071

MISC

CONFIRM simple_task_managing_system — simple_task_managing_system A vulnerability classified as critical has been found in SourceCodester Simple Task Managing System. This affects an unknown part of the file /loginVaLidation.php. The manipulation of the argument login leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-207423. 2022-08-27 not yet calculated CVE-2022-3013

N/A simple_task_managing_system — simple_task_managing_system A vulnerability classified as problematic was found in SourceCodester Simple Task Managing System. This vulnerability affects unknown code. The manipulation of the argument student_add leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-207424. 2022-08-27 not yet calculated CVE-2022-3014

N/A

N/A simple_task_scheduling_system — simple_task_scheduling_system Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/view_schedule.php. 2022-09-01 not yet calculated CVE-2022-36674

MISC simple_task_scheduling_system — simple_task_scheduling_system Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/view_category.php. 2022-09-01 not yet calculated CVE-2022-36676

MISC simple_task_scheduling_system — simple_task_scheduling_system Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /schedules/manage_schedule.php. 2022-09-01 not yet calculated CVE-2022-36675

MISC sinsiu — enterprise_website_system Sinsiu Sinsiu Enterprise Website System v1.1.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /upload/admin.php?/deal/. 2022-08-29 not yet calculated CVE-2022-36572

MISC siteservercms — siteservercms SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx. 2022-08-26 not yet calculated CVE-2022-36226

MISC

MISC snakeyaml — snakeyaml The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. 2022-08-30 not yet calculated CVE-2022-25857

CONFIRM

CONFIRM

CONFIRM

CONFIRM snipeitapp — snipe-it Cross-site Scripting (XSS) – Stored in GitHub repository snipe/snipe-it prior to v6.0.11. 2022-08-29 not yet calculated CVE-2022-3035

MISC

CONFIRM sonicwall — sma100 A Heap-based Buffer Overflow vulnerability in the SonicWall SMA100 appliance allows a remote authenticated attacker to cause Denial of Service (DoS) on the appliance or potentially lead to code execution. This vulnerability impacts 10.2.1.5-34sv and earlier versions. 2022-08-26 not yet calculated CVE-2022-2915

CONFIRM sourcecodester — expense_management_system Expense Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Home/debit_credit_p. 2022-09-02 not yet calculated CVE-2022-36754

MISC sqlite — sqlite

  In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. 2022-09-01 not yet calculated CVE-2020-35527

MISC sqlite — sqlite

  In SQlite 3.31.1, a potential null pointer derreference was found in the INTERSEC query processing. 2022-09-01 not yet calculated CVE-2020-35525

MISC subsys/net/ip/tcp.c — subsys/net/ip/tcp.c

  In subsys/net/ip/tcp.c , function tcp_flags , when the incoming parameter flags is ECN or CWR , the buf will out-of-bounds write a byte zero. 2022-08-31 not yet calculated CVE-2022-1841

MISC tcpdump — tcpdump The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 3, a different vulnerability than CVE-2018-14463. 2022-08-27 not yet calculated CVE-2019-15167

CONFIRM telos_alliance — omnia mpx node A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node through 1.5.0+r1 allows attackers to escalate privileges to root and execute arbitrary commands. 2022-09-02 not yet calculated CVE-2022-36642

MISC

MISC

MISC

MISC tenda — ac6(ac1200) Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi-bin/DownloadFlash which allows attackers to steal all data such as source code and system files via a crafted GET request. 2022-08-30 not yet calculated CVE-2022-36552

MISC

MISC

MISC tenda — ac6(ac1200) Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows attackers to remove the Wi-Fi password and force the device into open security mode via a crafted packet sent to goform/setWizard. 2022-08-30 not yet calculated CVE-2022-37176

MISC

MISC

MISC tenda — ac9 Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the time parameter at /goform/SetLEDCfg. 2022-08-31 not yet calculated CVE-2022-36570

MISC tenda — ac9 Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the mask parameter at /goform/WanParameterSetting. 2022-08-31 not yet calculated CVE-2022-36571

MISC tenda — ac9 Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the list parameter at /goform/setPptpUserList. 2022-08-31 not yet calculated CVE-2022-36568

MISC tenda — ac9 Tenda AC9 V15.03.05.19 was discovered to contain a stack overflow via the deviceList parameter at /goform/setMacFilterCfg. 2022-08-31 not yet calculated CVE-2022-36569

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the MACAddr parameter. 2022-08-28 not yet calculated CVE-2022-38563

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow vulnerability in the function formSetPicListItem. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adItemUID parameter. 2022-08-28 not yet calculated CVE-2022-38564

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailpwd parameter. 2022-08-28 not yet calculated CVE-2022-38565

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formEmailTest. This vulnerability allows attackers to cause a Denial of Service (DoS) via the mailname parameter. 2022-08-28 not yet calculated CVE-2022-38566

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow vulnerability in the function formSetAdConfigInfo. This vulnerability allows attackers to cause a Denial of Service (DoS) via the authIPs parameter. 2022-08-28 not yet calculated CVE-2022-38567

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the hostname parameter. 2022-08-28 not yet calculated CVE-2022-38568

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelAd. 2022-08-28 not yet calculated CVE-2022-38569

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a stack overflow in the function formDelPushedAd. This vulnerability allows attackers to cause a Denial of Service (DoS) via the adPushUID parameter. 2022-08-28 not yet calculated CVE-2022-38570

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a buffer overflow in the function formSetGuideListItem. 2022-08-28 not yet calculated CVE-2022-38571

MISC tenda — m3 Tenda M3 V1.0.0.12(4856) was discovered to contain a heap buffer overflow vulnerability in the function formSetFixTools. This vulnerability allows attackers to cause a Denial of Service (DoS) via the lan parameter. 2022-08-28 not yet calculated CVE-2022-38562

MISC tenda — tx9pro Tenda_TX9pro V22.03.02.10 was discovered to contain a buffer overflow via the component httpd/SetNetControlList. 2022-08-29 not yet calculated CVE-2022-38510

MISC theforeman — foreman A flaw was found in the Foreman project. The Datacenter plugin exposes the password through the API to an authenticated local attacker with view_hosts permission. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2022-08-26 not yet calculated CVE-2021-20260

MISC

MISC tooljet — tooljet The forgot password token basically just makes us capable of taking over the account of whoever comment in an app that we can see (bruteforcing comment id’s might also be an option but I wouldn’t count on it, since it would take a long time to find a valid one). 2022-08-29 not yet calculated CVE-2022-3019

MISC

CONFIRM totolink — a3000ru TOTOLINK A3000RU V4.1.2cu.5185_B20201128 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36615

MISC totolink — a7000r

  TOTOLINK A7000R V4.1cu.4134 was discovered to contain an access control issue via /cgi-bin/ExportSettings.sh. 2022-08-29 not yet calculated CVE-2022-32993

MISC

MISC totolink — a720r TOTOLINK A720R V4.1.5cu.532_B20210610 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36610

MISC totolink — a800r TOTOLINK A800R V4.1.2cu.5137_B20200730 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36611

MISC totolink — a810r TOTOLINK A810R V5.9c.4050_B20190424 was discovered to contain a command injection vulnerability via the component downloadFile.cgi. 2022-08-29 not yet calculated CVE-2022-38511

MISC totolink — a810r TOTOLINK A810R V4.1.2cu.5182_B20201026 and V5.9c.4050_B20190424 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36616

MISC totolink — a860r TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36614

MISC totolink — a950rg TOTOLINK A950RG V4.1.2cu.5204_B20210112 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36612

MISC totolink — n600r TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a hardcoded password for root at /etc/shadow.sample. 2022-08-29 not yet calculated CVE-2022-36613

MISC trellix — dlp_endpoint_for_windows

  Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 and 11.6.600 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn’t usually have access to via a carefully constructed XML file, which the DLP Agent doesn’t parse correctly. 2022-08-30 not yet calculated CVE-2022-2330

CONFIRM trendnet — tew733gr Trendnet TEW733GR v1.03B01 contains a Static Default Credential vulnerability in /etc/init0.d/S80telnetd.sh. 2022-08-28 not yet calculated CVE-2022-38556

MISC trendnet — tew733gr TRENDnet TEW733GR v1.03B01 is vulnerable to Command injection via /htdocs/upnpinc/gena.php. 2022-08-28 not yet calculated CVE-2022-37053

MISC

MISC vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0322. 2022-08-30 not yet calculated CVE-2022-3037

CONFIRM

MISC

FEDORA

FEDORA vim — vim Use After Free in GitHub repository vim/vim prior to 9.0.0286. 2022-08-28 not yet calculated CVE-2022-3016

CONFIRM

MISC vim — vim

  Use After Free in GitHub repository vim/vim prior to 9.0.0360. 2022-09-03 not yet calculated CVE-2022-3099

CONFIRM

MISC virglrenderer — virglrenderer A flaw was found in the VirGL virtual OpenGL renderer (virglrenderer). The virgl did not properly initialize memory when allocating a host-backed memory resource. A malicious guest could use this flaw to mmap from the guest kernel and read this uninitialized memory from the host, possibly leading to information disclosure. 2022-08-26 not yet calculated CVE-2022-0175

MISC

MISC

MISC

MISC

MISC wamp — wamp_server

  Incorrect access control in the install directory (C:Wamp64) of Wamp v3.2.6 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory. 2022-08-30 not yet calculated CVE-2022-36565

MISC wavlink — router WAVLINK WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability when operating the file adm.cgi. This vulnerability allows attackers to execute arbitrary commands via the username parameter. 2022-08-30 not yet calculated CVE-2022-37149

MISC weaveworks — gitops_enterprise Weave GitOps Enterprise before 0.9.0-rc.5 has a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim’s permission. The exposure appears in Weave GitOps Enterprise UI via a GitopsCluster dashboard link. An annotation can be added to a GitopsCluster custom resource. 2022-09-01 not yet calculated CVE-2022-38790

MISC

MISC

MISC

MISC wolfssl — wolfssl An issue was discovered in wolfSSL before 5.5.0 (when –enable-session-ticket is used); however, only version 5.3.0 is exploitable. Man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket (more than 256 bytes) into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache frees a pointer that points to unallocated memory, causing the client to crash with a “free(): invalid pointer” message. NOTE: It is likely that this is also exploitable during TLS 1.3 handshakes between a client and a malicious server. With TLS 1.3, it is not possible to exploit this as a man-in-the-middle. 2022-08-31 not yet calculated CVE-2022-38153

MISC

CONFIRM

MISC

MISC wolfssl — wolfssl

  wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers. 2022-09-02 not yet calculated CVE-2021-44718

MISC

MISC wolfssl — wolfssl

  An issue was discovered in wolfSSL before 5.5.0. When a TLS 1.3 client connects to a wolfSSL server and SSL_clear is called on its session, the server crashes with a segmentation fault. This occurs in the second session, which is created through TLS session resumption and reuses the initial struct WOLFSSL. If the server reuses the previous session structure (struct WOLFSSL) by calling wolfSSL_clear(WOLFSSL* ssl) on it, the next received Client Hello (that resumes the previous session) crashes the server. Note that this bug is only triggered when resuming sessions using TLS session resumption. Only servers that use wolfSSL_clear instead of the recommended SSL_free; SSL_new sequence are affected. Furthermore, wolfSSL_clear is part of wolfSSL’s compatibility layer and is not enabled by default. It is not part of wolfSSL’s native API. 2022-08-31 not yet calculated CVE-2022-38152

MISC

CONFIRM

MISC

MISC wordpress — wordpress The WP Hide & Security Enhancer WordPress plugin before 1.8 does not escape a parameter before outputting it back in an attribute of a backend page, leading to a Reflected Cross-Site Scripting 2022-08-29 not yet calculated CVE-2022-2538

MISC wordpress — wordpress The Mailchimp for WooCommerce WordPress plugin before 2.7.2 has an AJAX action that allows high privilege users to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example 2022-08-29 not yet calculated CVE-2022-2556

MISC wordpress — wordpress The Stop Spam Comments WordPress plugin through 0.2.1.2 does not properly generate the Javascript access token for preventing abuse of comment section, allowing threat authors to easily collect the value and add it to the request. 2022-08-29 not yet calculated CVE-2022-1663

MISC wordpress — wordpress The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its REST endpoint, allowing unauthenticated users to access private messages sent to teachers 2022-08-29 not yet calculated CVE-2022-2034

MISC

MISC wordpress — wordpress The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message is either the teacher or the original sender, allowing any authenticated user to send messages to arbitrary private conversation via a IDOR attack. Note: Attackers are not able to see responses/messages between the teacher and student 2022-08-29 not yet calculated CVE-2022-2080

MISC

MISC wordpress — wordpress The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be removed on the system which is supposed to be the CSV file. This could allow high privilege users to delete arbitrary file from the server 2022-08-29 not yet calculated CVE-2022-2638

MISC wordpress — wordpress The Anti-Malware Security and Brute-Force Firewall WordPress plugin before 4.21.83 does not sanitise and escape some parameters before outputting them back in an admin dashboard, leading to Reflected Cross-Site Scripting 2022-08-29 not yet calculated CVE-2022-2599

MISC wordpress — wordpress The Fluent Support WordPress plugin before 1.5.8 does not properly sanitise, validate and escape various parameters before using them in an SQL statement, leading to an SQL Injection vulnerability exploitable by high privilege users 2022-08-29 not yet calculated CVE-2022-2559

MISC wordpress — wordpress Cross-Site Request Forgery (CSRF) vulnerability leading to Stored Cross-Site Scripting (XSS) in CallRail, Inc. CallRail Phone Call Tracking plugin <= 0.4.9 at WordPress. 2022-09-01 not yet calculated CVE-2022-36796

CONFIRM

CONFIRM wordpress — wordpress The WPIDE WordPress plugin before 3.0 does not sanitize and validate the filename parameter before using it in a require statement in the admin dashboard, leading to a Local File Inclusion issue. 2022-08-29 not yet calculated CVE-2022-2261

MISC wordpress — wordpress The Simply Schedule Appointments WordPress plugin before 1.5.7.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) 2022-08-29 not yet calculated CVE-2022-2374

MISC wordpress — wordpress The Mailchimp for WooCommerce WordPress plugin before 2.7.1 has an AJAX action that allows any logged in users (such as subscriber) to perform a POST request on behalf of the server to the internal network/LAN, the body of the request is also appended to the response so it can be used to scan private network for example 2022-08-29 not yet calculated CVE-2022-2267

MISC wordpress — wordpress The Simply Schedule Appointments WordPress plugin before 1.5.7.7 is missing authorisation in a REST endpoint, allowing unauthenticated users to retrieve WordPress users details such as name and email address 2022-08-29 not yet calculated CVE-2022-2373

MISC wordpress — wordpress The WooCommerce PDF Invoices & Packing Slips WordPress plugin before 3.0.1 does not sanitise and escape some parameters before outputting them back in an attributes of an admin page, leading to Reflected Cross-Site Scripting. 2022-08-29 not yet calculated CVE-2022-2537

MISC wordpress — wordpress Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PluginlySpeaking Easy Org Chart plugin <= 3.1 at WordPress. 2022-09-01 not yet calculated CVE-2022-36355

CONFIRM

CONFIRM wordpress — wordpress The Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) WordPress plugin before 3.12.5 does not properly sanitize some parameters before inserting them into SQL queries. As a result, high privilege users could perform SQL injection attacks. 2022-08-29 not yet calculated CVE-2022-1123

MISC wordpress — wordpress Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Simon Ward MP3 jPlayer plugin <= 2.7.3 at WordPress. 2022-09-01 not yet calculated CVE-2022-36373

CONFIRM

CONFIRM wuzhicms — wuzhicms A directory traversal vulnerability was discovered in Wuzhicms 4.1.0. via /coreframe/app/attachment/admin/index.php: 2022-08-26 not yet calculated CVE-2022-36168

MISC

MISC x-data-spreadsheet — x-data-spreadsheet All versions of package x-data-spreadsheet are vulnerable to Cross-site Scripting (XSS) due to missing sanitization of values inserted into the cells. 2022-08-30 not yet calculated CVE-2022-25646

CONFIRM

CONFIRM

CONFIRM xpdfreader — xpdf XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. 2022-08-30 not yet calculated CVE-2022-36561

MISC zaver — zaver Zaver through 2020-12-15 allows directory traversal via the GET /.. substring. 2022-08-27 not yet calculated CVE-2022-38794

MISC zitadel — zitadel

  ZITADEL combines the ease of Auth0 and the versatility of Keycloak.**Actions**, introduced in ZITADEL **1.42.0** on the API and **1.56.0** for Console, is a feature, where users with role.`ORG_OWNER` are able to create Javascript Code, which is invoked by the system at certain points during the login. **Actions**, for example, allow creating authorizations (user grants) on newly created users programmatically. Due to a missing authorization check, **Actions** were able to grant authorizations for projects that belong to other organizations inside the same Instance. Granting authorizations via API and Console is not affected by this vulnerability. There is currently no known workaround, users should update. 2022-08-31 not yet calculated CVE-2022-36051

MISC

MISC

CONFIRM zkoss — zk_framework ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the component AuUploader. 2022-08-26 not yet calculated CVE-2022-36537

MISC zlmediakit — zlmediakit_server An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327. 2022-08-30 not yet calculated CVE-2022-37237

MISC zohocorp — multiple_products Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, and OpUtils before 125658, 126003, 126105, and 126120 allow authenticated users to make database changes that lead to remote code execution in the NMAP feature. 2022-08-29 not yet calculated CVE-2022-38772

MISC

MISC zulip — zulip

  Zulip is an open source team chat and Zulip Mobile is an app for iOS and Andriod users. In Zulip Mobile through version 27.189, a crafted link in a message sent by an authenticated user could lead to credential disclosure if a user follows the link. A patch was released in version 27.190. 2022-08-29 not yet calculated CVE-2022-35962

CONFIRM

MISC

MISC zulip — zulip

  Zulip is an open-source team collaboration tool with topic-based threading that combines email and chat. When displaying messages with embedded remote images, Zulip normally loads the image preview via a go-camo proxy server. However, an attacker who can send messages could include a crafted URL that tricks the server into embedding a remote image reference directly. This could allow the attacker to infer the viewer’s IP address and browser fingerprinting information. This vulnerability is fixed in Zulip Server 5.6. Zulip organizations with image and link previews [disabled](https://zulip.com/help/allow-image-link-previews) are not affected. 2022-08-31 not yet calculated CVE-2022-36048

CONFIRM

Related News

Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures

Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures

The Ukrainian government on Monday warned of “massive cyberattacks” by Russia targeting critical infrastructure facilities located in the country and…
New NullMixer Malware Campaign Stealing Users' Payment Data and Credentials

New NullMixer Malware Campaign Stealing Users' Payment Data and Credentials

Cybercriminals are continuing to prey on users searching for cracked software by directing them to fraudulent websites hosting weaponized installers…
Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme

Experts Uncover 85 Apps with 13 Million Downloads Involved in Ad Fraud Scheme

As many as 75 apps on Google Play and 10 on Apple App Store have been discovered engaging in ad…