Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish
0

Security Bulletin 11 May 2022 | #android | #security | #hacking | #aihp



CVE Number Description Base Score Reference CVE-2020-13543 A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2020-13543 CVE-2021-27229 Mumble before 1.3.4 allows remote code execution if a victim navigates to a crafted URL on a server list and clicks on the Open Webpage text. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27229 CVE-2021-21480 SAP MII allows users to create dashboards and save them as JSP through the SSCE (Self Service Composition Environment). An attacker can intercept a request to the server, inject malicious JSP code in the request and forward to server. When this dashboard is opened by users having at least SAP_XMII Developer role, malicious content in the dashboard gets executed, leading to remote code execution in the server, which allows privilege escalation. The malicious JSP code can contain certain OS commands, through which an attacker can read sensitive files in the server, modify files or even delete contents in the server thus compromising the confidentiality, integrity and availability of the server hosting the SAP MII application. Also, an attacker authenticated as a developer can use the application to upload and execute a file which will permit them to execute operating systems commands completely compromising the server hosting the application. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21480 CVE-2021-21897 A code execution vulnerability exists in the DL_Dxf::handleLWPolylineData functionality of Ribbonsoft dxflib 3.17.0. A specially-crafted .dxf file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21897 CVE-2021-21408 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.43 and 4.0.3, template authors could run restricted static php methods. Users should upgrade to version 3.1.43 or 4.0.3 to receive a patch. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21408 CVE-2021-29454 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.42 and 4.0.2, template authors could run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, external users could run arbitrary PHP code by crafting a malicious math string. Users should upgrade to version 3.1.42 or 4.0.2 to receive a patch. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29454 CVE-2022-21703 Grafana is an open-source platform for monitoring and observability. Affected versions are subject to a cross site request forgery vulnerability which allows attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21703 CVE-2022-22834 An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22834 CVE-2022-24828 Composer is a dependency manager for the PHP programming language. Integrators using Composer code to call `VcsDriver::getFileContent` can have a code injection vulnerability if the user can control the `$file` or `$identifier` argument. This leads to a vulnerability on packagist.org for example where the composer.json’s `readme` field can be used as a vector for injecting parameters into hg/Mercurial via the `$file` argument, or git via the `$identifier` argument if you allow arbitrary data there (Packagist does not, but maybe other integrators do). Composer itself should not be affected by the vulnerability as it does not call `getFileContent` with arbitrary data into `$file`/`$identifier`. To the best of our knowledge this was not abused, and the vulnerability has been patched on packagist.org and Private Packagist within a day of the vulnerability report. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24828 CVE-2022-28042 stb_image.h v2.27 was discovered to contain an heap-based use-after-free via the function stbi__jpeg_huff_decode. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28042 CVE-2022-28048 STB v2.27 was discovered to contain an integer shift of invalid size in the component stbi__jpeg_decode_block_prog_ac. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28048 CVE-2022-27340 MCMS v5.2.7 contains a Cross-Site Request Forgery (CSRF) via /role/saveOrUpdateRole.do. This vulnerability allows attackers to escalate privileges and modify data. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27340 CVE-2021-45836 An authenticated attacker can execute arbitrary commands as root in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) by injecting a maliciously crafted input in the request through /tos/index.php?app/hand_app. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45836 CVE-2022-28053 Typemill v1.5.3 was discovered to contain an arbitrary file upload vulnerability via the upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28053 CVE-2022-28506 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28506 CVE-2022-26111 The BeanShell components of IRISNext through 9.8.28 allow execution of arbitrary commands on the target server by creating a custom search (or editing an existing/predefined search) of the documents. The search components permit adding BeanShell expressions that result in Remote Code Execution in the context of the IRISNext application user, running on the web server. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26111 CVE-2021-24957 The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-24957 CVE-2022-29419 SQL Injection (SQLi) vulnerability in Don Crowther’s 3xSocializer plugin <= 0.98.22 at WordPress possible for users with a low role like a subscriber or higher. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29419 CVE-2021-26629 A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\\’. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26629 CVE-2022-28525 ED01-CMS v20180505 was discovered to contain an arbitrary file upload vulnerability via /admin/users.php?source=edit_user&id=1. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28525 CVE-2022-28528 bloofoxCMS v0.5.2.1 was discovered to contain an arbitrary file upload vulnerability via /admin/index.php?mode=content&page=media&action=edit. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28528 CVE-2021-46441 In the “webupg” binary of D-Link DIR-825 G1, because of the lack of parameter verification, attackers can use “cmd” parameters to execute arbitrary system commands after obtaining authorization. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46441 CVE-2022-22315 IBM UrbanCode Deploy (UCD) 7.2.2.1 could allow an authenticated user with special permissions to obtain elevated privileges due to improper handling of permissions. IBM X-Force ID: 217955. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22315 CVE-2022-1509 Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1509 CVE-2021-43939 Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43939 CVE-2022-28892 Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 is vulnerable to Cross Site Request Forgery (CSRF) because randomly generated tokens are too easily guessable. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28892 CVE-2022-29410 Authenticated SQL Injection (SQLi) vulnerability in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress allows attackers with Subscriber or higher user roles to execute SQLi attack via (&ids). 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29410 CVE-2022-29555 The Deviceconnect microservice through 1.3.0 in Northern.tech Mender Enterprise before 3.2.2. allows Cross-Origin Websocket Hijacking. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29555 CVE-2021-4207 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4207 CVE-2021-4200 A Improper Privilege Management vulnerability in SUSE Rancher allows write access to the Catalog for any user when restricted-admin role is enabled. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2021-4200 CVE-2022-23064 In Snipe-IT, versions v3.0-alpha to v5.3.7 are vulnerable to Host Header Injection. By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which once clicked lead to an attacker controlled server and thus leading to password reset token leak. This leads to account take over. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23064 CVE-2022-28572 Tenda AX1806 v1.0.0.1 was discovered to contain a command injection vulnerability in `SetIPv6Status` function 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28572 CVE-2022-0952 The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as the users_can_register and default_role, allowing them to create a new admin account and take over the blog. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0952 CVE-2022-1239 The HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacks 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1239 CVE-2022-20743 A vulnerability in the web management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to bypass security protections and upload malicious files to the affected system. This vulnerability is due to improper validation of files uploaded to the web management interface of Cisco FMC Software. An attacker could exploit this vulnerability by uploading a maliciously crafted file to a device running affected software. A successful exploit could allow the attacker to store malicious files on the device, which they could access later to conduct additional attacks, including executing arbitrary code on the affected device with root privileges. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20743 CVE-2022-21949 A Improper Restriction of XML External Entity Reference vulnerability in SUSE Open Build Service allows remote attackers to reference external entities in certain operations. This can be used to gain information from the server that can be abused to escalate to Admin privileges on OBS. This issue affects: SUSE Open Build Service Open Build Service versions prior to 2.10.13. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21949 CVE-2022-23063 In Shopizer versions 2.3.0 to 3.0.1 are vulnerable to Insufficient Session Expiration. When a password has been changed by the user or by an administrator, a user that was already logged in, will still have access to the application even after the password was changed. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23063 CVE-2022-0916 An issue was discovered in Logitech Options. The OAuth 2.0 state parameter was not properly validated. This leaves applications vulnerable to CSRF attacks during authentication and authorization operations. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0916 CVE-2022-22013 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22013 CVE-2022-22014 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22014 CVE-2022-22017 Remote Desktop Client Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22017 CVE-2022-22019 Remote Procedure Call Runtime Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22019 CVE-2022-26923 Active Directory Domain Services Elevation of Privilege Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26923 CVE-2022-26927 Windows Graphics Component Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26927 CVE-2022-29108 Microsoft SharePoint Server Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29108 CVE-2022-29128 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29128 CVE-2022-29129 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29129 CVE-2022-29131 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29137, CVE-2022-29139, CVE-2022-29141. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29131 CVE-2022-29133 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29142. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29133 CVE-2022-29137 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29139, CVE-2022-29141. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29137 CVE-2022-29139 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29141. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29139 CVE-2022-29141 Windows LDAP Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-22012, CVE-2022-22013, CVE-2022-22014, CVE-2022-29128, CVE-2022-29129, CVE-2022-29130, CVE-2022-29131, CVE-2022-29137, CVE-2022-29139. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29141 CVE-2022-30129 Visual Studio Code Remote Code Execution Vulnerability. 8.8 https://nvd.nist.gov/vuln/detail/CVE-2022-30129 CVE-2021-25220 BIND 9.11.0 -> 9.11.36 9.12.0 -> 9.16.26 9.17.0 -> 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 -> 9.11.36-S1 9.16.8-S1 -> 9.16.26-S1 Versions of BIND 9 earlier than those shown – back to 9.1.0, including Supported Preview Editions – are also believed to be affected but have not been tested as they are EOL. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2021-25220 CVE-2022-24900 Piano LED Visualizer is software that allows LED lights to light up as a person plays a piano connected to a computer. Version 1.3 and prior are vulnerable to a path traversal attack. The `os.path.join` call is unsafe for use with untrusted input. When the `os.path.join` call encounters an absolute path, it ignores all the parameters it has encountered till that point and starts working with the new absolute path. Since the “malicious” parameter represents an absolute path, the result of `os.path.join` ignores the static directory completely. Hence, untrusted input is passed via the `os.path.join` call to `flask.send_file` can lead to path traversal attacks. A patch with a fix is available on the `master` branch of the GitHub repository. This can also be fixed by preventing flow of untrusted data to the vulnerable `send_file` function. In case the application logic necessiates this behaviour, one can either use the `flask.safe_join` to join untrusted paths or replace `flask.send_file` calls with `flask.send_from_directory` calls. 8.6 https://nvd.nist.gov/vuln/detail/CVE-2022-24900 CVE-2022-1459 Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. 8.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1459 CVE-2021-4206 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2021-4206 CVE-2022-21978 Microsoft Exchange Server Elevation of Privilege Vulnerability. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-21978 CVE-2022-26932 Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26938, CVE-2022-26939. 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26932 CVE-2021-22901 curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-22901 CVE-2022-25090 Printix Secure Cloud Print Management through 1.3.1106.0 creates a temporary temp.ini file in a directory with insecure permissions, leading to privilege escalation because of a race condition. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25090 CVE-2022-25364 In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25364 CVE-2022-22515 A remote, authenticated attacker could utilize the control program of the CODESYS Control runtime system to use the vulnerability in order to read and modify the configuration file(s) of the affected products. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22515 CVE-2022-25342 An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Broken Access Control. It does not properly validate requests for access to data and functionality under the /mngset/authset path. By not verifying permissions for access to resources, it allows a potential attacker to view pages that are not allowed. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25342 CVE-2022-20773 A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20773 CVE-2022-20786 A vulnerability in the web-based management interface of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain data or modify data that is stored in the underlying database of the affected system. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20786 CVE-2022-29603 A SQL Injection vulnerability exists in UniverSIS UniverSIS-API through 1.2.1 via the $select parameter to multiple API endpoints. A remote authenticated attacker could send crafted SQL statements to a vulnerable endpoint (such as /api/students/me/messages/) to, for example, retrieve personal information or change grades. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29603 CVE-2021-40680 There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-40680 CVE-2021-45841 In Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517), an attacker can self-sign session cookies by knowing the target’s MAC address and the user’s password hash. Guest users (disabled by default) can be abused using a null/empty hash and allow an unauthenticated attacker to login as guest. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45841 CVE-2021-25094 The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25094 CVE-2022-28058 Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \\backend\\file_controller.php. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28058 CVE-2022-28059 Verydows v2.0 was discovered to contain an arbitrary file deletion vulnerability via \\backend\\database_controller.php. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28059 CVE-2022-28523 HongCMS 3.0.0 allows arbitrary file deletion via the component /admin/index.php/template/ajax?action=delete. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28523 CVE-2022-28527 dhcms v20170919 was discovered to contain an arbitrary folder deletion vulnerability via /admin.php?r=admin/AdminBackup/del. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28527 CVE-2022-28918 GreenCMS v2.3.0603 was discovered to contain an arbitrary file deletion vulnerability via /index.php?m=admin&c=custom&a=plugindelhandle&plugin_name=. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28918 CVE-2022-21972 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-23270. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21972 CVE-2022-23270 Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-21972. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23270 CVE-2022-26925 Windows LSA Spoofing Vulnerability. 8.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26925 CVE-2022-23904 Rainworx Auctionworx < 3.1R2 is vulnerable to a Cross-Site Request Forgery (CSRF) attack that allows an authenticated user to upgrade his account to admin and gain access to the auctionworx admin control panel. This vulnerability affects AuctionWorx Enterprise and AuctionWorx: Events Edition. 8 https://nvd.nist.gov/vuln/detail/CVE-2022-23904 CVE-2017-9527 The mark_context_stack function in gc.c in mruby through 1.2.0 allows attackers to cause a denial of service (heap-based use-after-free and application crash) or possibly have unspecified other impact via a crafted .rb file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-9527 CVE-2021-33034 In the Linux kernel before 5.12.4, net/bluetooth/hci_event.c has a use-after-free when destroying an hci_chan, aka CID-5c4c8c954409. This leads to writing an arbitrary value. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-33034 CVE-2021-31854 A command Injection Vulnerability in McAfee Agent (MA) for Windows prior to 5.7.5 allows local users to inject arbitrary shell code into the file cleanup.exe. The malicious clean.exe file is placed into the relevant folder and executed by running the McAfee Agent deployment feature located in the System Tree. An attacker may exploit the vulnerability to obtain a reverse shell which can lead to privilege escalation to obtain root privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31854 CVE-2022-23946 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon GCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23946 CVE-2022-23947 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon DCodeNumber parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23947 CVE-2021-39662 In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-197302116 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-39662 CVE-2022-23803 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadXYCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23803 CVE-2022-23804 A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23804 CVE-2022-24048 MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16191. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24048 CVE-2022-24050 MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16207. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24050 CVE-2022-24051 MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of a user-supplied string before using it as a format specifier. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16193. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24051 CVE-2022-24052 MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL queries. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the service account. Was ZDI-CAN-16190. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24052 CVE-2022-25636 net/netfilter/nf_dup_netdev.c in the Linux kernel 5.4 through 5.6.10 allows local users to gain privileges because of a heap out-of-bounds write. This is related to nf_tables_offload. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25636 CVE-2022-23985 The affected product is vulnerable to an out-of-bounds write while processing project files, which allows an attacker to craft a project file that would allow arbitrary code execution. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23985 CVE-2022-26126 Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26126 CVE-2022-27666 A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c and net/ipv6/esp6.c. This flaw allows a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation threat. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27666 CVE-2022-1055 A use-after-free exists in the Linux Kernel in tc_new_tfilter that could allow a local attacker to gain privilege escalation. The exploit requires unprivileged user namespaces. We recommend upgrading past commit 04c2a47ffb13c29778e2a14e414ad4cb5a5db4b5 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1055 CVE-2022-24765 Git for Windows is a fork of Git containing Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. Those untrusted parties could create the folder `C:\\.git`, which would be picked up by Git operations run supposedly outside a repository while searching for a Git directory. Git would then respect any config in said Git directory. Git Bash users who set `GIT_PS1_SHOWDIRTYSTATE` are vulnerable as well. Users who installed posh-gitare vulnerable simply by starting a PowerShell. Users of IDEs such as Visual Studio are vulnerable: simply creating a new project would already read and respect the config specified in `C:\\.git\\config`. Users of the Microsoft fork of Git are vulnerable simply by starting a Git Bash. The problem has been patched in Git for Windows v2.35.2. Users unable to upgrade may create the folder `.git` on all drives where Git commands are run, and remove read/write access from those folders as a workaround. Alternatively, define or extend `GIT_CEILING_DIRECTORIES` to cover the _parent_ directory of the user profile, e.g. `C:\\Users` if the user profile is located in `C:\\Users\\my-user-name`. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24765 CVE-2022-0192 A DLL search path vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow privilege escalation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0192 CVE-2022-0354 A vulnerability was reported in Lenovo System Update that could allow a local user with interactive system access the ability to execute code with elevated privileges only during the installation of a System Update package released before 2022-02-25 that displays a command prompt window. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0354 CVE-2022-1107 During an internal product security audit a potential vulnerability due to use of Boot Services in the SmmOEMInt15 SMI handler was discovered in some ThinkPad models could be exploited by an attacker with elevated privileges that could allow for execution of code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1107 CVE-2022-1108 A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1108 CVE-2022-1427 Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1427 CVE-2019-25059 Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2019-25059 CVE-2021-36460 VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36460 CVE-2022-22392 IBM Planning Analytics Local 2.0 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 222066. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22392 CVE-2022-1441 MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1441 CVE-2022-28085 A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdf_write_names in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service (DoS). 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28085 CVE-2022-27239 In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27239 CVE-2022-29505 Due to build misconfiguration in openssl dependency, LINE for Windows before 7.8 is vulnerable to DLL injection that could lead to privilege escalation. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29505 CVE-2022-24735 Redis is an in-memory database that persists on disk. By exploiting weaknesses in the Lua script execution environment, an attacker with access to Redis prior to version 7.0.0 or 6.2.7 can inject Lua code that will execute with the (potentially higher) privileges of another Redis user. The Lua script execution environment in Redis provides some measures that prevent a script from creating side effects that persist and can affect the execution of the same, or different script, at a later time. Several weaknesses of these measures have been publicly known for a long time, but they had no security impact as the Redis security model did not endorse the concept of users or privileges. With the introduction of ACLs in Redis 6.0, these weaknesses can be exploited by a less privileged users to inject Lua code that will execute at a later time, when a privileged user executes a Lua script. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24735 CVE-2022-1403 ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds write condition. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1403 CVE-2022-29849 In Progress OpenEdge before 11.7.14 and 12.x before 12.2.9, certain SUID binaries within the OpenEdge application were susceptible to privilege escalation. If exploited, a local attacker could elevate their privileges and compromise the affected system. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29849 CVE-2022-29968 An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29968 CVE-2021-22556 The Security Team discovered an integer overflow bug that allows an attacker with code execution to issue memory cache invalidation operations on pages that they don’t own, allowing them to control kernel memory from userspace. We recommend upgrading to kernel version 4.1 or beyond. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2021-22556 CVE-2022-20088 In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20088 CVE-2022-20093 In telephony, there is a possible way to disable receiving SMS messages due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498868; Issue ID: ALPS06498868. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20093 CVE-2022-23205 Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23205 CVE-2022-24105 Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious U3D file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24105 CVE-2022-27783 Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27783 CVE-2022-27784 Adobe After Effects versions 22.2.1 (and earlier) and 18.4.5 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in After Effects. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27784 CVE-2022-28270 Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious SVG file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28270 CVE-2022-28271 Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28271 CVE-2022-28272 Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28272 CVE-2022-28273 Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28273 CVE-2022-28274 Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28274 CVE-2022-28275 Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28275 CVE-2022-28276 Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28276 CVE-2022-28277 Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PDF file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28277 CVE-2022-28279 Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28279 CVE-2022-26926 Windows Address Book Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26926 CVE-2022-29103 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29103 CVE-2022-29104 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29132. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29104 CVE-2022-29105 Microsoft Windows Media Foundation Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29105 CVE-2022-29109 Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29110. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29109 CVE-2022-29110 Microsoft Excel Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-29109. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29110 CVE-2022-29113 Windows Digital Media Receiver Elevation of Privilege Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29113 CVE-2022-29115 Windows Fax Service Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29115 CVE-2022-29132 Windows Print Spooler Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29104. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29132 CVE-2022-29148 Visual Studio Remote Code Execution Vulnerability. 7.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29148 CVE-2022-29814 In JetBrains IntelliJ IDEA before 2022.1 local code execution via HTML descriptions in custom JSON schemas was possible 7.7 https://nvd.nist.gov/vuln/detail/CVE-2022-29814 CVE-2022-29819 In JetBrains IntelliJ IDEA before 2022.1 local code execution via links in Quick Documentation was possible 7.7 https://nvd.nist.gov/vuln/detail/CVE-2022-29819 CVE-2022-29821 In JetBrains Rider before 2022.1 local code execution via links in ReSharper Quick Documentation was possible 7.7 https://nvd.nist.gov/vuln/detail/CVE-2022-29821 CVE-2021-38448 The affected controllers do not properly sanitize the input containing code syntax. As a result, an attacker could craft code to alter the intended controller flow of the software. 7.6 https://nvd.nist.gov/vuln/detail/CVE-2021-38448 CVE-2018-12249 An issue was discovered in mruby 1.4.1. There is a NULL pointer dereference in mrb_class_real because “class BasicObject” is not properly supported in class.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-12249 CVE-2018-14337 The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string.c does not check for a negative length. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-14337 CVE-2020-7248 libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-7248 CVE-2020-25648 A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows a remote attacker to send multiple CCS messages, causing a denial of service for servers compiled with the NSS library. The highest threat from this vulnerability is to system availability. This flaw affects NSS versions before 3.58. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25648 CVE-2020-8277 A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-8277 CVE-2020-25649 A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-25649 CVE-2021-33670 SAP NetWeaver AS for Java (Http Service Monitoring Filter), versions – 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send multiple HTTP requests with different method types thereby crashing the filter and making the HTTP server unavailable to other legitimate users leading to denial of service vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33670 CVE-2021-32785 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. When mod_auth_openidc versions prior to 2.4.9 are configured to use an unencrypted Redis cache (`OIDCCacheEncrypt off`, `OIDCSessionType server-cache`, `OIDCCacheType redis`), `mod_auth_openidc` wrongly performed argument interpolation before passing Redis requests to `hiredis`, which would perform it again and lead to an uncontrolled format string bug. Initial assessment shows that this bug does not appear to allow gaining arbitrary code execution, but can reliably provoke a denial of service by repeatedly crashing the Apache workers. This bug has been corrected in version 2.4.9 by performing argument interpolation only once, using the `hiredis` API. As a workaround, this vulnerability can be mitigated by setting `OIDCCacheEncrypt` to `on`, as cache keys are cryptographically hashed before use when this option is enabled. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-32785 CVE-2021-33193 A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning. This issue affects Apache HTTP Server 2.4.17 to 2.4.48. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 CVE-2021-37714 jsoup is a Java library for working with HTML. Those using jsoup versions prior to 1.14.2 to parse untrusted HTML or XML may be vulnerable to DOS attacks. If the parser is run on user supplied input, an attacker may supply content that causes the parser to get stuck (loop indefinitely until cancelled), to complete more slowly than usual, or to throw an unexpected exception. This effect may support a denial of service attack. The issue is patched in version 1.14.2. There are a few available workarounds. Users may rate limit input parsing, limit the size of inputs based on system resources, and/or implement thread watchdogs to cap and timeout parse runtimes. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-37714 CVE-2021-40142 In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40142 CVE-2021-41817 Date.parse in the date gem through 3.2.0 for Ruby allows ReDoS (regular expression Denial of Service) via a long string. The fixed versions are 3.2.1, 3.1.2, 3.0.2, and 2.0.1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41817 CVE-2021-41819 CGI::Cookie.parse in Ruby through 2.6.8 mishandles security prefixes in cookie names. This also affects the CGI gem through 0.3.0 for Ruby. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-41819 CVE-2022-23772 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23772 CVE-2022-21698 client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`; not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`. client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21698 CVE-2022-24921 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24921 CVE-2020-36518 jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2020-36518 CVE-2022-26353 A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26353 CVE-2022-27191 The golang.org/x/crypto/ssh package before 0.0.0-20220314234659-1baeb1ce4c0b for Go allows an attacker to crash a server in certain circumstances involving AddHostKey. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27191 CVE-2018-25032 zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2018-25032 CVE-2022-27227 In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27227 CVE-2022-24778 The imgcrypt library provides API exensions for containerd to support encrypted container images and implements the ctd-decoder command line tool for use by containerd to decrypt encrypted container images. The imgcrypt function `CheckAuthorization` is supposed to check whether the current used is authorized to access an encrypted image and prevent the user from running an image that another user previously decrypted on the same system. In versions prior to 1.1.4, a failure occurs when an image with a ManifestList is used and the architecture of the local host is not the first one in the ManifestList. Only the first architecture in the list was tested, which may not have its layers available locally since it could not be run on the host architecture. Therefore, the verdict on unavailable layers was that the image could be run anticipating that image run failure would occur later due to the layers not being available. However, this verdict to allow the image to run enabled other architectures in the ManifestList to run an image without providing keys if that image had previously been decrypted. A patch has been applied to imgcrypt 1.1.4. Workarounds may include usage of different namespaces for each remote user. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24778 CVE-2022-27881 engine.c in slaacd in OpenBSD 6.9 and 7.0 before 2022-02-21 has a buffer overflow triggerable by an IPv6 router advertisement with more than seven nameservers. NOTE: privilege separation and pledge can prevent exploitation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27881 CVE-2022-27882 slaacd in OpenBSD 6.9 and 7.0 before 2022-03-22 has an integer signedness error and resultant heap-based buffer overflow triggerable by a crafted IPv6 router advertisement. NOTE: privilege separation and pledge can prevent exploitation. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27882 CVE-2022-28356 In the Linux kernel before 5.17.1, a refcount leak bug was found in net/llc/af_llc.c. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28356 CVE-2022-27649 A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27649 CVE-2022-22519 A remote, unauthenticated attacker can send a specific crafted HTTP or HTTPS requests causing a buffer over-read resulting in a crash of the webserver of the CODESYS Control runtime system. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22519 CVE-2022-24836 Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24836 CVE-2022-26665 An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. This may allow an external party to access sensitive case records. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26665 CVE-2022-21449 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 17.0.2 and 18; Oracle GraalVM Enterprise Edition: 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21449 CVE-2022-21476 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21476 CVE-2022-25343 An issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application is affected by Denial of Service. An unauthenticated attacker, who can send POST requests to the /download/set.cgi page by manipulating the failhtmfile variable, is able to cause interruption of the service provided by the Web Application. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-25343 CVE-2022-29536 In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29536 CVE-2022-20783 A vulnerability in the packet processing functionality of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted H.323 traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to either reboot normally or reboot into maintenance mode, which could result in a DoS condition on the device. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20783 CVE-2022-20795 A vulnerability in the implementation of the Datagram TLS (DTLS) protocol in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause high CPU utilization, resulting in a denial of service (DoS) condition. This vulnerability is due to suboptimal processing that occurs when establishing a DTLS tunnel as part of an AnyConnect SSL VPN connection. An attacker could exploit this vulnerability by sending a steady stream of crafted DTLS traffic to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected VPN headend device. This could cause existing DTLS tunnels to stop passing traffic and prevent new DTLS tunnels from establishing, resulting in a DoS condition. Note: When the attack traffic stops, the device recovers gracefully. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20795 CVE-2022-28366 Certain Neko-related HTML parsers allow a denial of service via crafted Processing Instruction (PI) input that causes excessive heap memory consumption. In particular, this issue exists in HtmlUnit-Neko through 2.26, and is fixed in 2.27. This issue also exists in CyberNeko HTML through 1.9.22 (also affecting OWASP AntiSamy before 1.6.6), but 1.9.22 is the last version of CyberNeko HTML. NOTE: this may be related to CVE-2022-24939. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28366 CVE-2022-27405 FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27405 CVE-2022-27406 FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27406 CVE-2022-29546 HtmlUnit NekoHtml Parser before 2.61.0 suffers from a denial of service vulnerability. Crafted input associated with the parsing of Processing Instruction (PI) data leads to heap memory consumption. This is similar to CVE-2022-28366 but affects a much later version of the product. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29546 CVE-2021-45842 It is possible to obtain the first administrator’s hash set up in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) on the system as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/wapNasIPS endpoint. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45842 CVE-2022-28871 A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant whereby the fsicapd component used in certain F-Secure products while scanning larger packages/fuzzed files consume too much memory eventually can crash the scanning engine. The exploit can be triggered remotely by an attacker. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28871 CVE-2022-1392 The Videos sync PDF WordPress plugin through 1.7.4 does not validate the p parameter before using it in an include statement, which could lead to Local File Inclusion issues 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1392 CVE-2022-24792 PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the `pjsip/project` GitHub repository. As a workaround, apps can reject a WAV file received from an unknown source or validate the file first. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24792 CVE-2021-35250 A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-35250 CVE-2022-23942 Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23942 CVE-2022-24882 FreeRDP is a free implementation of the Remote Desktop Protocol (RDP). In versions prior to 2.7.0, NT LAN Manager (NTLM) authentication does not properly abort when someone provides and empty password value. This issue affects FreeRDP based RDP Server implementations. RDP clients are not affected. The vulnerability is patched in FreeRDP 2.7.0. There are currently no known workarounds. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24882 CVE-2022-29700 A lack of password length restriction in Zammad v5.1.0 allows for the creation of extremely long passwords which can cause a Denial of Service (DoS) during password verification. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29700 CVE-2022-29701 A lack of rate limiting in the ‘forgot password’ feature of Zammad v5.1.0 allows attackers to send an excessive amount of reset requests for a legitimate user, leading to a possible Denial of Service (DoS) via a large amount of generated e-mail messages. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29701 CVE-2021-46420 Franklin Fueling Systems FFS TS-550 evo 2.23.4.8936 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46420 CVE-2021-46421 Franklin Fueling Systems FFS T5 Series 1.8.7.7299 is affected by an unauthenticated directory traversal vulnerability, which allows an attacker to obtain sensitive information. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46421 CVE-2021-38878 IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38878 CVE-2021-38919 IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-38919 CVE-2022-22278 A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22278 CVE-2021-3523 A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3523 CVE-2022-24935 Lexmark products through 2022-02-10 have Incorrect Access Control. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24935 CVE-2022-22781 The Zoom Client for Meetings for MacOS (Standard and for IT Admin) prior to version 5.9.6 failed to properly check the package version during the update process. This could lead to a malicious actor updating an unsuspecting user’s currently installed version to a less secure version. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22781 CVE-2022-22783 A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive attacker. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22783 CVE-2022-24879 Shopware is an open source e-commerce software platform. Versions prior to 5.7.9 are vulnerable to malfunction of cross-site request forgery (CSRF) token validation. Under certain circumstances, the CSRF tokens were not generated anew and not validated correctly. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24879 CVE-2022-24892 Shopware is an open source e-commerce software platform. Starting with version 5.0.4 and before version 5.7.9, multiple tokens for password reset can be requested. All tokens can be used to change the password. This makes it possible for an attacker to take over the victim’s account if they somehow gain access to the victims email account and find an unused password reset token in the emails. This issue is fixed in version 5.7.9. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24892 CVE-2022-29585 In Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0, a site using Isolated Institutions is vulnerable if more than ten groups are used. They are all shown from page 2 of the group results list (rather than only being shown for the institution that the viewer is a member of). 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29585 CVE-2022-28060 SQL Injection vulnerability in Victor CMS v1.0, via the user_name parameter to /includes/login.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28060 CVE-2022-29967 static_compressed_inmemory_website_callback.c in Glewlwyd through 2.6.2 allows directory traversal. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29967 CVE-2022-29265 Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML External Entity references when configured with default property values: – EvaluateXPath – EvaluateXQuery – ValidateXml Apache NiFi flow configurations that include these Processors are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations in the default configuration for these Processors, and disallows XML External Entity resolution in standard services. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29265 CVE-2022-28323 An issue was discovered in MediaWiki through 1.37.2. The SecurePoll extension allows a leak because sorting by timestamp is supported, 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28323 CVE-2022-21144 This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument’s toString value is not a Function object V8 will crash. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21144 CVE-2021-40822 GeoServer through 2.18.5 and 2.19.x through 2.19.2 allows SSRF via the option for setting a proxy host. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40822 CVE-2022-28451 nopCommerce 4.50.1 is vulnerable to Directory Traversal via the backup file in the Maintenance feature. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28451 CVE-2022-29970 Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29970 CVE-2022-27983 RG-NBR-E Enterprise Gateway RG-NBR2100G-E was discovered to contain an arbitrary file read vulnerability via the url parameter in check.php. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27983 CVE-2021-25002 The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full address, name and phone via tracking URL 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-25002 CVE-2022-1214 Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository axios/axios prior to 0.26. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1214 CVE-2022-1554 Path Traversal due to `send_file` call in GitHub repository clinical-genomics/scout prior to 4.52. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1554 CVE-2021-42218 OMPL v1.5.2 contains a memory leak in VFRRT.cpp 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-42218 CVE-2021-46440 Storing passwords in a recoverable format in the DOCUMENTATION plugin component of Strapi before 3.6.9 and 4.x before 4.1.5 allows an attacker to access a victim’s HTTP request, get the victim’s cookie, perform a base64 decode on the victim’s cookie, and obtain a cleartext password, leading to getting API documentation for further API attacks. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46440 CVE-2022-22368 IBM Spectrum Scale 5.1.0 through 5.1.3.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 221012. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22368 CVE-2022-23267 .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23267 CVE-2022-26931 Windows Kerberos Elevation of Privilege Vulnerability. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26931 CVE-2022-29117 .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29117 CVE-2022-29145 .NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117. 7.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29145 CVE-2020-25638 A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2020-25638 CVE-2021-32066 An issue was discovered in Ruby through 2.6.7, 2.7.x through 2.7.3, and 3.x through 3.0.1. Net::IMAP does not raise an exception when StartTLS fails with an an unknown response, which might allow man-in-the-middle attackers to bypass the TLS protections by leveraging a network position between the client and the registry to block the StartTLS command, aka a “StartTLS stripping attack.” 7.4 https://nvd.nist.gov/vuln/detail/CVE-2021-32066 CVE-2022-26913 Windows Authentication Security Feature Bypass Vulnerability. 7.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26913 CVE-2022-0815 Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up to 8.1.0.1895 allows a remote attacker to gain access to McAfee WebAdvisor settings and other details about the user’s system. This could lead to unexpected behaviors including; settings being changed, fingerprinting of the system leading to targeted scams, and not triggering the malicious software if McAfee software is detected. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0815 CVE-2022-22521 In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22521 CVE-2021-33436 NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\\SYSTEM. 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-33436 CVE-2021-22573 The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token’s payload comes from valid provider, not from someone else. An attacker can provide a compromised token with custom payload. The token will pass the validation on the client side. We recommend upgrading to version 1.33.3 or above 7.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22573 CVE-2022-27905 In ControlUp Real-Time Agent before 8.6, an unquoted path can result in privilege escalation. An attacker would require write permissions to the root level of the OS drive (C:\\) to exploit this. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-27905 CVE-2021-36784 A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2021-36784 CVE-2022-1273 The Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCE 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-1273 CVE-2022-28590 A Remote Code Execution (RCE) vulnerability exists in Pixelimity 1.0 via admin/admin-ajax.php?action=install_theme. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-28590 CVE-2022-28505 Jfinal_cms 5.1.0 is vulnerable to SQL Injection via com.jflyfox.system.log.LogController.java. 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-28505 CVE-2022-29001 In SpringBootMovie <=1.2, the uploaded file suffix parameter is not filtered, resulting in arbitrary file upload vulnerability 7.2 https://nvd.nist.gov/vuln/detail/CVE-2022-29001 CVE-2022-22514 An authenticated, remote attacker can gain access to a dereferenced pointer contained in a request. The accesses can subsequently lead to local overwriting of memory in the CmpTraceMgr, whereby the attacker can neither gain the values read internally nor control the values to be written. If invalid memory is accessed, this results in a crash. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22514 CVE-2022-29818 In JetBrains IntelliJ IDEA before 2022.1 origin checks in the internal web server were flawed 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29818 CVE-2022-22782 The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22782 CVE-2022-1402 ASDA-Soft: Version 5.4.1.0 and prior does not properly sanitize input while processing a specific project file, allowing a possible out-of-bounds read condition. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1402 CVE-2022-23400 A stack-based buffer overflow vulnerability exists in the IGXMPXMLParser::parseDelimiter functionality of Accusoft ImageGear 19.10. A specially-crafted PSD file can overflow a stack buffer, which could either lead to denial of service or, depending on the application, to an information leak. An attacker can provide a malicious file to trigger this vulnerability. 7.1 https://nvd.nist.gov/vuln/detail/CVE-2022-23400 CVE-2021-31799 In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename. 7 https://nvd.nist.gov/vuln/detail/CVE-2021-31799 CVE-2022-28796 jbd2_journal_wait_updates in fs/jbd2/transaction.c in the Linux kernel before 5.17.1 has a use-after-free caused by a transaction_t race condition. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-28796 CVE-2022-29582 In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29582 CVE-2022-22016 Windows PlayToManager Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-22016 CVE-2022-23279 Windows ALPC Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-23279 CVE-2022-26938 Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26932, CVE-2022-26939. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-26938 CVE-2022-26939 Storage Spaces Direct Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-26932, CVE-2022-26938. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-26939 CVE-2022-29106 Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29106 CVE-2022-29125 Windows Push Notifications Apps Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29125 CVE-2022-29126 Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29126 CVE-2022-29135 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29150, CVE-2022-29151. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29135 CVE-2022-29138 Windows Clustered Shared Volume Elevation of Privilege Vulnerability. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29138 CVE-2022-29142 Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29133. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29142 CVE-2022-29150 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29135, CVE-2022-29151. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29150 CVE-2022-29151 Windows Cluster Shared Volume (CSV) Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-29135, CVE-2022-29150. 7 https://nvd.nist.gov/vuln/detail/CVE-2022-29151 CVE-2022-27651 A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27651 CVE-2022-20787 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) Software and Cisco Unified CM Session Management Edition (SME) Software could allow an authenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-20787 CVE-2022-23822 In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot Loader (FSBL) by bypassing authentication and loading a malicious image onto the device. This in turn may further allow the attacker to perform additional attacks such as such as using the device as a decryption oracle. An anticipated mitigation via a 2022.1 patch will resolve the issue. 6.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23822 CVE-2019-5188 A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2019-5188 CVE-2021-3970 A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3970 CVE-2021-3971 A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3971 CVE-2021-3972 A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-3972 CVE-2021-4210 A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2021-4210 CVE-2022-29813 In JetBrains IntelliJ IDEA before 2022.1 local code execution via custom Pandoc path was possible 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-29813 CVE-2022-29815 In JetBrains IntelliJ IDEA before 2022.1 local code execution via workspace settings was possible 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-29815 CVE-2022-20085 In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20085 CVE-2022-20087 In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20087 CVE-2022-20089 In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20089 CVE-2022-20094 In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20094 CVE-2022-20095 In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763. 6.7 https://nvd.nist.gov/vuln/detail/CVE-2022-20095 CVE-2022-28743 Time-of-check Time-of-use (TOCTOU) Race Condition vulerability in Foscam R2C IP camera running System FW <= 1.13.1.6, and Application FW <= 2.91.2.66, allows an authenticated remote attacker with administrator permissions to execute arbitrary remote code via a malicious firmware patch. The impact of this vulnerability is that the remote attacker could gain full remote access to the IP camera and the underlying Linux system with root permissions. With root access to the camera’s Linux OS, an attacker could effectively change the code that is running, add backdoor access, or invade the privacy of the user by accessing the live camera stream. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-28743 CVE-2022-28193 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, loss of integrity, limited denial of service, and some impact to confidentiality. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-28193 CVE-2022-28194 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot module tegrabl_cbo.c, where, if TFTP is enabled, a local attacker can cause a memory buffer overflow, which may lead to code execution, loss of Integrity, limited denial of service, and some impact to confidentiality. 6.6 https://nvd.nist.gov/vuln/detail/CVE-2022-28194 CVE-2019-16027 A vulnerability in the implementation of the Intermediate System&ndash;to&ndash;Intermediate System (IS&ndash;IS) routing protocol functionality in Cisco IOS XR Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition in the IS&ndash;IS process. The vulnerability is due to improper handling of a Simple Network Management Protocol (SNMP) request for specific Object Identifiers (OIDs) by the IS&ndash;IS process. An attacker could exploit this vulnerability by sending a crafted SNMP request to the affected device. A successful exploit could allow the attacker to cause a DoS condition in the IS&ndash;IS process. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-16027 CVE-2021-26676 gdhcp in ConnMan before 1.39 could be used by network-adjacent attackers to leak sensitive stack information, allowing further exploitation of bugs in gdhcp. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-26676 CVE-2021-30129 A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-30129 CVE-2021-22145 A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22145 CVE-2021-22144 In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22144 CVE-2022-22815 path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22815 CVE-2022-22835 An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22835 CVE-2021-45117 The OPC autogenerated ANSI C stack stubs (in the NodeSets) do not handle all error cases. This can lead to a NULL pointer dereference. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45117 CVE-2022-22513 An authenticated remote attacker can cause a null pointer dereference in the CmpSettings component of the affected CODESYS products which leads to a crash. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22513 CVE-2022-28041 stb_image.h v2.27 was discovered to contain an integer overflow via the function stbi__jpeg_decode_block_prog_dc. This vulnerability allows attackers to cause a Denial of Service (DoS) via unspecified vectors. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28041 CVE-2022-21454 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21454 CVE-2021-3898 Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3898 CVE-2021-45839 It is possible to obtain the first administrator’s hash set up on the system in Terramaster F4-210, F2-210 TOS 4.2.X (4.2.15-2107141517) as well as other information such as MAC address, internal IP address etc. by performing a request to the /module/api.php?mobile/webNasIPS endpoint. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45839 CVE-2022-1461 Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1461 CVE-2022-27374 Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_42E328 at /goform/SysToolReboot. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27374 CVE-2022-27375 Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via the function sub_422168 at /goform/WifiExtraSet. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27375 CVE-2022-1466 Due to improper authorization, Red Hat Single Sign-On is vulnerable to users performing actions that they should not be allowed to perform. It was possible to add users to the master realm even though no respective permission was granted. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1466 CVE-2022-22312 IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22312 CVE-2022-22323 IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22323 CVE-2022-1511 Improper Access Control in GitHub repository snipe/snipe-it prior to 5.4.4. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1511 CVE-2022-22441 IBM InfoSphere Information Server 11.7 could allow an authenticated user to view information of higher privileged users and groups due to a privilege escalation vulnerability. IBM X-Force ID: 224426. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22441 CVE-2022-23061 In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although this cannot happen according to the documentation) via Insecure Direct Object Reference (IDOR) vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23061 CVE-2022-0191 The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0191 CVE-2022-23722 When a password reset mechanism is configured to use the Authentication API with an Authentication Policy, email One-Time Password, PingID or SMS authentication, an existing user can reset another existing user’s password. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-23722 CVE-2022-29824 In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don’t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted, multi-gigabyte XML file. Other software using libxml2’s buffer functions, for example libxslt through 1.1.35, is affected as well. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29824 CVE-2022-20744 A vulnerability in the input protection mechanisms of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to view data without proper authorization. This vulnerability exists because of a protection mechanism that relies on the existence or values of a specific input. An attacker could exploit this vulnerability by modifying this input to bypass the protection mechanism and sending a crafted request to an affected device. A successful exploit could allow the attacker to view data beyond the scope of their authorization. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20744 CVE-2022-22137 A memory corruption vulnerability exists in the ioca_mys_rgb_allocate functionality of Accusoft ImageGear 19.10. A specially-crafted malformed file can lead to an arbitrary free. An attacker can provide a malicious file to trigger this vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22137 CVE-2022-22015 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22015 CVE-2022-26934 Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22011, CVE-2022-29112. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26934 CVE-2022-26935 Windows WLAN AutoConfig Service Information Disclosure Vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26935 CVE-2022-26936 Windows Server Service Information Disclosure Vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26936 CVE-2022-26940 Remote Desktop Protocol Client Information Disclosure Vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26940 CVE-2022-29112 Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-22011, CVE-2022-26934. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29112 CVE-2022-29120 Windows Clustered Shared Volume Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29122, CVE-2022-29123, CVE-2022-29134. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29120 CVE-2022-29121 Windows WLAN AutoConfig Service Denial of Service Vulnerability. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29121 CVE-2022-29122 Windows Clustered Shared Volume Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29120, CVE-2022-29123, CVE-2022-29134. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29122 CVE-2022-29123 Windows Clustered Shared Volume Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29120, CVE-2022-29122, CVE-2022-29134. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29123 CVE-2022-29134 Windows Clustered Shared Volume Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29120, CVE-2022-29122, CVE-2022-29123. 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29134 CVE-2022-20090 In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20090 CVE-2022-20091 In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345. 6.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20091 CVE-2022-21489 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21489 CVE-2022-21490 Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.4.35 and prior, 7.5.25 and prior, 7.6.21 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the MySQL Cluster executes to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Cluster. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H). 6.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21490 CVE-2021-26080 EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26080 CVE-2021-35043 OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript\: URL with &#00058 as the replacement for the : character. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-35043 CVE-2021-32786 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9, `oidc_validate_redirect_url()` does not parse URLs the same way as most browsers do. As a result, this function can be bypassed and leads to an Open Redirect vulnerability in the logout functionality. This bug has been fixed in version 2.4.9 by replacing any backslash of the URL to redirect with slashes to address a particular breaking change between the different specifications (RFC2396 / RFC3986 and WHATWG). As a workaround, this vulnerability can be mitigated by configuring `mod_auth_openidc` to only allow redirection whose destination matches a given regular expression. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32786 CVE-2021-32792 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, there is an XSS vulnerability in when using `OIDCPreservePost On`. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-32792 CVE-2021-39191 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In versions prior to 2.4.9.4, the 3rd-party init SSO functionality of mod_auth_openidc was reported to be vulnerable to an open redirect attack by supplying a crafted URL in the `target_link_uri` parameter. A patch in version 2.4.9.4 made it so that the `OIDCRedirectURLsAllowed` setting must be applied to the `target_link_uri` parameter. There are no known workarounds aside from upgrading to a patched version. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-39191 CVE-2021-24838 The AnyComment WordPress plugin before 0.3.5 has an API endpoint which passes user input via the redirect parameter to the wp_redirect() function without being validated first, leading to an Open Redirect issue, which according to the vendor, is a feature. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-24838 CVE-2022-21813 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21813 CVE-2022-21814 NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-21814 CVE-2021-23648 The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-23648 CVE-2022-1175 Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1175 CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop applications. Web based applications are the ones most affected. Since the SVG format allows clickable links in diagrams, it is commonly used in plugins for web based projects (like the Confluence plugin, etc. see https://plantuml.com/de/running). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1231 CVE-2022-25344 An XSS issue was discovered on Olivetti d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application doesn’t properly check parameters, sent in a /dvcset/sysset/set.cgi POST request via the arg01.Hostname field, before saving them on the server. In addition, the JavaScript malicious content is then reflected back to the end user and executed by the web browser. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25344 CVE-2021-41161 Combodo iTop is a web based IT Service Management tool. In versions prior to 3.0.0-beta6 the export CSV page don’t properly escape the user supplied parameters, allowing for javascript injection into rendered csv files. Users are advised to upgrade. There are no known workarounds for this issue. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-41161 CVE-2022-20778 A vulnerability in the authentication component of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based interface of the authentication component of Cisco Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20778 CVE-2022-20788 A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM), Cisco Unified CM Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20788 CVE-2022-27103 element-plus 2.0.5 is vulnerable to Cross Site Scripting (XSS) via el-table-column. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27103 CVE-2022-28094 SCBS Online Sports Venue Reservation System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the fid parameter at booking.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28094 CVE-2022-26596 Cross-site scripting (XSS) vulnerability in Journal module’s web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via web content template names. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26596 CVE-2022-26597 Cross-site scripting (XSS) vulnerability in the Layout module’s Open Graph integration in Liferay Portal 7.3.0 through 7.4.0, and Liferay DXP 7.3 before service pack 3 allows remote attackers to inject arbitrary web script or HTML via the site name. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26597 CVE-2022-28290 Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5. The XSS payload executes whenever the user tries to access the country selector page with the specified payload as a part of the HTTP request 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28290 CVE-2021-26628 Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-26628 CVE-2022-28449 nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). At Apply for vendor account feature, an attacker can upload an arbitrary file to the system. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28449 CVE-2022-26564 HotelDruid Hotel Management Software v3.0.3 contains a cross-site scripting (XSS) vulnerability via the prezzoperiodo4 parameter in creaprezzi.php. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26564 CVE-2022-1504 XSS in /demo/module/?module=HERE in GitHub repository microweber/microweber prior to 1.2.15. Typical impact of XSS attacks. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1504 CVE-2022-24887 Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24887 CVE-2022-29817 In JetBrains IntelliJ IDEA before 2022.1 reflected XSS via error messages in internal web server was possible 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29817 CVE-2022-29152 The Ericom PowerTerm WebConnect 6.0 login portal can unsafely write an XSS payload from the AppPortal cookie into the page. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29152 CVE-2022-24873 Shopware is an open source e-commerce software platform. Prior to version 5.7.9, Shopware is vulnerable to non-stored cross-site scripting in the storefront. This issue is fixed in version 5.7.9. Users of older versions may attempt to mitigate the vulnerability by using the Shopware security plugin. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24873 CVE-2021-43932 Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43932 CVE-2022-22427 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 223720. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22427 CVE-2022-27860 Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) in Shea Bunge’s Footer Text plugin <= 2.0.3 on WordPress. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27860 CVE-2022-29415 Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in Mati Skiba @ Rav Messer’s Ravpage plugin <= 2.16 at WordPress. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29415 CVE-2022-29413 Cross-Site Request Forgery (CSRF) leading to Stored Cross-Site Scripting (XSS) in Mufeng’s Hermit ????? plugin <= 3.1.6 on WordPress via &title parameter. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29413 CVE-2022-28454 Limbas 4.3.36.1319 is vulnerable to Cross Site Scripting (XSS). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28454 CVE-2022-28477 WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-28477 CVE-2022-29907 The Nimbus skin for MediaWiki through 1.37.2 (before 6f9c8fb868345701d9544a54d9752515aace39df) allows XSS in Advertise link messages. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29907 CVE-2022-1530 Cross-site Scripting (XSS) in GitHub repository livehelperchat/livehelperchat prior to 3.99v. Attacker can execute malicious JS on Application 🙂 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1530 CVE-2022-29969 The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true). 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-29969 CVE-2021-25086 The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins viewing it 6.1 https://nvd.nist.gov/vuln/detail/CVE-2021-25086 CVE-2022-0428 The Content Egg WordPress plugin before 5.3.0 does not sanitise and escape the page parameter before outputting back in an attribute in the Autoblogging admin dashboard, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0428 CVE-2022-1250 The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1250 CVE-2022-1269 The Fast Flow WordPress plugin before 1.2.11 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site Scripting 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1269 CVE-2022-1282 The Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET[‘image_url’] variable, which is reflected back to the users when executing the editimage_bwg AJAX action. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1282 CVE-2022-26326 Potential open redirection vulnerability when URL is crafted in specific format in NetIQ Access Manager prior to 5.0.2 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26326 CVE-2020-23617 A cross site scripting (XSS) vulnerability in the error page of Totolink N200RE and N100RE Routers 2.0 allows attackers to execute arbitrary web scripts or HTML via SCRIPT element. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23617 CVE-2020-23618 A reflected cross site scripting (XSS) vulnerability in Xtend Voice Logger 1.0 allows attackers to execute arbitrary web scripts or HTML, via the path of the error page. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2020-23618 CVE-2022-20740 A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. 6.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20740 CVE-2021-3607 An integer overflow was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest due to improper input validation. This flaw allows a privileged guest user to make QEMU allocate a large amount of memory, resulting in a denial of service. The highest threat from this vulnerability is to system availability. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-3607 CVE-2021-3608 A flaw was found in the QEMU implementation of VMWare’s paravirtual RDMA device in versions prior to 6.1.0. The issue occurs while handling a “PVRDMA_REG_DSRHIGH” write from the guest and may result in a crash of QEMU or cause undefined behavior due to the access of an uninitialized pointer. The highest threat from this vulnerability is to system availability. 6 https://nvd.nist.gov/vuln/detail/CVE-2021-3608 CVE-2021-32791 mod_auth_openidc is an authentication/authorization module for the Apache 2.x HTTP server that functions as an OpenID Connect Relying Party, authenticating users against an OpenID Connect Provider. In mod_auth_openidc before version 2.4.9, the AES GCM encryption in mod_auth_openidc uses a static IV and AAD. It is important to fix because this creates a static nonce and since aes-gcm is a stream cipher, this can lead to known cryptographic issues, since the same key is being reused. From 2.4.9 onwards this has been patched to use dynamic values through usage of cjose AES encryption routines. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2021-32791 CVE-2022-24769 Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container’s bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container’s bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-24769 CVE-2022-21457 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PAM Auth Plugin). Supported versions that are affected are 8.0.28 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). 5.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21457 CVE-2022-22713 Windows Hyper-V Denial of Service Vulnerability. 5.6 https://nvd.nist.gov/vuln/detail/CVE-2022-22713 CVE-2021-28657 A carefully crafted or corrupt file may trigger an infinite loop in Tika’s MP3Parser up to and including Tika 1.25. Apache Tika users should upgrade to 1.26 or later. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-28657 CVE-2021-36373 When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Apache Ant prior to 1.9.16 and 1.10.11 were affected. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36373 CVE-2021-36374 When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-36374 CVE-2021-31842 XML Entity Expansion injection vulnerability in McAfee Endpoint Security (ENS) for Windows prior to 10.7.0 September 2021 Update allows a local user to initiate high CPU and memory consumption resulting in a Denial of Service attack through carefully editing the EPDeploy.xml file and then executing the setup process. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-31842 CVE-2021-45958 UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-45958 CVE-2021-22569 An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22569 CVE-2021-46019 An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46019 CVE-2021-46021 An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46021 CVE-2021-46022 An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46022 CVE-2021-46659 MariaDB before 10.7.2 allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46659 CVE-2021-46661 MariaDB through 10.5.9 allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46661 CVE-2021-46663 MariaDB through 10.5.13 allows a ha_maria::extra application crash via certain SELECT statements. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46663 CVE-2021-46664 MariaDB through 10.5.9 allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46664 CVE-2021-46665 MariaDB through 10.5.9 allows a sql_parse.cc application crash because of incorrect used_tables expectations. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46665 CVE-2021-46667 MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46667 CVE-2021-46668 MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-46668 CVE-2021-40403 An information disclosure vulnerability exists in the pick-and-place rotation parsing functionality of Gerbv 2.7.0 and dev (commit b5f1eacd), and Gerbv forked 2.8.0. A specially-crafted pick-and-place file can exploit the missing initialization of a structure to leak memory contents. An attacker can provide a malicious file to trigger this vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-40403 CVE-2022-21815 NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for private IOCTLs where a NULL pointer dereference in the kernel, created within user mode code, may lead to a denial of service in the form of a system crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21815 CVE-2022-21816 NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a user in the guest OS can cause a GPU interrupt storm on the hypervisor host, leading to a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21816 CVE-2022-0529 A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0529 CVE-2022-0530 A flaw was found in Unzip. The vulnerability occurs during the conversion of a wide string to a local string that leads to a heap of out-of-bound write. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0530 CVE-2021-44269 An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c, tainted variable cnt is too large, that makes pointer sptr read beyond heap bound. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-44269 CVE-2022-0907 Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0907 CVE-2022-0908 Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0908 CVE-2022-0909 Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0909 CVE-2022-0924 Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0924 CVE-2021-22571 A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22571 CVE-2021-22572 On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other local users on unix-like systems. We recommend upgrading past commit https://github.com/google/data-transfer-project/pull/969 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-22572 CVE-2022-1122 A flaw was found in the opj2_decompress program in openjpeg2 2.4.0 in the way it handles an input directory with a large number of files. When it fails to allocate a buffer to store the filenames of the input directory, it calls free() on an uninitialized pointer, leading to a segmentation fault and a denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1122 CVE-2022-21459 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-21459 CVE-2021-3721 A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2021-3721 CVE-2022-0636 A denial of service vulnerability was reported in Lenovo Thin Installer prior to version 1.3.0039 that could trigger a system crash. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-0636 CVE-2022-1444 heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1444 CVE-2022-27135 xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27135 CVE-2022-28218 An issue was discovered in CipherMail Webmail Messenger 1.1.1 through 4.1.4. A local attacker could access secret keys (found in a Roundcube configuration file) that are used to protect Webmail user passwords and two-factor authentication (2FA). 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-28218 CVE-2022-27888 Foundry Issues service versions 2.244.0 to 2.249.0 was found to be logging in a manner that captured sensitive information (session tokens). This issue was fixed in 2.249.1. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-27888 CVE-2022-29810 The Hashicorp go-getter library before 1.5.11 does not redact an SSH key from a URL query parameter. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29810 CVE-2022-1507 chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in GitHub repository hpjansson/chafa prior to 1.10.2. chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1507 CVE-2022-24736 Redis is an in-memory database that persists on disk. Prior to versions 6.2.7 and 7.0.0, an attacker attempting to load a specially crafted Lua script can cause NULL pointer dereference which will result with a crash of the redis-server process. The problem is fixed in Redis versions 7.0.0 and 6.2.7. An additional workaround to mitigate this problem without patching the redis-server executable, if Lua scripting is not being used, is to block access to `SCRIPT LOAD` and `EVAL` commands using ACL rules. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-24736 CVE-2022-1475 An integer overflow vulnerability was found in FFmpeg 5.0.1 and in previous versions in g729_parse() in llibavcodec/g729_parser.c when processing a specially crafted file. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1475 CVE-2022-1515 A memory leak was discovered in matio 1.5.21 and earlier in Mat_VarReadNextInfo5() in mat5.c via a crafted file. This issue can potentially result in DoS. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1515 CVE-2022-1331 In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-1331 CVE-2022-20092 In alac decoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366061; Issue ID: ALPS06366061. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-20092 CVE-2022-22011 Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-26934, CVE-2022-29112. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-22011 CVE-2022-26930 Windows Remote Access Connection Manager Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26930 CVE-2022-26933 Windows NTFS Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-26933 CVE-2022-29102 Windows Failover Cluster Information Disclosure Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29102 CVE-2022-29107 Microsoft Office Security Feature Bypass Vulnerability. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29107 CVE-2022-29114 Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29140. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29114 CVE-2022-29140 Windows Print Spooler Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-29114. 5.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29140 CVE-2020-7064 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2020-7064 CVE-2022-21702 Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting (XSS) attack. The attacker could either compromise an existing datasource for a specific Grafana instance or either set up its own public service and instruct anyone to set it up in their Grafana instance. To be impacted, all of the following must be applicable. For the data source proxy: A Grafana HTTP-based datasource configured with Server as Access Mode and a URL set, the attacker has to be in control of the HTTP server serving the URL of above datasource, and a specially crafted link pointing at the attacker controlled data source must be clicked on by an authenticated user. For the plugin proxy: A Grafana HTTP-based app plugin configured and enabled with a URL set, the attacker has to be in control of the HTTP server serving the URL of above app, and a specially crafted link pointing at the attacker controlled plugin must be clocked on by an authenticated user. For the backend plugin resource: An attacker must be able to navigate an authenticated user to a compromised plugin through a crafted link. Users are advised to update to a patched version. There are no known workarounds for this vulnerability. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21702 CVE-2022-26673 ASUS RT-AX88U has insufficient filtering for special characters in the HTTP header parameter. A remote attacker with general user privilege can exploit this vulnerability to inject JavaScript and perform Stored Cross-Site Scripting (XSS) attacks. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-26673 CVE-2022-1457 Store XSS in title parameter executing at EditUser Page & EditProducto page in GitHub repository neorazorx/facturascripts prior to 2022.04. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1457 CVE-2022-1458 Stored XSS Leads To Session Hijacking in GitHub repository openemr/openemr prior to 6.1.0.1. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1458 CVE-2022-27428 A stored cross-site scripting (XSS) vulnerability in /index.php/album/add of GalleryCMS v2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the album_name parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-27428 CVE-2022-0398 The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-0398 CVE-2022-1173 stored xss in GitHub repository getgrav/grav prior to 1.7.33. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1173 CVE-2021-36867 Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-36867 CVE-2022-27854 Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher role via &wpt_test_page_submit_button_caption parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-27854 CVE-2022-28448 nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS). An attacker (role customer) can inject javascript code to First name or Last name at Customer Info. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28448 CVE-2022-28450 nopCommerce 4.50.1 is vulnerable to Cross Site Scripting (XSS) via the “Text” parameter (forums) when creating a new post, which allows a remote attacker to execute arbitrary JavaScript code at client browser. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28450 CVE-2022-28522 ZCMS v20170206 was discovered to contain a stored cross-site scripting (XSS) vulnerability via index.php?m=home&c=message&a=add. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28522 CVE-2022-1503 A vulnerability, which was classified as problematic, has been found in GetSimple CMS. Affected by this issue is the file /admin/edit.php of the Content Module. The manipulation of the argument post-content with an input like –redacted– leads to cross site scripting. The attack may be launched remotely but requires authentication. Expoit details have been disclosed within the advisory 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1503 CVE-2022-28102 A cross-site scripting (XSS) vulnerability in PHP MySQL Admin Panel Generator v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected at /edit-db.php. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28102 CVE-2021-38952 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-38952 CVE-2022-1514 Stored XSS via upload plugin functionality in zip format in GitHub repository neorazorx/facturascripts prior to 2022.06. Cross-site scripting attacks can have devastating consequences. Code injected into a vulnerable application can exfiltrate data or install malware on the user’s machine. Attackers can masquerade as authorized users via session cookies, allowing them to perform any action allowed by the user account. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1514 CVE-2022-22322 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 218370. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22322 CVE-2022-22443 IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 224440. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-22443 CVE-2022-29584 Mahara before 20.10.5, 21.04.4, 21.10.2, and 22.04.0 allows stored XSS when a particular Cascading Style Sheets (CSS) class for embedly is used, and JavaScript code is constructed to perform an action. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29584 CVE-2022-29412 Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Hermit ????? plugin <= 3.1.6 on WordPress allow attackers to delete cache, delete a source, create source. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29412 CVE-2022-1526 A vulnerability, which was classified as problematic, was found in Emlog Pro up to 1.2.2. This affects the POST parameter handling of articles. The manipulation with the input –redacted– leads to cross site scripting. It is possible to initiate the attack remotely but it requires a signup and login by the attacker. The exploit has been disclosed to the public and may be used 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-1526 CVE-2021-41948 A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-41948 CVE-2022-29414 Multiple (13x) Cross-Site Request Forgery (CSRF) vulnerabilities in WPKube’s Subscribe To Comments Reloaded plugin <= 211130 on WordPress allows attackers to clean up Log archive, download system info file, plugin system settings, plugin options settings, generate a new key, reset all options, change notifications settings, management page settings, comment form settings, manage subscriptions > mass update settings, manage subscriptions > add a new subscription, update subscription, delete Subscription. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29414 CVE-2022-23065 In Vendure versions 0.1.0-alpha.2 to 1.5.1 are affected by Stored XSS vulnerability, where an attacker having catalog permission can upload a SVG file that contains malicious JavaScript into the “Assets” tab. The uploaded file will affect administrators as well as regular users. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-23065 CVE-2022-29444 Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin’s settings including CDN setting which could be further used for XSS attack. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-29444 CVE-2022-20627 Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20627 CVE-2022-20628 Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20628 CVE-2022-20629 Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit these vulnerabilities by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-20629 CVE-2021-39390 Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2021-39390 CVE-2022-28588 In SpringBootMovie <=1.2 when adding movie names, malicious code can be stored because there are no filtering parameters, resulting in stored XSS. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28588 CVE-2022-28599 A stored cross-site scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 that allows an authenticated user to upload a malicious .pdf file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger a XSS attack. 5.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28599 CVE-2020-7063 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7063 CVE-2020-10693 A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2020-10693 CVE-2021-20289 A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method’s parameter value. The highest threat from this vulnerability is to data confidentiality. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-20289 CVE-2021-34429 For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-34429 CVE-2022-21296 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.01; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21296 CVE-2022-1166 The JobMonster Theme was vulnerable to Directory Listing in the /wp-content/uploads/jobmonster/ folder, as it did not include a default PHP file, or .htaccess file. This could expose personal data such as people’s resumes. Although Directory Listing can be prevented by securely configuring the web server, vendors can also take measures to make it less likely to happen. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-1166 CVE-2022-22968 In Spring Framework versions 5.3.0 – 5.3.18, 5.2.0 – 5.2.20, and older unsupported versions, the patterns for disallowedFields on a DataBinder are case sensitive which means a field is not effectively protected unless it is listed with both upper and lower case for the first character of the field, including upper and lower case for the first character of all nested fields within the property path. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22968 CVE-2022-21426 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21426 CVE-2022-21434 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21434 CVE-2022-21496 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N). 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21496 CVE-2022-24880 flask-session-captcha is a package which allows users to extend Flask by adding an image based captcha stored in a server side session. In versions prior to 1.2.1, he `captcha.validate()` function would return `None` if passed no value (e.g. by submitting an having an empty form). If implementing users were checking the return value to be **False**, the captcha verification check could be bypassed. Version 1.2.1 fixes the issue. Users can workaround the issue by not explicitly checking that the value is False. Checking the return value less explicitly should still work. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24880 CVE-2021-41041 In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-41041 CVE-2021-46423 Telesquare TLR-2005KSH 1.0.0 is affected by an unauthenticated file download vulnerability that allows a remote attacker to download a full configuration file. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-46423 CVE-2021-38939 IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2021-38939 CVE-2022-22276 A vulnerability in SonicOS SNMP service resulting exposure of sensitive information to an unauthorized user. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22276 CVE-2022-22277 A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-22277 CVE-2022-29869 cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. 5.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29869 CVE-2021-3722 A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. 5 https://nvd.nist.gov/vuln/detail/CVE-2021-3722 CVE-2022-21452 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21452 CVE-2022-21462 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-21462 CVE-2022-0477 An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-0477 CVE-2021-43930 Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2021-43930 CVE-2022-28117 A Server-Side Request Forgery (SSRF) in feed_parser class of Navigate CMS v2.9.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the feed parameter. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-28117 CVE-2022-24898 org.xwiki.commons:xwiki-commons-xml is a common module used by other XWiki top level projects. Starting in version 2.7 and prior to versions 12.10.10, 13.4.4, and 13.8-rc-1, it is possible for a script to access any file accessing to the user running XWiki application server with XML External Entity Injection through the XML script service. The problem has been patched in versions 12.10.10, 13.4.4, and 13.8-rc-1. There is no easy workaround for fixing this vulnerability other than upgrading and being careful when giving Script rights. 4.9 https://nvd.nist.gov/vuln/detail/CVE-2022-24898 CVE-2022-26565 A cross-site scripting (XSS) vulnerability in Totaljs all versions before commit 95f54a5commit, allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Name text field when creating a new page. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26565 CVE-2022-1396 The Donorbox WordPress plugin before 7.1.7 does not sanitise and escape its Campaign URL settings before outputting it in an attribute, leading to a Stored Cross-Site Scripting issue even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1396 CVE-2022-29418 Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) in Mark Daniels Night Mode plugin <= 1.0.0 on WordPress via vulnerable parameters: &ntmode_page_setting[enable-me], &ntmode_page_setting[bg-color], &ntmode_page_setting[txt-color], &ntmode_page_setting[anc_color]. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29418 CVE-2022-22345 IBM QRadar 7.3, 7.4, and 7.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 220041. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22345 CVE-2022-29811 In JetBrains Hub before 2022.1.14638 stored XSS via project icon was possible. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-29811 CVE-2021-41993 A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41993 CVE-2021-41994 A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41994 CVE-2022-23060 A Stored Cross Site Scripting (XSS) vulnerability exists in Shopizer versions 2.0 through 2.17.0, where a privileged user (attacker) can inject malicious JavaScript in the filename under the “Manage files” tab 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23060 CVE-2022-0418 The Event List WordPress plugin before 0.8.8 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks against other admin even when the unfiltered_html is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0418 CVE-2022-0649 The AdRotate WordPress plugin before 5.8.23 does not escape Group Names, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0649 CVE-2022-0662 The AdRotate WordPress plugin before 5.8.23 does not sanitise and escape Advert Names which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0662 CVE-2022-1046 The Visual Form Builder WordPress plugin before 3.0.7 does not sanitise and escape the form’s ‘Email to’ field , which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1046 CVE-2022-1255 The Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issues 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1255 CVE-2021-36844 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in MyThemeShop WP Subscribe plugin <= 1.2.12 on WordPress. 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36844 CVE-2021-41810 Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable 4.8 https://nvd.nist.gov/vuln/detail/CVE-2021-41810 CVE-2022-28589 A stored cross-site scripting (XSS) vulnerability in Pixelimity 1.0 allows attackers to execute arbitrary web scripts or HTML via the Title field in admin/pages.php?action=add_new 4.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28589 CVE-2021-25102 The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta url attribute, when the Rename Login Page is active, which could lead to an Arbitrary Redirect as well as Cross-Site Scripting issue. Exploitation of this issue requires the Login Page URL value to be known, which should be hard to guess, reducing the risk 4.7 https://nvd.nist.gov/vuln/detail/CVE-2021-25102 CVE-2022-29116 Windows Kernel Information Disclosure Vulnerability. 4.7 https://nvd.nist.gov/vuln/detail/CVE-2022-29116 CVE-2021-33107 Insufficiently protected credentials in USB provisioning for Intel(R) AMT SDK before version 16.0.3, Intel(R) SCS before version 12.2 and Intel(R) MEBx before versions 11.0.0.0012, 12.0.0.0011, 14.0.0.0004 and 15.0.0.0004 may allow an unauthenticated user to potentially enable information disclosure via physical access. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2021-33107 CVE-2022-24372 Linksys MR9600 devices before 2.0.5 allow attackers to read arbitrary files via a symbolic link to the root directory of a NAS SMB share. 4.6 https://nvd.nist.gov/vuln/detail/CVE-2022-24372 CVE-2019-1600 A vulnerability in the file system permissions of Cisco FXOS Software and Cisco NX-OS Software could allow an authenticated, local attacker to access sensitive information that is stored in the file system of an affected system. The vulnerability is due to improper implementation of file system permissions. An attacker could exploit this vulnerability by accessing and modifying restricted files. A successful exploit could allow the attacker to access sensitive and critical files. Firepower 4100 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. Firepower 9300 Series Next-Generation Firewalls are affected in versions prior to 2.2.2.91 and 2.3.1.110. MDS 9000 Series Multilayer Switches are affected in versions prior to 6.2(25), 8.1(1b), and 8.3(1). Nexus 3000 Series Switches are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 3500 Platform Switches are affected in versions prior to 6.0(2)A8(10) and 7.0(3)I7(4). Nexus 3600 Platform Switches are affected in versions prior to 7.0(3)F3(5). Nexus 2000, 5500, 5600, and 6000 Series Switches are affected in versions prior to 7.1(5)N1(1b) and 7.3(3)N1(1). Nexus 7000 and 7700 Series Switches are affected in versions prior to 6.2(22), 7.3(3)D1(1), and 8.2(3). Nexus 9000 Series Switches-Standalone are affected in versions prior to 7.0(3)I4(9) and 7.0(3)I7(4). Nexus 9500 R-Series Line Cards and Fabric Modules are affected in versions prior to 7.0(3)F3(5). 4.4 https://nvd.nist.gov/vuln/detail/CVE-2019-1600 CVE-2022-21444 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21444 CVE-2022-21460 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging). Supported versions that are affected are 5.7.37 and prior and 8.0.28 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-21460 CVE-2022-28196 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot blob_decompress function, where insufficient validation of untrusted data may allow a local attacker to cause a memory buffer overflow, which may lead to code execution, limited loss of Integrity, and limited denial of service. 4.4 https://nvd.nist.gov/vuln/detail/CVE-2022-28196 CVE-2020-7066 In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2020-7066 CVE-2021-22134 A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not properly apply security permissions when executing a query against a recently updated document. This affects documents that have been updated and not yet refreshed in the index. This could result in the search disclosing the existence of documents and fields the attacker should not be able to view. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-22134 CVE-2022-21673 Grafana is an open-source platform for monitoring and observability. In affected versions when a data source has the Forward OAuth Identity feature enabled, sending a query to that datasource with an API token (and no other user credentials) will forward the OAuth Identity of the most recently logged-in user. This can allow API token holders to retrieve data for which they may not have intended access. This attack relies on the Grafana instance having data sources that support the Forward OAuth Identity feature, the Grafana instance having a data source with the Forward OAuth Identity feature toggled on, the Grafana instance having OAuth enabled, and the Grafana instance having usable API keys. This issue has been patched in versions 7.5.13 and 8.3.4. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21673 CVE-2022-21713 Grafana is an open-source platform for monitoring and observability. Affected versions of Grafana expose multiple API endpoints which do not properly handle user authorization. `/teams/:teamId` will allow an authenticated attacker to view unintended data by querying for the specific team ID, `/teams/:search` will allow an authenticated attacker to search for teams and see the total number of available teams, including for those teams that the user does not have access to, and `/teams/:teamId/members` when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-21713 CVE-2021-24800 The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24800 CVE-2021-24805 The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-24805 CVE-2022-24866 Discourse Assign is a plugin for assigning users to a topic in Discourse, an open-source messaging platform. Prior to version 1.0.1, the UserBookmarkSerializer serialized the whole User / Group object, which leaked some private information. The data was only being serialized to people who could view assignment info, which is limited to staff by default. For the vast majority of sites, this data was only leaked to trusted staff member, but for sites with assign features enabled publicly, the data was accessible to more people than just staff. Version 1.0.1 contains a patch. There are currently no known workarounds. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24866 CVE-2022-27331 An access control issue in Zammad v5.0.3 broadcasts administrative configuration changes to all users who have an active application instance, including settings that should only be visible to authenticated users. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-27331 CVE-2022-24888 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \\n, \\r, \\t, and \\v characters. The server rejects files and folders that have these characters in the middle of their names, so this might be an opportunity for injection. This issue is fixed in versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1. There are currently no known workarounds. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24888 CVE-2022-24889 Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling “recommended” apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24889 CVE-2021-29776 IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-29776 CVE-2021-38874 IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2021-38874 CVE-2022-29903 The Private Domains extension for MediaWiki through 1.37.2 (before 1ad65d4c1c199b375ea80988d99ab51ae068f766) allows CSRF for editing pages that store the extension’s configuration. The attacker must trigger a POST request to Special:PrivateDomains. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29903 CVE-2022-29905 The FanBoxes extension for MediaWiki through 1.37.2 (before 027ffb0b9d6fe0d823810cf03f5b562a212162d4) allows Special:UserBoxes CSRF. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29905 CVE-2022-0984 Users with the capability to configure badge criteria (teachers and managers by default) were able to configure course badges with profile field criteria, which should only be available for site badges. 4.3 https://nvd.nist.gov/vuln/detail/CVE-2022-0984 CVE-2022-28195 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_read_file function, where insufficient validation of untrusted data may allow a highly privileged local attacker to cause a integer overflow, which may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 4.2 https://nvd.nist.gov/vuln/detail/CVE-2022-28195 CVE-2022-29127 BitLocker Security Feature Bypass Vulnerability. 4.2 https://nvd.nist.gov/vuln/detail/CVE-2022-29127 CVE-2022-20805 A vulnerability in the automatic decryption process in Cisco Umbrella Secure Web Gateway (SWG) could allow an authenticated, adjacent attacker to bypass the SSL decryption and content filtering policies on an affected system. This vulnerability is due to how the decryption function uses the TLS Sever Name Indication (SNI) extension of an HTTP request to discover the destination domain and determine if the request needs to be decrypted. An attacker could exploit this vulnerability by sending a crafted request over TLS from a client to an unknown or controlled URL. A successful exploit could allow an attacker to bypass the decryption process of Cisco Umbrella SWG and allow malicious content to be downloaded to a host on a protected network. There are workarounds that address this vulnerability. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2022-20805 CVE-2022-24466 Windows Hyper-V Security Feature Bypass Vulnerability. 4.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24466 CVE-2021-25266 An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. 3.9 https://nvd.nist.gov/vuln/detail/CVE-2021-25266 CVE-2022-28197 NVIDIA Jetson Linux Driver Package contains a vulnerability in the Cboot ext4_mount function, where Insufficient validation of untrusted data may allow a highly privileged local attacker to cause an integer overflow. This difficult- to-exploit vulnerability may lead to code execution, escalation of privileges, limited denial of service, and some impact to confidentiality and integrity. 3.9 https://nvd.nist.gov/vuln/detail/CVE-2022-28197 CVE-2022-24886 Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. 3.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24886 CVE-2021-22924 libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take ‘issuercert’ into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn’t include the ‘issuer cert’ which a transfer can setto qualify how to verify the server certificate. 3.7 https://nvd.nist.gov/vuln/detail/CVE-2021-22924 CVE-2022-21443 Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L). 3.7 https://nvd.nist.gov/vuln/detail/CVE-2022-21443 CVE-2022-29820 In JetBrains PyCharm before 2022.1 exposure of the debugger port to the internal network was possible 3.5 https://nvd.nist.gov/vuln/detail/CVE-2022-29820 CVE-2020-8908 A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime’s java.io.tmpdir system property to point to a location whose permissions are appropriately configured. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2020-8908 CVE-2022-24448 An issue was discovered in fs/nfs/dir.c in the Linux kernel before 5.16.5. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should occur, but the server instead returns uninitialized data in the file descriptor. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24448 CVE-2022-29816 In JetBrains IntelliJ IDEA before 2022.1 HTML injection into IDE messages was possible 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29816 CVE-2022-24099 Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-24099 CVE-2022-30130 .NET Framework Denial of Service Vulnerability. 3.3 https://nvd.nist.gov/vuln/detail/CVE-2022-30130 CVE-2022-26354 A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. 3.2 https://nvd.nist.gov/vuln/detail/CVE-2022-26354 CVE-2022-24885 Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds. 2.4 https://nvd.nist.gov/vuln/detail/CVE-2022-24885 CVE-2022-29812 In JetBrains IntelliJ IDEA before 2022.1 notification mechanisms about using Unicode directionality formatting characters were insufficient 2.3 https://nvd.nist.gov/vuln/detail/CVE-2022-29812 CVE-2014-0429 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. – https://nvd.nist.gov/vuln/detail/CVE-2014-0429 CVE-2014-0432 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0455 and CVE-2014-2402. – https://nvd.nist.gov/vuln/detail/CVE-2014-0432 CVE-2014-0446 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. – https://nvd.nist.gov/vuln/detail/CVE-2014-0446 CVE-2014-0448 Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. – https://nvd.nist.gov/vuln/detail/CVE-2014-0448 CVE-2014-0449 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via unknown vectors related to Deployment. – https://nvd.nist.gov/vuln/detail/CVE-2014-0449 CVE-2014-0451 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-2412. – https://nvd.nist.gov/vuln/detail/CVE-2014-0451 CVE-2014-0452 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0458 and CVE-2014-2423. – https://nvd.nist.gov/vuln/detail/CVE-2014-0452 CVE-2014-0453 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security. – https://nvd.nist.gov/vuln/detail/CVE-2014-0453 CVE-2014-0454 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security. – https://nvd.nist.gov/vuln/detail/CVE-2014-0454 CVE-2014-0455 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-2402. – https://nvd.nist.gov/vuln/detail/CVE-2014-0455 CVE-2014-0456 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. – https://nvd.nist.gov/vuln/detail/CVE-2014-0456 CVE-2014-0457 Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. – https://nvd.nist.gov/vuln/detail/CVE-2014-0457 CVE-2014-0458 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-2423. – https://nvd.nist.gov/vuln/detail/CVE-2014-0458 CVE-2014-0459 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect availability via unknown vectors related to 2D. – https://nvd.nist.gov/vuln/detail/CVE-2014-0459 CVE-2014-0460 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality and integrity via vectors related to JNDI. – https://nvd.nist.gov/vuln/detail/CVE-2014-0460 CVE-2014-0461 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. – https://nvd.nist.gov/vuln/detail/CVE-2014-0461 CVE-2014-0463 Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0464. – https://nvd.nist.gov/vuln/detail/CVE-2014-0463 CVE-2014-0464 Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality via unknown vectors related to Scripting, a different vulnerability than CVE-2014-0463. – https://nvd.nist.gov/vuln/detail/CVE-2014-0464 CVE-2014-2397 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. – https://nvd.nist.gov/vuln/detail/CVE-2014-2397 CVE-2014-2398 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. – https://nvd.nist.gov/vuln/detail/CVE-2014-2398 CVE-2014-2401 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality via unknown vectors related to 2D. – https://nvd.nist.gov/vuln/detail/CVE-2014-2401 CVE-2014-2402 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2014-0432 and CVE-2014-0455. – https://nvd.nist.gov/vuln/detail/CVE-2014-2402 CVE-2014-2403 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality via vectors related to JAXP. – https://nvd.nist.gov/vuln/detail/CVE-2014-2403 CVE-2014-2409 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Deployment. – https://nvd.nist.gov/vuln/detail/CVE-2014-2409 CVE-2014-2410 Unspecified vulnerability in Oracle Java SE 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. – https://nvd.nist.gov/vuln/detail/CVE-2014-2410 CVE-2014-2412 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT, a different vulnerability than CVE-2014-0451. – https://nvd.nist.gov/vuln/detail/CVE-2014-2412 CVE-2014-2413 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Libraries. – https://nvd.nist.gov/vuln/detail/CVE-2014-2413 CVE-2014-2414 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXB. – https://nvd.nist.gov/vuln/detail/CVE-2014-2414 CVE-2014-2420 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect integrity via unknown vectors related to Deployment. – https://nvd.nist.gov/vuln/detail/CVE-2014-2420 CVE-2014-2421 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. – https://nvd.nist.gov/vuln/detail/CVE-2014-2421 CVE-2014-2422 Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX 2.2.51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. – https://nvd.nist.gov/vuln/detail/CVE-2014-2422 CVE-2014-2423 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458. – https://nvd.nist.gov/vuln/detail/CVE-2014-2423 CVE-2014-2427 Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound. – https://nvd.nist.gov/vuln/detail/CVE-2014-2427 CVE-2014-2428 Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. – https://nvd.nist.gov/vuln/detail/CVE-2014-2428 CVE-2022-20759 A vulnerability in the web services interface for remote access VPN features of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, but unprivileged, remote attacker to elevate privileges to level 15. This vulnerability is due to improper separation of authentication and authorization scopes. An attacker could exploit this vulnerability by sending crafted HTTPS messages to the web services interface of an affected device. A successful exploit could allow the attacker to gain privilege level 15 access to the web management interface of the device. This includes privilege level 15 access to the device using management tools like the Cisco Adaptive Security Device Manager (ASDM) or the Cisco Security Manager (CSM). Note: With Cisco FTD Software, the impact is lower than the CVSS score suggests because the affected web management interface allows for read access only. – https://nvd.nist.gov/vuln/detail/CVE-2022-20759 CVE-2022-20084 In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06498874; Issue ID: ALPS06498874. – https://nvd.nist.gov/vuln/detail/CVE-2022-20084 CVE-2022-20096 In camera, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06419003; Issue ID: ALPS06419003. – https://nvd.nist.gov/vuln/detail/CVE-2022-20096 CVE-2022-20097 In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944. – https://nvd.nist.gov/vuln/detail/CVE-2022-20097 CVE-2022-20098 In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017. – https://nvd.nist.gov/vuln/detail/CVE-2022-20098 CVE-2022-20099 In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296442. – https://nvd.nist.gov/vuln/detail/CVE-2022-20099 CVE-2022-20100 In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804. – https://nvd.nist.gov/vuln/detail/CVE-2022-20100 CVE-2022-20109 In ion, there is a possible use after free due to improper update of reference count. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399915. – https://nvd.nist.gov/vuln/detail/CVE-2022-20109 CVE-2022-20110 In ion, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06399915; Issue ID: ALPS06399901. – https://nvd.nist.gov/vuln/detail/CVE-2022-20110 CVE-2022-27313 An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. – https://nvd.nist.gov/vuln/detail/CVE-2022-27313 CVE-2022-27330 A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field. – https://nvd.nist.gov/vuln/detail/CVE-2022-27330 CVE-2022-28780 Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. – https://nvd.nist.gov/vuln/detail/CVE-2022-28780 CVE-2022-28781 Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. – https://nvd.nist.gov/vuln/detail/CVE-2022-28781 CVE-2022-28782 Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-28782 CVE-2022-28783 Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. – https://nvd.nist.gov/vuln/detail/CVE-2022-28783 CVE-2022-28784 Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. – https://nvd.nist.gov/vuln/detail/CVE-2022-28784 CVE-2022-28785 Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. – https://nvd.nist.gov/vuln/detail/CVE-2022-28785 CVE-2022-28786 Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. – https://nvd.nist.gov/vuln/detail/CVE-2022-28786 CVE-2022-28787 Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. – https://nvd.nist.gov/vuln/detail/CVE-2022-28787 CVE-2022-28788 Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. – https://nvd.nist.gov/vuln/detail/CVE-2022-28788 CVE-2022-28789 Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. – https://nvd.nist.gov/vuln/detail/CVE-2022-28789 CVE-2022-28790 Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. – https://nvd.nist.gov/vuln/detail/CVE-2022-28790 CVE-2022-28791 Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. – https://nvd.nist.gov/vuln/detail/CVE-2022-28791 CVE-2022-28792 DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. – https://nvd.nist.gov/vuln/detail/CVE-2022-28792 CVE-2022-28793 Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time. – https://nvd.nist.gov/vuln/detail/CVE-2022-28793 CVE-2021-22680 NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-22680 CVE-2021-27411 Micrium OS Versions 5.10.1 and prior are vulnerable to integer wrap-around in functions Mem_DynPoolCreate, Mem_DynPoolCreateHW and Mem_PoolCreate. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as very small blocks of memory being allocated instead of very large ones. – https://nvd.nist.gov/vuln/detail/CVE-2021-27411 CVE-2021-27417 eCosCentric eCosPro RTOS Versions 2.0.1 through 4.5.3 are vulnerable to integer wraparound in function calloc (an implementation of malloc). The unverified memory assignment can lead to arbitrary memory allocation, resulting in a heap-based buffer overflow. – https://nvd.nist.gov/vuln/detail/CVE-2021-27417 CVE-2021-27419 uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-27419 CVE-2021-27421 NXP MCUXpresso SDK versions prior to 2.8.2 are vulnerable to integer overflow in SDK_Malloc function, which could allow to access memory locations outside the bounds of a specified array, leading to unexpected behavior such segmentation fault when assigning a particular block of memory from the heap via malloc. – https://nvd.nist.gov/vuln/detail/CVE-2021-27421 CVE-2021-27425 Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mm_malloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-27425 CVE-2021-27427 RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-27427 CVE-2021-27431 ARM CMSIS RTOS2 versions prior to 2.1.3 are vulnerable to integer wrap-around inosRtxMemoryAlloc (local malloc equivalent) function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or injected code execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-27431 CVE-2021-27433 ARM mbed-ualloc memory library version 1.3.0 is vulnerable to integer wrap-around in function mbed_krbs, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-27433 CVE-2021-27435 ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in malloc_wrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-27435 CVE-2021-27439 TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function ‘tos_mmheap_alloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution. – https://nvd.nist.gov/vuln/detail/CVE-2021-27439 CVE-2022-1548 Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. – https://nvd.nist.gov/vuln/detail/CVE-2022-1548 CVE-2022-20101 In aee daemon, there is a possible information disclosure due to a path traversal. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06270870. – https://nvd.nist.gov/vuln/detail/CVE-2022-20101 CVE-2022-20102 In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405. – https://nvd.nist.gov/vuln/detail/CVE-2022-20102 CVE-2022-20103 In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684. – https://nvd.nist.gov/vuln/detail/CVE-2022-20103 CVE-2022-20104 In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06284104. – https://nvd.nist.gov/vuln/detail/CVE-2022-20104 CVE-2022-20105 In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. – https://nvd.nist.gov/vuln/detail/CVE-2022-20105 CVE-2022-20106 In MM service, there is a possible out of bounds write due to a heap-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460. – https://nvd.nist.gov/vuln/detail/CVE-2022-20106 CVE-2022-20107 In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673. – https://nvd.nist.gov/vuln/detail/CVE-2022-20107 CVE-2022-20108 In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702. – https://nvd.nist.gov/vuln/detail/CVE-2022-20108 CVE-2022-20111 In ion, there is a possible use after free due to incorrect error handling. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06366069; Issue ID: ALPS06366069. – https://nvd.nist.gov/vuln/detail/CVE-2022-20111 CVE-2022-21743 In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108. – https://nvd.nist.gov/vuln/detail/CVE-2022-21743 CVE-2022-27413 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the adminname parameter in admin.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-27413 CVE-2021-43159 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the setSessionTime function in /cgi-bin/luci/api/common.. – https://nvd.nist.gov/vuln/detail/CVE-2021-43159 CVE-2021-43160 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the switchFastDhcp function in /cgi-bin/luci/api/diagnose. – https://nvd.nist.gov/vuln/detail/CVE-2021-43160 CVE-2021-43161 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the doSwitchApi function in /cgi-bin/luci/api/switch. – https://nvd.nist.gov/vuln/detail/CVE-2021-43161 CVE-2021-43162 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the runPackDiagnose function in /cgi-bin/luci/api/diagnose. – https://nvd.nist.gov/vuln/detail/CVE-2021-43162 CVE-2021-43163 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the checkNet function in /cgi-bin/luci/api/auth. – https://nvd.nist.gov/vuln/detail/CVE-2021-43163 CVE-2021-43164 A Remote Code Execution (RCE) vulnerability exists in Ruijie Networks Ruijie RG-EW Series Routers up to ReyeeOS 1.55.1915 / EW_3.0(1)B11P55 via the updateVersion function in /cgi-bin/luci/api/wireless. – https://nvd.nist.gov/vuln/detail/CVE-2021-43164 CVE-2022-24901 Improper validation of the Apple certificate URL in the Apple Game Center authentication adapter allows attackers to bypass authentication, making the server vulnerable to DoS attacks. The vulnerability has been fixed by improving the URL validation and adding additional checks of the resource the URL points to before downloading it. – https://nvd.nist.gov/vuln/detail/CVE-2022-24901 CVE-2022-27420 Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the patient_contact parameter in patientsearch.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-27420 CVE-2022-27431 Wuzhicms v4.1.0 was discovered to contain a SQL injection vulnerability via the groupid parameter at /coreframe/app/member/admin/group.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-27431 CVE-2022-27470 SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. – https://nvd.nist.gov/vuln/detail/CVE-2022-27470 CVE-2022-28055 Fusionpbx v4.4 and below contains a command injection vulnerability via the download email logs function. – https://nvd.nist.gov/vuln/detail/CVE-2022-28055 CVE-2022-1502 Permissions were not properly verified in the API on projects using version control in Git. This allowed projects to be modified by users with only ProjectView permissions. – https://nvd.nist.gov/vuln/detail/CVE-2022-1502 CVE-2022-1555 DOM XSS in microweber ver 1.2.15 in GitHub repository microweber/microweber prior to 1.2.16. inject arbitrary js code, deface website, steal cookie… – https://nvd.nist.gov/vuln/detail/CVE-2022-1555 CVE-2021-42192 Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. – https://nvd.nist.gov/vuln/detail/CVE-2021-42192 CVE-2022-1571 Cross-site scripting – Reflected in Create Subaccount in GitHub repository neorazorx/facturascripts prior to 2022.07. This vulnerability can be arbitrarily executed javascript code to steal user’cookie, perform HTTP request, get content of `same origin` page, etc … – https://nvd.nist.gov/vuln/detail/CVE-2022-1571 CVE-2021-42185 wdja v2.1 is affected by a SQL injection vulnerability in the foreground search function. – https://nvd.nist.gov/vuln/detail/CVE-2021-42185 CVE-2022-28096 Skycaiji v2.4 was discovered to contain a remote code execution (RCE) vulnerability via /SkycaijiApp/admin/controller/Develop.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-28096 CVE-2022-28111 MyBatis PageHelper v1.x.x-v5.x.x was discovered to contain a time-blind SQL injection vulnerability via the orderBy parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-28111 CVE-2021-32010 Inadequate Encryption Strength vulnerability in TLS stack of Secomea SiteManager, LinkManager, GateManager may facilitate man in the middle attacks. This issue affects: Secomea SiteManager All versions prior to 9.7. Secomea LinkManager versions prior to 9.7. Secomea GateManager versions prior to 9.7. – https://nvd.nist.gov/vuln/detail/CVE-2021-32010 CVE-2022-25778 Cross-Site Request Forgery (CSRF) vulnerability in Web UI of Secomea GateManager allows phishing attacker to issue get request in logged in user session. – https://nvd.nist.gov/vuln/detail/CVE-2022-25778 CVE-2022-25779 Logging of Excessive Data vulnerability in audit log of Secomea GateManager allows logged in user to write text entries in audit log. This issue affects: Secomea GateManager versions prior to 9.7. – https://nvd.nist.gov/vuln/detail/CVE-2022-25779 CVE-2022-25780 Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. – https://nvd.nist.gov/vuln/detail/CVE-2022-25780 CVE-2022-25781 Cross-site Scripting (XSS) vulnerability in Web UI of Secomea GateManager allows phishing attacker to inject javascript or html into logged in user session. – https://nvd.nist.gov/vuln/detail/CVE-2022-25781 CVE-2022-25782 Improper Handling of Insufficient Privileges vulnerability in Web UI of Secomea GateManager allows logged in user to access and update privileged information. This issue affects: Secomea GateManager versions prior to 9.7. – https://nvd.nist.gov/vuln/detail/CVE-2022-25782 CVE-2022-25783 Insufficient Logging vulnerability in web server of Secomea GateManager allows logged in user to issue improper queries without logging. This issue affects: Secomea GateManager versions prior to 9.7. – https://nvd.nist.gov/vuln/detail/CVE-2022-25783 CVE-2022-25784 Cross-site Scripting (XSS) vulnerability in Web GUI of SiteManager allows logged-in user to inject scripting. This issue affects: Secomea SiteManager all versions prior to 9.7. – https://nvd.nist.gov/vuln/detail/CVE-2022-25784 CVE-2022-25785 Stack-based Buffer Overflow vulnerability in SiteManager allows logged-in or local user to cause arbitrary code execution. This issue affects: Secomea SiteManager all versions prior to 9.7. – https://nvd.nist.gov/vuln/detail/CVE-2022-25785 CVE-2022-25787 Information Exposure Through Query Strings in GET Request vulnerability in LMM API of Secomea GateManager allows system administrator to hijack connection. This issue affects: Secomea GateManager all versions prior to 9.7. – https://nvd.nist.gov/vuln/detail/CVE-2022-25787 CVE-2022-27903 An OS Command Injection vulnerability in the configuration parser of Eve-NG Professional through 4.0.1-65 and Eve-NG Community through 2.0.3-112 allows a remote authenticated attacker to execute commands as root by editing virtualization command parameters of imported UNL files. – https://nvd.nist.gov/vuln/detail/CVE-2022-27903 CVE-2022-28066 Libarchive v3.6.0 was discovered to contain a read memory access vulnerability via the function lzma_decode. – https://nvd.nist.gov/vuln/detail/CVE-2022-28066 CVE-2022-28067 An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a Denial of Service (DoS) in the Sandbox via a crafted executable. – https://nvd.nist.gov/vuln/detail/CVE-2022-28067 CVE-2022-28076 Seacms v11.6 was discovered to contain a remote command execution (RCE) vulnerability via the Mail Server Settings. – https://nvd.nist.gov/vuln/detail/CVE-2022-28076 CVE-2022-28081 A reflected cross-site scripting (XSS) vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts. – https://nvd.nist.gov/vuln/detail/CVE-2022-28081 CVE-2022-28082 Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the list parameter at /goform/SetNetControlList. – https://nvd.nist.gov/vuln/detail/CVE-2022-28082 CVE-2022-28090 Jspxcms v10.2.0 allows attackers to execute a Server-Side Request Forgery (SSRF) via /cmscp/ext/collect/fetch_url.do?url=. – https://nvd.nist.gov/vuln/detail/CVE-2022-28090 CVE-2022-28099 Poultry Farm Management System v1.0 was discovered to contain a SQL injection vulnerability via the Item parameter at /farm/store.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-28099 CVE-2022-28508 An XSS issue was discovered in browser_search_plugin.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. – https://nvd.nist.gov/vuln/detail/CVE-2022-28508 CVE-2022-27461 In nopCommerce 4.50.1, an open redirect vulnerability can be triggered by luring a user to authenticate to a nopCommerce page by clicking on a crafted link. – https://nvd.nist.gov/vuln/detail/CVE-2022-27461 CVE-2022-28487 Tcpreplay version 4.4.1 contains a memory leakage flaw in fix_ipv6_checksums() function. The highest threat from this vulnerability is to data confidentiality. – https://nvd.nist.gov/vuln/detail/CVE-2022-28487 CVE-2022-28488 The function wav_format_write in libwav.c in libwav through 2017-04-20 has an Use of Uninitialized Variable vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-28488 CVE-2022-28512 A SQL injection vulnerability exists in Sourcecodester Fantastic Blog CMS 1.0 . An attacker can inject query in “/fantasticblog/single.php” via the “id=5” parameters. – https://nvd.nist.gov/vuln/detail/CVE-2022-28512 CVE-2022-28552 Cscms 4.1 is vulnerable to SQL Injection. Log into the background, open the song module, create a new song, delete it to the recycle bin, and SQL injection security problems will occur when emptying the recycle bin. – https://nvd.nist.gov/vuln/detail/CVE-2022-28552 CVE-2022-28568 Sourcecodester Doctor’s Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored. – https://nvd.nist.gov/vuln/detail/CVE-2022-28568 CVE-2022-28806 An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311, E5510/E5410, U7510/U7410/U7310, E459/E449) with BIOS versions before v1.09 (A3510), v2.17 (U9310), v2.30 (U7511/U7411/U7311), v2.33 (U9311), v2.23 (E5510), v2.19 (U7510/U7410), v2.13 (U7310), and v1.09 (E459/E449). The FjGabiFlashCoreAbstractionSmm driver registers a Software System Management Interrupt (SWSMI) handler that is not sufficiently validated to ensure that the CommBuffer (or any other communication buffer’s nested contents) are not pointing to SMRAM contents. A potential attacker can therefore write fixed data to SMRAM, which could lead to data corruption inside this memory (e.g., change the SMI handler’s code or modify SMRAM map structures to break input pointer validation for other SMI handlers). Thus, the attacker could elevate privileges from ring 0 to ring -2 and execute arbitrary code in SMM. – https://nvd.nist.gov/vuln/detail/CVE-2022-28806 CVE-2022-29347 An arbitrary file upload vulnerability in Web@rchiv 1.0 allows attackers to execute arbitrary commands via a crafted PHP file. – https://nvd.nist.gov/vuln/detail/CVE-2022-29347 CVE-2022-29950 Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the (1) rule name parameter to the Rules page or the (2) subrule name or (3) categories name parameter to the Subrules page. – https://nvd.nist.gov/vuln/detail/CVE-2022-29950 CVE-2021-20051 SonicWall Global VPN Client 4.10.7.1117 installer (32-bit and 64-bit) and earlier versions have a DLL Search Order Hijacking vulnerability in one of the installer components. Successful exploitation via a local attacker could result in command execution in the target system. – https://nvd.nist.gov/vuln/detail/CVE-2021-20051 CVE-2021-41020 An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may allow an authenticated, non privileged attacker to regenerate the CA certificate via the regeneration URL. – https://nvd.nist.gov/vuln/detail/CVE-2021-41020 CVE-2021-41032 An improper access control vulnerability [CWE-284] in FortiOS versions 6.4.8 and prior and 7.0.3 and prior may allow an authenticated attacker with a restricted user profile to gather sensitive information and modify the SSL-VPN tunnel status of other VDOMs using specific CLI commands. – https://nvd.nist.gov/vuln/detail/CVE-2021-41032 CVE-2021-43206 A server-generated error message containing sensitive information in Fortinet FortiOS 7.0.0 through 7.0.3, 6.4.0 through 6.4.8, 6.2.x, 6.0.x and FortiProxy 7.0.0 through 7.0.1, 2.0.x allows malicious webservers to retrieve a web proxy’s client username and IP via same origin HTTP requests triggering proxy-generated HTTP status codes pages. – https://nvd.nist.gov/vuln/detail/CVE-2021-43206 CVE-2022-23443 An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to access gateway API data via crafted HTTP GET requests. – https://nvd.nist.gov/vuln/detail/CVE-2022-23443 CVE-2022-28556 Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin is vulnerable to Buffer Overflow. The stack overflow vulnerability lies in the /goform/setpptpservercfg interface of the web. The sent post data startip and endip are copied to the stack using the sanf function, resulting in stack overflow. Similarly, this vulnerability can be used together with CVE-2021-44971 – https://nvd.nist.gov/vuln/detail/CVE-2022-28556 CVE-2022-28557 There is a command injection vulnerability at the /goform/setsambacfg interface of Tenda AC15 US_AC15V1.0BR_V15.03.05.20_multi_TDE01.bin device web, which can also cooperate with CVE-2021-44971 to cause unconditional arbitrary command execution – https://nvd.nist.gov/vuln/detail/CVE-2022-28557 CVE-2022-28940 In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization. It sends a large amount of data through ajaxmsg to carry out DOS attack. – https://nvd.nist.gov/vuln/detail/CVE-2022-28940 CVE-2021-42235 SQL injection in osTicket before 1.14.8 and 1.15.4 login and password reset process allows attackers to access the osTicket administration profile functionality. – https://nvd.nist.gov/vuln/detail/CVE-2021-42235 CVE-2022-20734 A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, local attacker to view sensitive information on an affected system. This vulnerability is due to insufficient file system restrictions. An authenticated attacker with netadmin privileges could exploit this vulnerability by accessing the vshell of an affected system. A successful exploit could allow the attacker to read sensitive information on the underlying operating system. – https://nvd.nist.gov/vuln/detail/CVE-2022-20734 CVE-2022-20753 A vulnerability in web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending malicious input to an affected device. A successful exploit could allow the attacker to execute remote code on the affected device. To exploit this vulnerability, an attacker would need to have valid Administrator credentials on the affected device. – https://nvd.nist.gov/vuln/detail/CVE-2022-20753 CVE-2022-20764 Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20764 CVE-2022-20770 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. – https://nvd.nist.gov/vuln/detail/CVE-2022-20770 CVE-2022-20771 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. – https://nvd.nist.gov/vuln/detail/CVE-2022-20771 CVE-2022-20777 Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20777 CVE-2022-20779 Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20779 CVE-2022-20780 Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an attacker to escape from the guest virtual machine (VM) to the host machine, inject commands that execute at the root level, or leak system data from the host to the VM. For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20780 CVE-2022-20785 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. – https://nvd.nist.gov/vuln/detail/CVE-2022-20785 CVE-2022-20794 Multiple vulnerabilities in the web engine of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow a remote attacker to cause a denial of service (DoS) condition, view sensitive data on an affected device, or redirect users to an attacker-controlled destination. For more information about these vulnerabilities, see the Details section of this advisory. – https://nvd.nist.gov/vuln/detail/CVE-2022-20794 CVE-2022-20796 On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. – https://nvd.nist.gov/vuln/detail/CVE-2022-20796 CVE-2022-20799 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. – https://nvd.nist.gov/vuln/detail/CVE-2022-20799 CVE-2022-20801 Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV340 and RV345 Routers could allow an authenticated, remote attacker to inject and execute arbitrary commands on the underlying operating system of an affected device. These vulnerabilities are due to insufficient validation of user-supplied input. An attacker could exploit these vulnerabilities by sending malicious input to an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system of the affected device. To exploit these vulnerabilities, an attacker would need to have valid Administrator credentials on the affected device. – https://nvd.nist.gov/vuln/detail/CVE-2022-20801 CVE-2022-23724 Use of static encryption key material allows forging an authentication token to other users within a tenant organization. MFA may be bypassed by redirecting an authentication flow to a target user. To exploit the vulnerability, must have compromised user credentials. – https://nvd.nist.gov/vuln/detail/CVE-2022-23724 CVE-2022-1584 Reflected XSS in GitHub repository microweber/microweber prior to 1.2.16. Executing JavaScript as the victim – https://nvd.nist.gov/vuln/detail/CVE-2022-1584 CVE-2022-25786 Unprotected Alternate Channel vulnerability in debug console of GateManager allows system administrator to obtain sensitive information. This issue affects: GateManager all versions prior to 9.7. – https://nvd.nist.gov/vuln/detail/CVE-2022-25786 CVE-2022-29942 Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry ‘Add’ functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. – https://nvd.nist.gov/vuln/detail/CVE-2022-29942 CVE-2022-29943 Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. – https://nvd.nist.gov/vuln/detail/CVE-2022-29943 CVE-2022-30241 The jquery.json-viewer library through 1.4.0 for Node.js does not properly escape characters such as < in a JSON object, as demonstrated by a SCRIPT element. – https://nvd.nist.gov/vuln/detail/CVE-2022-30241 CVE-2022-29155 In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an LDAP search operation when the search filter is processed, due to a lack of proper escaping. – https://nvd.nist.gov/vuln/detail/CVE-2022-29155 CVE-2022-30284 In the python-libnmap package through 0.7.2 for Python, remote command execution can occur (if used in a client application that does not validate arguments). – https://nvd.nist.gov/vuln/detail/CVE-2022-30284 CVE-2022-30292 thread_call in sqbaselib.cpp in SQUIRREL 3.2 lacks a certain sq_reservestack call. – https://nvd.nist.gov/vuln/detail/CVE-2022-30292 CVE-2022-1588 Cross-site Scripting (XSS) in GitHub repository contao/contao prior to 4.13.3. Attacker can execute Malicious JS in Application 🙂 – https://nvd.nist.gov/vuln/detail/CVE-2022-1588 CVE-2022-28890 A vulnerability in the RDF/XML parser of Apache Jena allows an attacker to cause an external DTD to be retrieved. This issue affects Apache Jena version 4.4.0 and prior versions. Apache Jena 4.2.x and 4.3.x do not allow external entities. – https://nvd.nist.gov/vuln/detail/CVE-2022-28890 CVE-2022-1590 A vulnerability was found in Bludit 3.13.1. It has been declared as problematic. This vulnerability affects the endpoint /admin/new-content of the New Content module. The manipulation of the argument content with the input –redacted– leads to cross site scripting. The attack can be initiated remotely but requires an authentication. The exploit has been disclosed to the public and may be used – https://nvd.nist.gov/vuln/detail/CVE-2022-1590 CVE-2021-41739 A OS Command Injection vulnerability was discovered in Artica Proxy 4.30.000000. Attackers can execute OS commands in cyrus.events.php with GET param logs and POST param rp. – https://nvd.nist.gov/vuln/detail/CVE-2021-41739 CVE-2021-45783 Bookeen Notea Firmware BK_R_1.0.5_20210608 is affected by a directory traversal vulnerability that allows an attacker to obtain sensitive information. – https://nvd.nist.gov/vuln/detail/CVE-2021-45783 CVE-2022-1411 Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim’s cookie leads to account takeover. – https://nvd.nist.gov/vuln/detail/CVE-2022-1411 CVE-2022-1592 Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss… – https://nvd.nist.gov/vuln/detail/CVE-2022-1592 CVE-2022-1575 Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. – Arbitrary (remote) code execution in the desktop app. – Stored XSS in the web app. – https://nvd.nist.gov/vuln/detail/CVE-2022-1575 CVE-2022-29938 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interface\\billing\\new_payment.php via interface\\billing\\payment_master.inc.php leads to SQL injection. – https://nvd.nist.gov/vuln/detail/CVE-2022-29938 CVE-2022-29939 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interface\\billing\\sl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. – https://nvd.nist.gov/vuln/detail/CVE-2022-29939 CVE-2022-29940 In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interface\\orders\\find_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. – https://nvd.nist.gov/vuln/detail/CVE-2022-29940 CVE-2021-42242 A command execution vulnerability exists in jfinal_cms 5.0.1 via com.jflyfox.component.controller.Ueditor. – https://nvd.nist.gov/vuln/detail/CVE-2021-42242 CVE-2022-28461 mingyuefusu Library Management System all versions as of 03-27-2022 is vulnerable to SQL Injection. – https://nvd.nist.gov/vuln/detail/CVE-2022-28461 CVE-2022-28462 novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-28462 CVE-2022-28471 In ffjpeg (commit hash: caade60), the function bmp_load() in bmp.c contains an integer overflow vulnerability, which eventually results in the heap overflow in jfif_encode() in jfif.c. This is due to the incomplete patch for issue 38 – https://nvd.nist.gov/vuln/detail/CVE-2022-28471 CVE-2022-29339 In GPAC 2.1-DEV-rev87-g053aae8-master, function BS_ReadByte() in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2. – https://nvd.nist.gov/vuln/detail/CVE-2022-29339 CVE-2022-29340 GPAC 2.1-DEV-rev87-g053aae8-master. has a Null Pointer Dereference vulnerability in gf_isom_parse_movie_boxes_internal due to improper return value handling of GF_SKIP_BOX, which causes a Denial of Service. This vulnerability was fixed in commit 37592ad. – https://nvd.nist.gov/vuln/detail/CVE-2022-29340 CVE-2021-42183 MasaCMS 7.2.1 is affected by a path traversal vulnerability in /index.cfm/_api/asset/image/. – https://nvd.nist.gov/vuln/detail/CVE-2021-42183 CVE-2022-1464 Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account . – https://nvd.nist.gov/vuln/detail/CVE-2022-1464 CVE-2022-1516 A NULL pointer dereference flaw was found in the Linux kernel’s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system. – https://nvd.nist.gov/vuln/detail/CVE-2022-1516 CVE-2021-39020 IBM Guardium Data Encryption (GDE) 4.0.0.7 and lower stores sensitive information in URL parameters. This may lead to information disclosure if unauthorized parties have access to the URLs via server logs, referrer header or browser history. IBM X-Force ID: 213855. – https://nvd.nist.gov/vuln/detail/CVE-2021-39020 CVE-2022-22415 A vulnerability exists where an IBM Robotic Process Automation 21.0.1 regular user is able to obtain view-only access to some admin pages in the Control Center IBM X-Force ID: 223029. – https://nvd.nist.gov/vuln/detail/CVE-2022-22415 CVE-2022-22433 IBM Robotic Process Automation 21.0.1 and 21.0.2 is vulnerable to External Service Interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 224156. – https://nvd.nist.gov/vuln/detail/CVE-2022-22433 CVE-2022-22434 IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a user with physical access to create an API request modified to create additional objects. IBM X-Force ID: 224159. – https://nvd.nist.gov/vuln/detail/CVE-2022-22434 CVE-2021-38423 All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. – https://nvd.nist.gov/vuln/detail/CVE-2021-38423 CVE-2021-38425 eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service condition and information exposure. – https://nvd.nist.gov/vuln/detail/CVE-2021-38425 CVE-2021-38427 RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2021-38427 CVE-2021-38429 OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure. – https://nvd.nist.gov/vuln/detail/CVE-2021-38429 CVE-2021-38433 RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2021-38433 CVE-2021-38435 RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow. – https://nvd.nist.gov/vuln/detail/CVE-2021-38435 CVE-2021-38439 All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2021-38439 CVE-2021-38441 Eclipse CycloneDDS versions prior to 0.8.0 are vulnerable to a write-what-where condition, which may allow an attacker to write arbitrary values in the XML parser. – https://nvd.nist.gov/vuln/detail/CVE-2021-38441 CVE-2021-38443 Eclipse CycloneDDS versions prior to 0.8.0 improperly handle invalid structures, which may allow an attacker to write arbitrary values in the XML parser. – https://nvd.nist.gov/vuln/detail/CVE-2021-38443 CVE-2021-38445 OCI OpenDDS versions prior to 3.18.1 do not handle a length parameter consistent with the actual length of the associated data, which may allow an attacker to remotely execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2021-38445 CVE-2021-38447 OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition. – https://nvd.nist.gov/vuln/detail/CVE-2021-38447 CVE-2021-38487 RTI Connext DDS Professional, Connext DDS Secure versions 4.2x to 6.1.0, and Connext DDS Micro versions 2.4 and later are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. – https://nvd.nist.gov/vuln/detail/CVE-2021-38487 CVE-2021-38693 A path traversal vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, QTS, QVR Pro Appliance. If exploited, this vulnerability allows attackers to read the contents of unexpected files and expose sensitive data. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, QTS, QVR Pro Appliance: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later – https://nvd.nist.gov/vuln/detail/CVE-2021-38693 CVE-2021-43547 TwinOaks Computing CoreDX DDS versions prior to 5.9.1 are susceptible to exploitation when an attacker sends a specially crafted packet to flood target devices with unwanted traffic. This may result in a denial-of-service condition and information exposure. – https://nvd.nist.gov/vuln/detail/CVE-2021-43547 CVE-2021-44051 A command injection vulnerability has been reported to affect QNAP NAS running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows remote attackers to run arbitrary commands. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 5.0.0.1986 build 20220324 and later – https://nvd.nist.gov/vuln/detail/CVE-2021-44051 CVE-2021-44052 An improper link resolution before file access (‘Link Following’) vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero, and QTS. If exploited, this vulnerability allows remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero, and QTS: QuTScloud c5.0.1.1998 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTS hero h5.0.0.1986 build 20220324 and later QTS 4.3.4.1976 build 20220303 and later QTS 4.3.3.1945 build 20220303 and later QTS 4.2.6 build 20220304 and later QTS 4.3.6.1965 build 20220302 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later – https://nvd.nist.gov/vuln/detail/CVE-2021-44052 CVE-2021-44053 A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later – https://nvd.nist.gov/vuln/detail/CVE-2021-44053 CVE-2021-44054 An open redirect vulnerability has been reported to affect QNAP device running QuTScloud, QuTS hero and QTS. If exploited, this vulnerability allows attackers to redirect users to an untrusted page that contains malware. We have already fixed this vulnerability in the following versions of QuTScloud, QuTS hero and QTS: QuTScloud c5.0.1.1949 and later QuTS hero h5.0.0.1949 build 20220215 and later QuTS hero h4.5.4.1951 build 20220218 and later QTS 5.0.0.1986 build 20220324 and later QTS 4.5.4.1991 build 20220329 and later – https://nvd.nist.gov/vuln/detail/CVE-2021-44054 CVE-2021-44055 An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later – https://nvd.nist.gov/vuln/detail/CVE-2021-44055 CVE-2021-44056 An improper authentication vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 and later Video Station 5.3.13 and later Video Station 5.1.8 and later – https://nvd.nist.gov/vuln/detail/CVE-2021-44056 CVE-2021-44057 An improper authentication vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows attackers to compromise the security of the system. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.20 ( 2022/02/15 ) and later Photo Station 5.7.16 ( 2022/02/11 ) and later Photo Station 5.4.13 ( 2022/02/11 ) and later – https://nvd.nist.gov/vuln/detail/CVE-2021-44057 CVE-2022-1389 On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP (fixed in 17.0.0), a cross-site request forgery (CSRF) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. This vulnerability allows an attacker to run a limited set of commands: ping, traceroute, and WOM diagnostics. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-1389 CVE-2022-1468 On all versions of 17.0.x, 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x on F5 BIG-IP, an authenticated iControl REST user with at least guest role privileges can cause processing delays to iControl REST requests via undisclosed requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-1468 CVE-2022-25946 On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker with Administrator role privilege may be able to bypass Appliance mode restrictions due to a missing integrity check in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-25946 CVE-2022-25990 On 1.0.x versions prior to 1.0.1, systems running F5OS-A software may expose certain registry ports externally. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-25990 CVE-2022-26071 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a flaw in the way reply ICMP packets are limited in the Traffic Management Microkernel (TMM) allows an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-26071 CVE-2022-26130 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an Active mode-enabled FTP profile is configured on a virtual server, undisclosed traffic can cause the virtual server to stop processing active FTP data channel connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-26130 CVE-2022-26340 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, an authenticated, high-privileged attacker with no bash access may be able to access Certificate and Key files using Secure Copy (SCP) protocol from a remote system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-26340 CVE-2022-26370 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, and 14.1.x versions prior to 14.1.4.6, when a Session Initiation Protocol (SIP) message routing framework (MRF) application layer gateway (ALG) profile is configured on a Message Routing virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-26370 CVE-2022-26372 On F5 BIG-IP 15.1.x versions prior to 15.1.0.2, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when a DNS listener is configured on a virtual server with DNS queueing (default), undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. – https://nvd.nist.gov/vuln/detail/CVE-2022-26372 CVE-2022-26415 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x, when running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-26415 CVE-2022-26517 On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-26517 CVE-2022-26835 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, directory traversal vulnerabilities exist in undisclosed iControl REST endpoints and TMOS Shell (tmsh) commands in F5 BIG-IP Guided Configuration, which may allow an authenticated attacker with at least resource administrator role privileges to read arbitrary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-26835 CVE-2022-26890 On F5 BIG-IP Advanced WAF, ASM, and APM 16.1.x versions prior to 16.1.2.1, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when ASM or Advanced WAF, as well as APM, are configured on a virtual server, the ASM policy is configured with Session Awareness, and the “Use APM Username and Session ID” option is enabled, undisclosed requests can cause the bd process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-26890 CVE-2022-27181 On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when APM is configured on a virtual server and the associated access profile is configured with APM AAA NTLM Auth, undisclosed requests can cause an increase in internal resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27181 CVE-2022-27182 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, when BIG-IP packet filters are enabled and a virtual server is configured with the type set to Reject, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27182 CVE-2022-27189 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27189 CVE-2022-27230 On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP APM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of F5 BIG-IP Guided Configuration that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27230 CVE-2022-27495 On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to the cluster overlay network. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27495 CVE-2022-27588 We have already fixed this vulnerability in the following versions of QVR: QVR 5.1.6 build 20220401 and later – https://nvd.nist.gov/vuln/detail/CVE-2022-27588 CVE-2022-27634 On 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, BIG-IP APM does not properly validate configurations, allowing an authenticated attacker with high privileges to manipulate the APM policy leading to privilege escalation/remote code execution. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27634 CVE-2022-27636 On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27636 CVE-2022-27659 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, an authenticated attacker can modify or delete Dashboards created by other BIG-IP users in the Traffic Management User Interface (TMUI). Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27659 CVE-2022-27662 On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27662 CVE-2022-27806 On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP Advanced WAF, ASM, and ASM, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, when running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing command injection vulnerabilities in undisclosed URIs in F5 BIG-IP Guided Configuration. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27806 CVE-2022-27875 On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27875 CVE-2022-27878 On all versions of 16.1.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x of F5 BIG-IP, and F5 BIG-IP Guided Configuration (GC) all versions prior to 9.0, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27878 CVE-2022-27880 On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-27880 CVE-2022-28079 College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-28079 CVE-2022-28080 Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-28080 CVE-2022-28120 Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server. – https://nvd.nist.gov/vuln/detail/CVE-2022-28120 CVE-2022-28530 Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory. – https://nvd.nist.gov/vuln/detail/CVE-2022-28530 CVE-2022-28533 Sourcecodester Medical Hub Directory Site 1.0 is vulnerable to SQL Injection via /mhds/clinic/view_details.php. – https://nvd.nist.gov/vuln/detail/CVE-2022-28533 CVE-2022-28606 An arbitrary file upload vulnerability exists in Wenzhou Huoyin Information Technology Co., Ltd. BossCMS 1.0, which can be exploited by an attacker to gain control of the server. – https://nvd.nist.gov/vuln/detail/CVE-2022-28606 CVE-2022-28691 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when a Real Time Streaming Protocol (RTSP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28691 CVE-2022-28695 On F5 BIG-IP AFM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, an authenticated attacker with high privileges can upload a maliciously crafted file to the BIG-IP AFM Configuration utility, which allows an attacker to run arbitrary commands. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28695 CVE-2022-28701 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, when the stream profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28701 CVE-2022-28705 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28705 CVE-2022-28706 On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28706 CVE-2022-28707 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28707 CVE-2022-28708 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28708 CVE-2022-28714 On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28714 CVE-2022-28716 On 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP AFM, CGNAT, and PEM Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28716 CVE-2022-28859 On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-28859 CVE-2022-29263 On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, the BIG-IP Edge Client Component Installer Service does not use best practice while saving temporary files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-29263 CVE-2022-29473 On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when an IPSec ALG profile is configured on a virtual server, undisclosed responses can cause Traffic Management Microkernel(TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-29473 CVE-2022-29474 On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-29474 CVE-2022-29479 On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, and F5 BIG-IQ Centralized Management all versions of 8.x and 7.x, when an IPv6 self IP address is configured and the ipv6.strictcompliance database key is enabled (disabled by default) on a BIG-IP system, undisclosed packets may cause decreased performance. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-29479 CVE-2022-29480 On F5 BIG-IP 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when multiple route domains are configured, undisclosed requests to big3d can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-29480 CVE-2022-29491 On F5 BIG-IP LTM, Advanced WAF, ASM, or APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5, 14.1.x versions prior to 14.1.4.6, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a virtual server is configured with HTTP, TCP on one side (client/server), and DTLS on the other (server/client), undisclosed requests can cause the TMM process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated – https://nvd.nist.gov/vuln/detail/CVE-2022-29491 CVE-2022-29500 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Information Disclosure. – https://nvd.nist.gov/vuln/detail/CVE-2022-29500 CVE-2022-29501 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-29501 CVE-2022-29502 SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges. – https://nvd.nist.gov/vuln/detail/CVE-2022-29502 CVE-2022-29592 Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route). – https://nvd.nist.gov/vuln/detail/CVE-2022-29592 CVE-2021-25267 Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. – https://nvd.nist.gov/vuln/detail/CVE-2021-25267 CVE-2021-25268 Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. – https://nvd.nist.gov/vuln/detail/CVE-2021-25268 CVE-2022-25989 An authentication bypass vulnerability exists in the libxm_av.so getpeermac() functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted DHCP packet can lead to authentication bypass. An attacker can DHCP poison to trigger this vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-25989 CVE-2022-26073 A denial of service vulnerability exists in the libxm_av.so DemuxCmdInBuffer functionality of Anker Eufy Homebase 2 2.1.8.5h. A specially-crafted set of network packets can lead to a device reboot. An attacker can send packets to trigger this vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-26073 CVE-2022-28575 It is found that there is a command injection vulnerability in the setopenvpnclientcfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows attackers to execute arbitrary commands through a carefully constructed payload – https://nvd.nist.gov/vuln/detail/CVE-2022-28575 CVE-2022-28577 It is found that there is a command injection vulnerability in the delParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28577 CVE-2022-28578 It is found that there is a command injection vulnerability in the setOpenVpnCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28578 CVE-2022-28579 It is found that there is a command injection vulnerability in the setParentalRules interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28579 CVE-2022-28580 It is found that there is a command injection vulnerability in the setL2tpServerCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28580 CVE-2022-28581 It is found that there is a command injection vulnerability in the setWiFiAdvancedCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28581 CVE-2022-28582 It is found that there is a command injection vulnerability in the setWiFiSignalCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28582 CVE-2022-28583 It is found that there is a command injection vulnerability in the setWiFiWpsCfg interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28583 CVE-2022-28584 It is found that there is a command injection vulnerability in the setWiFiWpsStart interface in TOTOlink A7100RU (v7.4cu.2313_b20191024) router, which allows an attacker to execute arbitrary commands through a carefully constructed payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28584 CVE-2022-27337 A logic error in the Hints::Hints function of Poppler v22.03.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. – https://nvd.nist.gov/vuln/detail/CVE-2022-27337 CVE-2022-27359 Foxit PDF Reader v11.2.1.53537 was discovered to contain a NULL pointer dereference via the component FoxitPDFReader.exe. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PHP file. – https://nvd.nist.gov/vuln/detail/CVE-2022-27359 CVE-2022-27360 SpringBlade v3.2.0 and below was discovered to contain a SQL injection vulnerability via the component customSqlSegment. – https://nvd.nist.gov/vuln/detail/CVE-2022-27360 CVE-2022-27411 TOTOLINK N600R v5.3c.5507_B20171031 was discovered to contain a command injection vulnerability via the QUERY_STRING parameter in the “Main” function. – https://nvd.nist.gov/vuln/detail/CVE-2022-27411 CVE-2022-29176 Rubygems is a package registry used to supply software for the Ruby language ecosystem. Due to a bug in the yank action, it was possible for any RubyGems.org user to remove and replace certain gems even if that user was not authorized to do so. To be vulnerable, a gem needed: one or more dashes in its name creation within 30 days OR no updates for over 100 days At present, we believe this vulnerability has not been exploited. RubyGems.org sends an email to all gem owners when a gem version is published or yanked. We have not received any support emails from gem owners indicating that their gem has been yanked without authorization. An audit of gem changes for the last 18 months did not find any examples of this vulnerability being used in a malicious way. A deeper audit for any possible use of this exploit is ongoing, and we will update this advisory once it is complete. Using Bundler in –frozen or –deployment mode in CI and during deploys, as the Bundler team has always recommended, will guarantee that your application does not silently switch to versions created using this exploit. To audit your application history for possible past exploits, review your Gemfile.lock and look for gems whose platform changed when the version number did not change. For example, gemname-3.1.2 updating to gemname-3.1.2-java could indicate a possible abuse of this vulnerability. RubyGems.org has been patched and is no longer vulnerable to this issue as of the 5th of May 2022. – https://nvd.nist.gov/vuln/detail/CVE-2022-29176 CVE-2022-29166 matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain from replying to messages from untrusted participants in IRC-bridged Matrix rooms. There are no known workarounds for this issue. – https://nvd.nist.gov/vuln/detail/CVE-2022-29166 CVE-2022-29167 Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack – meaning each added character in the attacker’s input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. – https://nvd.nist.gov/vuln/detail/CVE-2022-29167 CVE-2022-29172 Auth0 is an authentication broker that supports both social and enterprise identity providers, including Active Directory, LDAP, Google Apps, and Salesforce. In versions before `11.33.0`, when the “additional signup fieldsâ€? feature [is configured](https://github.com/auth0/lock#additional-sign-up-fields), a malicious actor can inject invalidated HTML code into these additional fields, which is then stored in the service `user_metdata` payload (using the `name` property). Verification emails, when applicable, are generated using this metadata. It is therefor possible for an actor to craft a malicious link by injecting HTML, which is then rendered as the recipient’s name within the delivered email template. You are impacted by this vulnerability if you are using `auth0-lock` version `11.32.2` or lower and are using the “additional signup fieldsâ€? feature in your application. Upgrade to version `11.33.0`. – https://nvd.nist.gov/vuln/detail/CVE-2022-29172 CVE-2022-29173 go-tuf is a Go implementation of The Update Framework (TUF). go-tuf does not correctly implement the client workflow for updating the metadata files for roles other than the root role. Specifically, checks for rollback attacks are not implemented correctly meaning an attacker can cause clients to install software that is older than the software which the client previously knew to be available, and may include software with known vulnerabilities. In more detail, the client code of go-tuf has several issues in regards to preventing rollback attacks: 1. It does not take into account the content of any previously trusted metadata, if available, before proceeding with updating roles other than the root role (i.e., steps 5.4.3.1 and 5.5.5 of the detailed client workflow). This means that any form of version verification done on the newly-downloaded metadata is made using the default value of zero, which always passes. 2. For both timestamp and snapshot roles, go-tuf saves these metadata files as trusted before verifying if the version of the metafiles they refer to is correct (i.e., steps 5.5.4 and 5.6.4 of the detailed client workflow). A fix is available in version 0.3.0 or newer. No workarounds are known for this issue apart from upgrading. – https://nvd.nist.gov/vuln/detail/CVE-2022-29173 CVE-2022-29175 Vyper is a pythonic smart contract language for the ethereum virtual machine. Since version 0.3.2, decimals use the full range of the underlying int168 type. multiplication of 168 bit integers can wrap in 256-bit arithmetic, but safemul does not check for that. This has been patched in v0.3.4. There are no known workarounds for this issue. – https://nvd.nist.gov/vuln/detail/CVE-2022-29175 CVE-2022-29535 Zoho ManageEngine OPManager through 125588 allows SQL Injection via a few default reports. – https://nvd.nist.gov/vuln/detail/CVE-2022-29535 CVE-2022-24817 Flux2 is an open and extensible continuous delivery solution for Kubernetes. Flux2 versions between 0.1.0 and 0.29.0, helm-controller 0.1.0 to v0.19.0, and kustomize-controller 0.1.0 to v0.23.0 are vulnerable to Code Injection via malicious Kubeconfig. In multi-tenancy deployments this can also lead to privilege escalation if the controller’s service account has elevated permissions. Workarounds include disabling functionality via Validating Admission webhooks by restricting users from setting the `spec.kubeConfig` field in Flux `Kustomization` and `HelmRelease` objects. Additional mitigations include applying restrictive AppArmor and SELinux profiles on the controller’s pod to limit what binaries can be executed. This vulnerability is fixed in kustomize-controller v0.23.0 and helm-controller v0.19.0, both included in flux2 v0.29.0 – https://nvd.nist.gov/vuln/detail/CVE-2022-24817 CVE-2022-24884 ecdsautils is a tiny collection of programs used for ECDSA (keygen, sign, verify). `ecdsa_verify_[prepare_]legacy()` does not check whether the signature values `r` and `s` are non-zero. A signature consisting only of zeroes is always considered valid, making it trivial to forge signatures. Requiring multiple signatures from different public keys does not mitigate the issue: `ecdsa_verify_list_legacy()` will accept an arbitrary number of such forged signatures. Both the `ecdsautil verify` CLI command and the libecdsautil library are affected. The issue has been fixed in ecdsautils 0.4.1. All older versions of ecdsautils (including versions before the split into a library and a CLI utility) are vulnerable. – https://nvd.nist.gov/vuln/detail/CVE-2022-24884 CVE-2022-24899 Contao is a powerful open source CMS that allows you to create professional websites and scalable web applications. In versions of Contao prior to 4.13.3 it is possible to inject code into the canonical tag. As a workaround users may disable canonical tags in the root page settings. – https://nvd.nist.gov/vuln/detail/CVE-2022-24899 CVE-2022-24902 TkVideoplayer is a simple library to play video files in tkinter. Uncontrolled memory consumption in versions of TKVideoplayer prior to 2.0.0 can theoretically lead to performance degradation. There are no known workarounds. This issue has been patched and users are advised to upgrade to version 2.0.0 or later. – https://nvd.nist.gov/vuln/detail/CVE-2022-24902 CVE-2022-24903 Rsyslog is a rocket-fast system for log processing. Modules for TCP syslog reception have a potential heap buffer overflow when octet-counted framing is used. This can result in a segfault or some other malfunction. As of our understanding, this vulnerability can not be used for remote code execution. But there may still be a slight chance for experts to do that. The bug occurs when the octet count is read. While there is a check for the maximum number of octets, digits are written to a heap buffer even when the octet count is over the maximum, This can be used to overrun the memory buffer. However, once the sequence of digits stop, no additional characters can be added to the buffer. In our opinion, this makes remote exploits impossible or at least highly complex. Octet-counted framing is one of two potential framing modes. It is relatively uncommon, but enabled by default on receivers. Modules `imtcp`, `imptcp`, `imgssapi`, and `imhttp` are used for regular syslog message reception. It is best practice not to directly expose them to the public. When this practice is followed, the risk is considerably lower. Module `imdiag` is a diagnostics module primarily intended for testbench runs. We do not expect it to be present on any production installation. Octet-counted framing is not very common. Usually, it needs to be specifically enabled at senders. If users do not need it, they can turn it off for the most important modules. This will mitigate the vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-24903 CVE-2022-29161 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module. – https://nvd.nist.gov/vuln/detail/CVE-2022-29161 CVE-2022-29164 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. In affected versions an attacker can create a workflow which produces a HTML artifact containing an HTML file that contains a script which uses XHR calls to interact with the Argo Server API. The attacker emails the deep-link to the artifact to their victim. The victim opens the link, the script starts running. As the script has access to the Argo Server API (as the victim), so may read information about the victim’s workflows, or create and delete workflows. Note the attacker must be an insider: they must have access to the same cluster as the victim and must already be able to run their own workflows. The attacker must have an understanding of the victim’s system. We have seen no evidence of this in the wild. We urge all users to upgrade to the fixed versions. – https://nvd.nist.gov/vuln/detail/CVE-2022-29164 CVE-2022-29171 Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a `callsignCommand`, which is used to obtain the Phabricator metadata for a Gitolite repository. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command arbitrarily and run it remotely. This grants direct access to the infrastructure underlying the Sourcegraph installation. The attack requires: site-admin privileges on the instance of Sourcegraph, Administrative privileges on the bundled Grafana monitoring instance, Knowledge of the gitserver IP address or DNS name (if running in Kubernetes). This can be found through Grafana. The issue is patched in version 3.38.0. You may disable Gitolite code hosts. We still highly encourage upgrading regardless of workarounds. – https://nvd.nist.gov/vuln/detail/CVE-2022-29171 CVE-2021-25745 A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. – https://nvd.nist.gov/vuln/detail/CVE-2021-25745 CVE-2021-25746 A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. – https://nvd.nist.gov/vuln/detail/CVE-2021-25746 CVE-2022-24877 Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to expose sensitive data from the controller’s pod filesystem and possibly privilege escalation in multi-tenancy deployments. Workarounds include automated tooling in the user’s CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-24877 CVE-2022-24878 Flux is an open and extensible continuous delivery solution for Kubernetes. Path Traversal in the kustomize-controller via a malicious `kustomization.yaml` allows an attacker to cause a Denial of Service at the controller level. Workarounds include automated tooling in the user’s CI/CD pipeline to validate `kustomization.yaml` files conform with specific policies. This vulnerability is fixed in kustomize-controller v0.24.0 and included in flux2 v0.29.0. Users are recommended to upgrade. – https://nvd.nist.gov/vuln/detail/CVE-2022-24878 CVE-2022-30293 In WebKitGTK through 2.36.0 (and WPE WebKit), there is a heap-based buffer overflow in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. – https://nvd.nist.gov/vuln/detail/CVE-2022-30293 CVE-2022-30294 In WebKitGTK through 2.36.0 (and WPE WebKit), there is a use-after-free in WebCore::TextureMapperLayer::setContentsLayer in WebCore/platform/graphics/texmap/TextureMapperLayer.cpp. – https://nvd.nist.gov/vuln/detail/CVE-2022-30294 CVE-2022-30295 uClibc-ng through 1.0.40 and uClibc through 0.9.33.2 use predictable DNS transaction IDs that may lead to DNS cache poisoning. This is related to a reset of a value to 0x2. – https://nvd.nist.gov/vuln/detail/CVE-2022-30295 CVE-2022-24823 Netty is an open-source, asynchronous event-driven network application framework. The package `io.netty:netty-codec-http` prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled. This only impacts applications running on Java version 6 and lower. Additionally, this vulnerability impacts code running on Unix-like systems, and very old versions of Mac OSX and Windows as they all share the system temporary directory between all users. Version 4.1.77.Final contains a patch for this vulnerability. As a workaround, specify one’s own `java.io.tmpdir` when starting the JVM or use DefaultHttpDataFactory.setBaseDir(…) to set the directory to something that is only readable by the current user. – https://nvd.nist.gov/vuln/detail/CVE-2022-24823 CVE-2020-19212 SQL Injection vulnerability in admin/group_list.php in piwigo v2.9.5, via the group parameter to delete. – https://nvd.nist.gov/vuln/detail/CVE-2020-19212 CVE-2020-19213 SQL Injection vulnerability in cat_move.php in piwigo v2.9.5, via the selection parameter to move_categories. – https://nvd.nist.gov/vuln/detail/CVE-2020-19213 CVE-2020-19215 SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=user_perm. – https://nvd.nist.gov/vuln/detail/CVE-2020-19215 CVE-2020-19216 SQL Injection vulnerability in admin/user_perm.php in piwigo v2.9.5, via the cat_false parameter to admin.php?page=group_perm. – https://nvd.nist.gov/vuln/detail/CVE-2020-19216 CVE-2020-19217 SQL Injection vulnerability in admin/batch_manager.php in piwigo v2.9.5, via the filter_category parameter to admin.php?page=batch_manager. – https://nvd.nist.gov/vuln/detail/CVE-2020-19217 CVE-2022-28969 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the shareSpeed parameter in the function fromSetWifiGusetBasic. This vulnerability allows attackers to cause a Denial of Service (DoS). – https://nvd.nist.gov/vuln/detail/CVE-2022-28969 CVE-2022-28970 Tenda AX1806 v1.0.0.1 was discovered to contain a heap overflow via the mac parameter in the function GetParentControlInfo. This vulnerability allows attackers to cause a Denial of Service (DoS). – https://nvd.nist.gov/vuln/detail/CVE-2022-28970 CVE-2022-28971 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the list parameter in the function fromSetIpMacBind. This vulnerability allows attackers to cause a Denial of Service (DoS). – https://nvd.nist.gov/vuln/detail/CVE-2022-28971 CVE-2022-28972 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the function form_fast_setting_wifi_set. This vulnerability allows attackers to cause a Denial of Service (DoS). – https://nvd.nist.gov/vuln/detail/CVE-2022-28972 CVE-2022-28973 Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow via the wanMTU parameter in the function fromAdvSetMacMtuWan. This vulnerability allows attackers to cause a Denial of Service (DoS). – https://nvd.nist.gov/vuln/detail/CVE-2022-28973 CVE-2022-28005 An issue was discovered in the 3CX Phone System Management Console prior to version 18 Update 3 FINAL. An unauthenticated attacker could abuse improperly secured access to arbitrary files on the server, leading to cleartext credential disclosure. Afterwards, the authenticated attacker is able to upload a file that overwrites a 3CX service binary, leading to Remote Code Execution as NT AUTHORITY\\SYSTEM on Windows installations. Versions prior to version 18, Hotfix 1 Build 18.0.3.461 March 2022, are prone to an additional unauthenticated file system access to C:\\Windows\\System32. – https://nvd.nist.gov/vuln/detail/CVE-2022-28005 CVE-2021-39023 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 213860. – https://nvd.nist.gov/vuln/detail/CVE-2021-39023 CVE-2021-39027 IBM Guardium Data Encryption (GDE) 4.0.0 and 5.0.0 prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved. IBM X-Force ID: 213865. – https://nvd.nist.gov/vuln/detail/CVE-2021-39027 CVE-2022-21934 Under certain circumstances an authenticated user could lock other users out of the system or take over their accounts in Metasys ADS/ADX/OAS server 10 versions prior to 10.1.5 and Metasys ADS/ADX/OAS server 11 versions prior to 11.0.2. – https://nvd.nist.gov/vuln/detail/CVE-2022-21934 CVE-2022-28163 In Brocade SANnav before Brocade SANnav 2.2.0, multiple endpoints associated with Zone management are susceptible to SQL injection, allowing an attacker to run arbitrary SQL commands. – https://nvd.nist.gov/vuln/detail/CVE-2022-28163 CVE-2022-28164 Brocade SANnav before SANnav 2.2.0 application uses the Blowfish symmetric encryption algorithm for the storage of passwords. This could allow an authenticated attacker to decrypt stored account passwords. – https://nvd.nist.gov/vuln/detail/CVE-2022-28164 CVE-2021-26253 A potential vulnerability in Splunk Enterprise’s implementation of DUO MFA allows for bypassing the MFA verification in Splunk Enterprise versions before 8.1.6. The potential vulnerability impacts Splunk Enterprise instances configured to use DUO MFA and does not impact or affect a DUO product or service. – https://nvd.nist.gov/vuln/detail/CVE-2021-26253 CVE-2021-31559 A crafted request bypasses S2S TCP Token authentication writing arbitrary events to an index in Splunk Enterprise Indexer 8.1 versions before 8.1.5 and 8.2 versions before 8.2.1. The vulnerability impacts Indexers configured to use TCPTokens. It does not impact Universal Forwarders. – https://nvd.nist.gov/vuln/detail/CVE-2021-31559 CVE-2021-33845 The Splunk Enterprise REST API allows enumeration of usernames via the lockout error message. The potential vulnerability impacts Splunk Enterprise instances before 8.1.7 when configured to repress verbose login errors. – https://nvd.nist.gov/vuln/detail/CVE-2021-33845 CVE-2021-36912 Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. – https://nvd.nist.gov/vuln/detail/CVE-2021-36912 CVE-2021-42743 A misconfiguration in the node default path allows for local privilege escalation from a lower privileged user to the Splunk user in Splunk Enterprise versions before 8.1.1 on Windows. – https://nvd.nist.gov/vuln/detail/CVE-2021-42743 CVE-2022-1053 Keylime does not enforce that the agent registrar data is the same when the tenant uses it for validation of the EK and identity quote and the verifier for validating the integrity quote. This allows an attacker to use one AK, EK pair from a real TPM to pass EK validation and give the verifier an AK of a software TPM. A successful attack breaks the entire chain of trust because a not validated AK is used by the verifier. This issue is worse if the validation happens first and then the agent gets added to the verifier because the timing is easier and the verifier does not validate the regcount entry being equal to 1, – https://nvd.nist.gov/vuln/detail/CVE-2022-1053 CVE-2022-26070 When handling a mismatched pre-authentication cookie, the application leaks the internal error message in the response, which contains the Splunk Enterprise local system path. The vulnerability impacts Splunk Enterprise versions before 8.1.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-26070 CVE-2022-26889 The lack of sanitization in a relative url path in a search parameter allows for arbitrary injection of external content in Splunk Enterprise versions before 8.1.2. – https://nvd.nist.gov/vuln/detail/CVE-2022-26889 CVE-2022-27183 The Monitoring Console app configured in Distributed mode allows for a Reflected XSS in a query parameter in Splunk Enterprise versions before 8.1.4. The Monitoring Console app is a bundled app included in Splunk Enterprise, not for download on SplunkBase, and not installed on Splunk Cloud Platform instances. Note that the Cloud Monitoring Console is not impacted. – https://nvd.nist.gov/vuln/detail/CVE-2022-27183 CVE-2022-28165 A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav before 2.2.0 could allow an authenticated, remote attacker to access resources that they should not be able to access and perform actions that they should not be able to perform. The vulnerability exists because restrictions are not performed on Server side to ensure the user has required permission before processing requests. – https://nvd.nist.gov/vuln/detail/CVE-2022-28165 CVE-2022-28507 Dragon Path Technologies Bharti Airtel Routers Hardware BDT-121 version 1.0 is vulnerable to Cross Site Scripting (XSS) via Dragon path router admin page. – https://nvd.nist.gov/vuln/detail/CVE-2022-28507 CVE-2022-28545 FUDforum 3.1.1 is vulnerable to Stored XSS. – https://nvd.nist.gov/vuln/detail/CVE-2022-28545 CVE-2022-29420 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-circle-countdown-before-countdown and &ycd-circle-countdown-after-countdown vulnerable parameters. – https://nvd.nist.gov/vuln/detail/CVE-2022-29420 CVE-2022-29421 Reflected Cross-Site Scripting (XSS) vulnerability in Adam Skaat’s Countdown & Clock plugin on WordPress via &ycd_type vulnerable parameter. – https://nvd.nist.gov/vuln/detail/CVE-2022-29421 CVE-2021-27751 HCL Commerce is affected by an Insufficient Session Expiration vulnerability. After the session expires, in some circumstances, parts of the application are still accessible. – https://nvd.nist.gov/vuln/detail/CVE-2021-27751 CVE-2021-27758 There is a security vulnerability in login form related to Cross-site Request Forgery which prevents user to login after attacker spam to login and system blocked victim’s account. – https://nvd.nist.gov/vuln/detail/CVE-2021-27758 CVE-2021-27759 This vulnerability arises because the application allows the user to perform some sensitive action without verifying that the request was sent intentionally. An attacker can cause a victim’s browser to emit an HTTP request to an arbitrary URL in the application. – https://nvd.nist.gov/vuln/detail/CVE-2021-27759 CVE-2021-27760 An issue was discovered in the Sametime chat feature in the Notes 11.0 – 11.0.1 FP4 clients. An authenticated Sametime chat user could cause Remote Code Execution on another chat client by sending a specially formatted message through chat containing Javascript code. – https://nvd.nist.gov/vuln/detail/CVE-2021-27760 CVE-2021-27761 Weak web transport security (Weak TLS): An attacker may be able to decrypt the data using attacks – https://nvd.nist.gov/vuln/detail/CVE-2021-27761 CVE-2021-27762 Misconfigured security-related HTTP headers: Several security-related headers were missing or mis-configured on the web responses – https://nvd.nist.gov/vuln/detail/CVE-2021-27762 CVE-2021-27764 Cookie without HTTPONLY flag set. NUMBER cookie(s) was set without Secure or HTTPOnly flags. The images show the cookie with the missing flag. (WebUI) – https://nvd.nist.gov/vuln/detail/CVE-2021-27764 CVE-2021-27765 The BigFix Server API installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. – https://nvd.nist.gov/vuln/detail/CVE-2021-27765 CVE-2021-27766 The BigFix Client installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. – https://nvd.nist.gov/vuln/detail/CVE-2021-27766 CVE-2021-27767 The BigFix Console installer is created with InstallShield, which was affected by CVE-2021-41526, a vulnerability that could allow a local user to perform a privilege escalation. This vulnerability was resolved by updating to an InstallShield version with the underlying vulnerability fixed. – https://nvd.nist.gov/vuln/detail/CVE-2021-27767 CVE-2022-23802 Joomla Guru extension 5.2.5 is affected by: Insecure Permissions. The impact is: obtain sensitive information (remote). The component is: Access to private information and components, possibility to view other users’ information. Information disclosure Access to private information and components, possibility to view other users’ information. – https://nvd.nist.gov/vuln/detail/CVE-2022-23802 CVE-2022-24098 Adobe Photoshop versions 22.5.6 (and earlier)and 23.2.2 (and earlier) are affected by an improper input validation vulnerability when parsing a PCX file that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious PCX file. – https://nvd.nist.gov/vuln/detail/CVE-2022-24098 CVE-2022-27909 In Joomla component ‘jDownloads 3.9.8.2 Stable’ the remote user can change some parameters in the address bar and see the names of other users’ files – https://nvd.nist.gov/vuln/detail/CVE-2022-27909 CVE-2022-28278 Adobe Photoshop versions 22.5.6 (and earlier) and 23.2.2 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. – https://nvd.nist.gov/vuln/detail/CVE-2022-28278 CVE-2022-29422 Multiple Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerabilities in Adam Skaat’s Countdown & Clock plugin <= 2.3.2 at WordPress via &ycd-countdown-width, &ycd-progress-height, &ycd-progress-width, &ycd-button-margin-top, &ycd-button-margin-right, &ycd-button-margin-bottom, &ycd-button-margin-left, &ycd-circle-countdown-before-countdown, &ycd-circle-countdown-after-countdown vulnerable parameters. – https://nvd.nist.gov/vuln/detail/CVE-2022-29422 CVE-2022-29423 Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. – https://nvd.nist.gov/vuln/detail/CVE-2022-29423 CVE-2021-23592 The package topthink/framework before 6.0.12 are vulnerable to Deserialization of Untrusted Data due to insecure unserialize method in the Driver class. – https://nvd.nist.gov/vuln/detail/CVE-2021-23592 CVE-2021-23792 The package com.twelvemonkeys.imageio:imageio-metadata before 3.7.1 are vulnerable to XML External Entity (XXE) Injection due to an insecurely initialized XML parser for reading XMP Metadata. An attacker can exploit this vulnerability if they are able to supply a file (e.g. when an online profile picture is processed) with a malicious XMP segment. If the XMP metadata of the uploaded image is parsed, then the XXE vulnerability is triggered. – https://nvd.nist.gov/vuln/detail/CVE-2021-23792 CVE-2022-25324 All versions of package bignum are vulnerable to Denial of Service (DoS) due to a type-check exception in V8, when verifying the type of the second argument to the .powm function, V8 will crash regardless of Node try/catch blocks. – https://nvd.nist.gov/vuln/detail/CVE-2022-25324 CVE-2022-29180 A vulnerability in which attackers could forge HTTP requests to manipulate the `charm` data directory to access or delete anything on the server. This has been patched and is available in release [v0.12.1](https://github.com/charmbracelet/charm/releases/tag/v0.12.1). We recommend that all users running self-hosted `charm` instances update immediately. This vulnerability was found in-house and we haven’t been notified of any potential exploiters. ### Additional notes * Encrypted user data uploaded to the Charm server is safe as Charm servers cannot decrypt user data. This includes filenames, paths, and all key-value data. * Users running the official Charm [Docker images](https://github.com/charmbracelet/charm/blob/main/docker.md) are at minimal risk because the exploit is limited to the containerized filesystem. – https://nvd.nist.gov/vuln/detail/CVE-2022-29180 CVE-2022-30330 In the KeepKey firmware before 7.3.2, the bootloader can be exploited in unusual situations in which the attacker has physical access, convinces the victim to install malicious firmware, or has unspecified other capabilities. lib/board/supervise.c mishandles svhandler_flash_* address range checks. If exploited, any installed malware could persist even after wiping the device and resetting the firmware. – https://nvd.nist.gov/vuln/detail/CVE-2022-30330 CVE-2022-30334 Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises “Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser.” – https://nvd.nist.gov/vuln/detail/CVE-2022-30334 CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution – https://nvd.nist.gov/vuln/detail/CVE-2022-1616 CVE-2018-25033 ADMesh through 0.98.4 has a heap-based buffer over-read in stl_update_connects_remove_1 (called from stl_remove_degenerate) in connect.c in libadmesh.a. – https://nvd.nist.gov/vuln/detail/CVE-2018-25033 CVE-2022-1619 Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution – https://nvd.nist.gov/vuln/detail/CVE-2022-1619 CVE-2022-1620 NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. – https://nvd.nist.gov/vuln/detail/CVE-2022-1620 CVE-2022-28470 marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor. – https://nvd.nist.gov/vuln/detail/CVE-2022-28470 CVE-2022-28463 ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow. – https://nvd.nist.gov/vuln/detail/CVE-2022-28463 CVE-2022-30333 RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected. – https://nvd.nist.gov/vuln/detail/CVE-2022-30333 CVE-2022-30286 pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code. – https://nvd.nist.gov/vuln/detail/CVE-2022-30286 CVE-2022-1631 Users Account Pre-Takeover or Users Account Takeover. in GitHub repository microweber/microweber prior to 1.2.15. Victim Account Take Over. Since, there is no email confirmation, an attacker can easily create an account in the application using the Victim’s Email. This allows an attacker to gain pre-authentication to the victim’s account. Further, due to the lack of proper validation of email coming from Social Login and failing to check if an account already exists, the victim will not identify if an account is already existing. Hence, the attacker’s persistence will remain. An attacker would be able to see all the activities performed by the victim user impacting the confidentiality and attempt to modify/corrupt the data impacting the integrity and availability factor. This attack becomes more interesting when an attacker can register an account from an employee’s email address. Assuming the organization uses G-Suite, it is much more impactful to hijack into an employee’s account. – https://nvd.nist.gov/vuln/detail/CVE-2022-1631 CVE-2022-23332 Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd. ACOM508/ACOM516/ACOM532 609-915-041-100-020 allows a remote attacker to inject arbitrary code via the field. – https://nvd.nist.gov/vuln/detail/CVE-2022-23332 CVE-2022-27224 An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4. An authenticated attacker can perform command injection as root via shell metacharacters within the Network Tools section of the web-management interface. All three networking tools are affected (Ping, Traceroute, and DNS Lookup) and their respective input fields (ping_address, trace_address, nslookup_address). – https://nvd.nist.gov/vuln/detail/CVE-2022-27224 CVE-2019-25060 The WPGraphQL WordPress plugin before 0.3.5 doesn’t properly restrict access to information about other users’ roles on the affected site. Because of this, a remote attacker could forge a GraphQL query to retrieve the account roles of every user on the site. – https://nvd.nist.gov/vuln/detail/CVE-2019-25060 CVE-2021-20479 IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 197498. – https://nvd.nist.gov/vuln/detail/CVE-2021-20479 CVE-2022-0424 The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users – https://nvd.nist.gov/vuln/detail/CVE-2022-0424 CVE-2022-0592 The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users. – https://nvd.nist.gov/vuln/detail/CVE-2022-0592 CVE-2022-0625 The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. – https://nvd.nist.gov/vuln/detail/CVE-2022-0625 CVE-2022-0814 The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections – https://nvd.nist.gov/vuln/detail/CVE-2022-0814 CVE-2022-0817 The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users – https://nvd.nist.gov/vuln/detail/CVE-2022-0817 CVE-2022-0826 The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users – https://nvd.nist.gov/vuln/detail/CVE-2022-0826 CVE-2022-0836 The SEMA API WordPress plugin through 3.64 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users – https://nvd.nist.gov/vuln/detail/CVE-2022-0836 CVE-2022-0874 The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. – https://nvd.nist.gov/vuln/detail/CVE-2022-0874 CVE-2022-0898 The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don’t have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues – https://nvd.nist.gov/vuln/detail/CVE-2022-0898 CVE-2022-0948 The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection – https://nvd.nist.gov/vuln/detail/CVE-2022-0948 CVE-2022-1013 The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-1013 CVE-2022-1047 The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability. – https://nvd.nist.gov/vuln/detail/CVE-2022-1047 CVE-2022-1104 The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed – https://nvd.nist.gov/vuln/detail/CVE-2022-1104 CVE-2022-1171 The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting – https://nvd.nist.gov/vuln/detail/CVE-2022-1171 CVE-2022-1303 The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders’ description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed – https://nvd.nist.gov/vuln/detail/CVE-2022-1303 CVE-2022-1338 The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed – https://nvd.nist.gov/vuln/detail/CVE-2022-1338 CVE-2022-22319 IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue. IBM X-Force ID: 218366. – https://nvd.nist.gov/vuln/detail/CVE-2022-22319 CVE-2022-22481 IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials. By modifying the sign on request, an attacker can gain visibility to the fully qualified domain name of the target system and the navigator tasks page, however they do not gain the ability to perform those tasks on the system or see any specific system data. IBM X-Force ID: 225899. – https://nvd.nist.gov/vuln/detail/CVE-2022-22481 CVE-2022-27114 There is a vulnerability in htmldoc 1.9.16. In image_load_jpeg function image.cxx when it calls malloc,’img->width’ and ‘img->height’ they are large enough to cause an integer overflow. So, the malloc function may return a heap blosmaller than the expected size, and it will cause a buffer overflow/Address boundary error in the jpeg_read_scanlines function. – https://nvd.nist.gov/vuln/detail/CVE-2022-27114 CVE-2022-28161 An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need to have valid user credentials and turn on debug mode. – https://nvd.nist.gov/vuln/detail/CVE-2022-28161 CVE-2022-28162 Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text. – https://nvd.nist.gov/vuln/detail/CVE-2022-28162 CVE-2022-27308 A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title. – https://nvd.nist.gov/vuln/detail/CVE-2022-27308 CVE-2022-27412 Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request. – https://nvd.nist.gov/vuln/detail/CVE-2022-27412 CVE-2022-28738 A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2. If a victim attempts to create a Regexp from untrusted user input, an attacker may be able to write to unexpected memory locations. – https://nvd.nist.gov/vuln/detail/CVE-2022-28738 CVE-2022-28739 There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f. – https://nvd.nist.gov/vuln/detail/CVE-2022-28739 CVE-2022-29933 Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account’s password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor’s position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration). – https://nvd.nist.gov/vuln/detail/CVE-2022-29933 CVE-2022-29971 An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2022-29971 CVE-2022-29972 An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code. – https://nvd.nist.gov/vuln/detail/CVE-2022-29972 CVE-2022-30239 An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code. NOTE: this is different from CVE-2022-29971. – https://nvd.nist.gov/vuln/detail/CVE-2022-30239 CVE-2022-30240 An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code. NOTE: this is different from CVE-2022-29972. – https://nvd.nist.gov/vuln/detail/CVE-2022-30240 CVE-2022-30524 There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. – https://nvd.nist.gov/vuln/detail/CVE-2022-30524 CVE-2022-29868 1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass. Malicious software running on the same computer can exfiltrate secrets from 1Password provided that 1Password is running and is unlocked. Affected secrets include vault items and derived values used for signing in to 1Password. – https://nvd.nist.gov/vuln/detail/CVE-2022-29868 CVE-2022-30335 Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form. Users who supply the application with a SQL injection payload in the User Name textbox could collect all passwords in encrypted format from the Microsoft SQL Server component. – https://nvd.nist.gov/vuln/detail/CVE-2022-30335 CVE-2021-43712 Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. – https://nvd.nist.gov/vuln/detail/CVE-2021-43712 CVE-2022-23704 A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4). The vulnerability could allow remote Denial of Service. The vulnerability is resolved in Integrated Lights-Out 4 (iLO 4) 2.80 and later. – https://nvd.nist.gov/vuln/detail/CVE-2022-23704 CVE-2022-23705 A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array. HPE has made the following software updates to resolve the vulnerability in HPE Nimble Storage: 5.0.10.100 or later, 5.2.1.0 or later, 6.0.0.100 or later. – https://nvd.nist.gov/vuln/detail/CVE-2022-23705 CVE-2021-41545 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). When the controller receives a specific BACnet protocol packet, an exception causes the BACnet communication function to go into a “out of work” state and could result in the controller going into a “factory reset” state. – https://nvd.nist.gov/vuln/detail/CVE-2021-41545 CVE-2021-42581 Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property “__proto__”) as an argument to the function. – https://nvd.nist.gov/vuln/detail/CVE-2021-42581 CVE-2022-24039 A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The “addCell” JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such that it is possible to inject arbitrary content (e.g., XML tags) into the generated file. An attacker with restricted privileges, by poisoning any of the content used to generate XLS reports, could be able to leverage the application to deliver malicious files against higher-privileged users and obtain Remote Code Execution (RCE) against the administrator’s workstation. – https://nvd.nist.gov/vuln/detail/CVE-2022-24039 CVE-2022-24040 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service (DoS) condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account. – https://nvd.nist.gov/vuln/detail/CVE-2022-24040 CVE-2022-24041 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application stores the PBKDF2 derived key of users passwords with a low iteration count. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users. – https://nvd.nist.gov/vuln/detail/CVE-2022-24041 CVE-2022-24042 A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884). The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization. – https://nvd.nist.gov/vuln/detail/CVE-2022-24042 CVE-2021-42645 CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability. To exploit this vulnerability, an attacker must use the “File” parameter to upload a PHP payload to get a reverse shell from the vulnerable host. – https://nvd.nist.gov/vuln/detail/CVE-2021-42645 CVE-2021-43094 An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page. – https://nvd.nist.gov/vuln/detail/CVE-2021-43094 CVE-2022-28110 Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page. – https://nvd.nist.gov/vuln/detail/CVE-2022-28110 CVE-2022-29591 Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow. – https://nvd.nist.gov/vuln/detail/CVE-2022-29591 CVE-2022-1397 API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover. – https://nvd.nist.gov/vuln/detail/CVE-2022-1397 CVE-2022-1537 file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3. This vulnerability is capable of arbitrary file writes which can lead to local privilege escalation to the GruntJS user if a lower-privileged user has write access to both source and destination directories as the lower-privileged user can create a symlink to the GruntJS user’s .bashrc file or replace /etc/shadow file if the GruntJS user is root. – https://nvd.nist.gov/vuln/detail/CVE-2022-1537 CVE-2022-1621 Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution – https://nvd.nist.gov/vuln/detail/CVE-2022-1621 CVE-2022-1629 Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution – https://nvd.nist.gov/vuln/detail/CVE-2022-1629 CVE-2022-28895 A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28895 CVE-2022-28896 A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28896 CVE-2022-28901 A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload. – https://nvd.nist.gov/vuln/detail/CVE-2022-28901 CVE-2022-28905 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName. – https://nvd.nist.gov/vuln/detail/CVE-2022-28905 CVE-2022-28906 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg. – https://nvd.nist.gov/vuln/detail/CVE-2022-28906 CVE-2022-28907 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost. – https://nvd.nist.gov/vuln/detail/CVE-2022-28907 CVE-2022-28908 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg. – https://nvd.nist.gov/vuln/detail/CVE-2022-28908 CVE-2022-28909 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx. – https://nvd.nist.gov/vuln/detail/CVE-2022-28909 CVE-2022-28910 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName. – https://nvd.nist.gov/vuln/detail/CVE-2022-28910 CVE-2022-28911 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate. – https://nvd.nist.gov/vuln/detail/CVE-2022-28911 CVE-2022-28912 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW. – https://nvd.nist.gov/vuln/detail/CVE-2022-28912 CVE-2022-28913 TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting. – https://nvd.nist.gov/vuln/detail/CVE-2022-28913 CVE-2022-28915 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm. – https://nvd.nist.gov/vuln/detail/CVE-2022-28915 CVE-2022-29321 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan. – https://nvd.nist.gov/vuln/detail/CVE-2022-29321 CVE-2022-29322 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip. – https://nvd.nist.gov/vuln/detail/CVE-2022-29322 CVE-2022-29323 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment. – https://nvd.nist.gov/vuln/detail/CVE-2022-29323 CVE-2022-29324 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd. – https://nvd.nist.gov/vuln/detail/CVE-2022-29324 CVE-2022-29325 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter. – https://nvd.nist.gov/vuln/detail/CVE-2022-29325 CVE-2022-29326 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter. – https://nvd.nist.gov/vuln/detail/CVE-2022-29326 CVE-2022-29327 D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel. – https://nvd.nist.gov/vuln/detail/CVE-2022-29327 CVE-2022-29328 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade. – https://nvd.nist.gov/vuln/detail/CVE-2022-29328 CVE-2022-29329 D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings. – https://nvd.nist.gov/vuln/detail/CVE-2022-29329 CVE-2022-26987 TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function. Local users could get remote code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-26987 CVE-2022-26988 TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function. Local users could get remote code execution. – https://nvd.nist.gov/vuln/detail/CVE-2022-26988 CVE-2021-39024 IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213862. – https://nvd.nist.gov/vuln/detail/CVE-2021-39024 CVE-2022-22454 IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. – https://nvd.nist.gov/vuln/detail/CVE-2022-22454 CVE-2022-1649 Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0. It is likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/476.html). – https://nvd.nist.gov/vuln/detail/CVE-2022-1649 CVE-2022-22774 The DOM XML parser and SAX XML parser components of TIBCO Software Inc.’s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Command Center: versions 8.3.1 and below, TIBCO Managed File Transfer Command Center: versions 8.4.0 and 8.4.1, TIBCO Managed File Transfer Internet Server: versions 8.3.1 and below, and TIBCO Managed File Transfer Internet Server: versions 8.4.0 and 8.4.1. – https://nvd.nist.gov/vuln/detail/CVE-2022-22774 CVE-2021-26324 A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs. – https://nvd.nist.gov/vuln/detail/CVE-2021-26324 CVE-2021-26332 Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability. – https://nvd.nist.gov/vuln/detail/CVE-2021-26332 CVE-2021-26352 Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service. – https://nvd.nist.gov/vuln/detail/CVE-2021-26352 CVE-2021-26353 Due to a mishandled error, it is possible to leave the DRTM UApp in a partially initialized state, which can result in unchecked memory writes when the UApp handles subsequent mailbox commands. – https://nvd.nist.gov/vuln/detail/CVE-2021-26353 CVE-2021-26370 Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability. – https://nvd.nist.gov/vuln/detail/CVE-2021-26370 CVE-2021-26390 A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data. – https://nvd.nist.gov/vuln/detail/CVE-2021-26390 CVE-2021-26408 Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest’s integrity or confidentiality. – https://nvd.nist.gov/vuln/detail/CVE-2021-26408 CVE-2021-43010 In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection. Attackers can bypass access to sensitive data. – https://nvd.nist.gov/vuln/detail/CVE-2021-43010 CVE-2021-46771 Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application. – https://nvd.nist.gov/vuln/detail/CVE-2021-46771 CVE-2022-0947 A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration. – https://nvd.nist.gov/vuln/detail/CVE-2022-0947 CVE-2022-23676 A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities. – https://nvd.nist.gov/vuln/detail/CVE-2022-23676 CVE-2022-23677 A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below. Aruba has released upgrades for ArubaOS-Switch Devices that address these security vulnerabilities. – https://nvd.nist.gov/vuln/detail/CVE-2022-23677 CVE-2022-28986 LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts. – https://nvd.nist.gov/vuln/detail/CVE-2022-28986 CVE-2021-39670 In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-204087139 – https://nvd.nist.gov/vuln/detail/CVE-2021-39670 CVE-2021-39700 In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-201645790 – https://nvd.nist.gov/vuln/detail/CVE-2021-39700 CVE-2022-1209 The Ultimate Member plugin for WordPress is vulnerable to open redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1 granted the victim clicks on a social icon on a user’s profile page. – https://nvd.nist.gov/vuln/detail/CVE-2022-1209 CVE-2022-1442 The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3. – https://nvd.nist.gov/vuln/detail/CVE-2022-1442 CVE-2022-1453 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. – https://nvd.nist.gov/vuln/detail/CVE-2022-1453 CVE-2022-1463 The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1. This could be exploited by subscriber-level users and above to call arbitrary PHP objects on a vulnerable site. – https://nvd.nist.gov/vuln/detail/CVE-2022-1463 CVE-2022-1476 The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58. This can be exploited by administrative users, and users who have access to the site’s secret key. – https://nvd.nist.gov/vuln/detail/CVE-2022-1476 CVE-2022-1505 The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. – https://nvd.nist.gov/vuln/detail/CVE-2022-1505 CVE-2022-1567 The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user. This can be used for reflected Cross-Site Scripting in versions up to, and including, 2.0.6. – https://nvd.nist.gov/vuln/detail/CVE-2022-1567 CVE-2022-20004 In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-179699767 – https://nvd.nist.gov/vuln/detail/CVE-2022-20004 CVE-2022-20005 In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK . This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219044664 – https://nvd.nist.gov/vuln/detail/CVE-2022-20005 CVE-2022-20006 In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what’s under the lockscreen due to a race condition. This could lead to local escalation of privilege if a Guest user is enabled, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-151095871 – https://nvd.nist.gov/vuln/detail/CVE-2022-20006 CVE-2022-20007 In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it’s still in the foreground, when it is not, due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211481342 – https://nvd.nist.gov/vuln/detail/CVE-2022-20007 CVE-2022-20008 In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-216481035References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2022-20008 CVE-2022-20009 In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213172319References: Upstream kernel – https://nvd.nist.gov/vuln/detail/CVE-2022-20009 CVE-2022-20010 In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176 – https://nvd.nist.gov/vuln/detail/CVE-2022-20010 CVE-2022-20011 In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-214999128 – https://nvd.nist.gov/vuln/detail/CVE-2022-20011 CVE-2022-20112 In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-206987762 – https://nvd.nist.gov/vuln/detail/CVE-2022-20112 CVE-2022-20113 In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-205996517 – https://nvd.nist.gov/vuln/detail/CVE-2022-20113 CVE-2022-20114 In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-211114016 – https://nvd.nist.gov/vuln/detail/CVE-2022-20114 CVE-2022-20115 In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-210118427 – https://nvd.nist.gov/vuln/detail/CVE-2022-20115 CVE-2022-20116 In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212467440 – https://nvd.nist.gov/vuln/detail/CVE-2022-20116 CVE-2022-27167 Privilege escalation vulnerability in Windows products of ESET, spol. s r.o. allows attacker to exploit “Repair” and “Uninstall” features what may lead to arbitrary file deletion. This issue affects: ESET, spol. s r.o. ESET NOD32 Antivirus 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Internet Security 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Smart Security Premium 11.2 versions prior to 15.1.12.0. ESET, spol. s r.o. ESET Endpoint Antivirus 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Endpoint Security 6.0 versions prior to 9.0.2046.0. ESET, spol. s r.o. ESET Server Security for Microsoft Windows Server 8.0 versions prior to 9.0.12012.0. ESET, spol. s r.o. ESET File Security for Microsoft Windows Server 8.0.12013.0. ESET, spol. s r.o. ESET Mail Security for Microsoft Exchange Server 6.0 versions prior to 8.0.10020.0. ESET, spol. s r.o. ESET Mail Security for IBM Domino 6.0 versions prior to 8.0.14011.0. ESET, spol. s r.o. ESET Security for Microsoft SharePoint Server 6.0 versions prior to 8.0.15009.0. – https://nvd.nist.gov/vuln/detail/CVE-2022-27167 CVE-2022-29391 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8. – https://nvd.nist.gov/vuln/detail/CVE-2022-29391 CVE-2022-29392 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24. – https://nvd.nist.gov/vuln/detail/CVE-2022-29392 CVE-2022-29393 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc. – https://nvd.nist.gov/vuln/detail/CVE-2022-29393 CVE-2022-29394 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448. – https://nvd.nist.gov/vuln/detail/CVE-2022-29394 CVE-2022-29395 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4. – https://nvd.nist.gov/vuln/detail/CVE-2022-29395 CVE-2022-29396 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10. – https://nvd.nist.gov/vuln/detail/CVE-2022-29396 CVE-2022-29397 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8. – https://nvd.nist.gov/vuln/detail/CVE-2022-29397 CVE-2022-29398 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c. – https://nvd.nist.gov/vuln/detail/CVE-2022-29398 CVE-2022-29399 TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0. – https://nvd.nist.gov/vuln/detail/CVE-2022-29399 CVE-2022-30278 A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack. The vulnerability is due to improper validation of user-supplied input to MadCap Flare’s framework embedded within Black Duck Hub’s Help Documentation to supply content. An attacker could exploit this vulnerability by convincing a user to click a link designed to pass malicious input to the interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks and gain access to sensitive browser-based information. – https://nvd.nist.gov/vuln/detail/CVE-2022-30278 CVE-2021-39738 In CarSetings, there is a possible to pair BT device bypassing user’s consent due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-216190509 – https://nvd.nist.gov/vuln/detail/CVE-2021-39738 CVE-2022-0866 This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the org.jboss.as.ejb3.security.RunAsPrincipalInterceptor to keep track of the current identity prior to switching to a new identity created using the RunAs principal. The exploit consist that the EJBComponent#incomingRunAsIdentity field is currently just a SecurityIdentity. This means in a concurrent environment, where multiple users are repeatedly invoking an EJB that is configured with a RunAs principal, it’s possible for the wrong the caller principal to be returned from EJBComponent#getCallerPrincipal. Similarly, it’s also possible for EJBComponent#isCallerInRole to return the wrong value. Both of these methods rely on incomingRunAsIdentity. Affects all versions of JBoss EAP from 7.1.0 and all versions of WildFly 11+ when Elytron is enabled. – https://nvd.nist.gov/vuln/detail/CVE-2022-0866 CVE-2022-1417 Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 8.13 before 14.9.4, and all versions starting from 8.14 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs – https://nvd.nist.gov/vuln/detail/CVE-2022-1417 CVE-2022-1431 An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption. – https://nvd.nist.gov/vuln/detail/CVE-2022-1431 CVE-2022-20117 In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-217475903References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2022-20117 CVE-2022-20118 In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205707793References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2022-20118 CVE-2022-20119 In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-213170715References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2022-20119 CVE-2022-20120 Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2022-20120 CVE-2022-20121 In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-212573046References: N/A – https://nvd.nist.gov/vuln/detail/CVE-2022-20121 CVE-2022-28601 A Two-Factor Authentication (2FA) bypass vulnerability in “Simple 2FA Plugin for Moodle” by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. Therefore, allowing them to bypass the phone verification mechanism. – https://nvd.nist.gov/vuln/detail/CVE-2022-28601

Click Here For The Original Source.


————————————————————————————-

Translate

Arabic Arabic Chinese (Simplified) Chinese (Simplified) Dutch Dutch English English French French German German Italian Italian Portuguese Portuguese Russian Russian Spanish Spanish