Weekly Vulnerabilities Reports > May 9 to 15, 2022

Overview

510 new vulnerabilities reported during this period, including 138 critical vulnerabilities and 186 high severity vulnerabilities. This weekly summary report vulnerabilities in 1785 products from 177 vendors including Intel, AMD, Google, Inhandnetworks, and Totolink. Vulnerabilities are notably categorized as "SQL Injection", "Cross-site Scripting", "Out-of-bounds Write", "OS Command Injection", and "Improper Input Validation".

  • 366 reported vulnerabilities are remotely exploitables.
  • 10 reported vulnerabilities have public exploit available.
  • 185 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 291 reported vulnerabilities are exploitable by an anonymous user.
  • Intel has the most reported vulnerabilities, with 37 reported vulnerabilities.
  • Totolink has the most reported critical vulnerabilities, with 18 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

138 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-05-10 CVE-2021-42645 Cmsimple XH Unrestricted Upload of File with Dangerous Type vulnerability in Cmsimple-Xh Cmsimple XH 1.7.4

CMSimple_XH 1.7.4 is affected by a remote code execution (RCE) vulnerability.

10.0
2022-05-15 CVE-2022-28930 ERP PRO Project SQL Injection vulnerability in Erp-Pro Project Erp-Pro 3.7.5

ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml..

9.8
2022-05-15 CVE-2022-28929 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php.

9.8
2022-05-14 CVE-2022-24831 Openclinica SQL Injection vulnerability in Openclinica 3.14

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM).

9.8
2022-05-14 CVE-2022-24830 Openclinica Path Traversal vulnerability in Openclinica 3.14/3.16/3.16.1

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM).

9.8
2022-05-13 CVE-2022-21190 Mozilla Unspecified vulnerability in Mozilla Convict

This affects the package convict before 6.2.3.

9.8
2022-05-13 CVE-2022-22282 Sonicwall Unspecified vulnerability in Sonicwall products

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability.

9.8
2022-05-13 CVE-2022-25865 Microsoft Argument Injection or Modification vulnerability in Microsoft Workspace-Tools

The package workspace-tools before 0.18.4 are vulnerable to Command Injection via git argument injection.

9.8
2022-05-13 CVE-2022-1715 Facturascripts Unspecified vulnerability in Facturascripts

Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07.

9.8
2022-05-13 CVE-2021-46786 Huawei Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Huawei Emui, Harmonyos and Magic UI

The audio module has a vulnerability in verifying the parameters passed by the application space.Successful exploitation of this vulnerability may cause out-of-bounds memory access.

9.8
2022-05-13 CVE-2022-29794 Huawei Use After Free vulnerability in Huawei Emui and Harmonyos

The frame scheduling module has a Use After Free (UAF) vulnerability.Successful exploitation of this vulnerability will affect data integrity, availability, and confidentiality.

9.8
2022-05-13 CVE-2022-30384 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_inventory.

9.8
2022-05-13 CVE-2022-30385 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_order.

9.8
2022-05-13 CVE-2022-30386 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_featured.

9.8
2022-05-13 CVE-2022-30387 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=pay_order.

9.8
2022-05-13 CVE-2022-30391 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_category.

9.8
2022-05-13 CVE-2022-30392 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_sub_category.

9.8
2022-05-13 CVE-2022-30395 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_cart.

9.8
2022-05-13 CVE-2022-30407 Pharmacy Sales AND Inventory System Project SQL Injection vulnerability in Pharmacy Sales and Inventory System Project Pharmacy Sales and Inventory System 1.0

Pharmacy Sales And Inventory System v1.0 is vulnerable to SQL Injection via /pharmacy-sales-and-inventory-system/manage_user.php?id=.

9.8
2022-05-13 CVE-2022-30413 Covid 19 Travel Pass Management System Project SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=delete_application.

9.8
2022-05-13 CVE-2022-29383 Netgear SQL Injection vulnerability in Netgear Ssl312 Firmware Fvs336Gv2/Fvs336Gv3

NETGEAR ProSafe SSL VPN firmware FVS336Gv2 and FVS336Gv3 was discovered to contain a SQL injection vulnerability via USERDBDomains.Domainname at cgi-bin/platform.cgi.

9.8
2022-05-13 CVE-2022-30370 AIR Cargo Management System Project SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo_type.

9.8
2022-05-13 CVE-2021-42967 Xxyopen Unrestricted Upload of File with Dangerous Type vulnerability in Xxyopen Novel-Plus

Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.

9.8
2022-05-12 CVE-2022-22796 Sysaid Improper Authentication vulnerability in Sysaid

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing to: /wmiwizard.jsp, Then to: /ConcurrentLogin.jsp, then click on the login button, and it will redirect you to /home.jsp without any authentication.

9.8
2022-05-12 CVE-2022-23166 Sysaid Path Traversal vulnerability in Sysaid

Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system by accessing to "/lib/tinymce/examples/index.html" path.

9.8
2022-05-12 CVE-2022-29363 Phpok Deserialization of Untrusted Data vulnerability in PHPok 6.1

Phpok v6.1 was discovered to contain a deserialization vulnerability via the update_f() function in login_control.php.

9.8
2022-05-12 CVE-2022-22413 IBM SQL Injection vulnerability in IBM Robotic Process Automation 21.0.0/21.0.1/21.0.2

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to SQL injection.

9.8
2022-05-12 CVE-2022-29303 Contec OS Command Injection vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00

SolarView Compact ver.6.00 was discovered to contain a command injection vulnerability via conf_mail.php.

9.8
2022-05-12 CVE-2022-29306 Ionizecms SQL Injection vulnerability in Ionizecms Ionize 1.0.8.1

IonizeCMS v1.0.8.1 was discovered to contain a SQL injection vulnerability via the id_page parameter in application/models/article_model.php.

9.8
2022-05-12 CVE-2022-29307 Ionizecms Code Injection vulnerability in Ionizecms Ionize 1.0.8.1

IonizeCMS v1.0.8.1 was discovered to contain a command injection vulnerability via the function copy_lang_content in application/models/lang_model.php.

9.8
2022-05-12 CVE-2022-29738 Money Transfer Management System Project SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=transaction/send&id=, id.

9.8
2022-05-12 CVE-2022-29739 Money Transfer Management System Project SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/admin/?page=user/manage_user&id=.

9.8
2022-05-12 CVE-2022-29741 Money Transfer Management System Project SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_fee.

9.8
2022-05-12 CVE-2022-29745 Money Transfer Management System Project SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0

Money Transfer Management System 1.0 is vulnerable to SQL Injection via \mtms\classes\Master.php?f=delete_transaction.

9.8
2022-05-12 CVE-2022-29746 Money Transfer Management System Project SQL Injection vulnerability in Money Transfer Management System Project Money Transfer Management System 1.0

Money Transfer Management System 1.0 is vulnerable to SQL Injection via /mtms/classes/Users.php?f=delete.

9.8
2022-05-12 CVE-2022-29998 Insurance Management System Project SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=.

9.8
2022-05-12 CVE-2022-29999 Insurance Management System Project SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=.

9.8
2022-05-12 CVE-2022-30000 Insurance Management System Project SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=.

9.8
2022-05-12 CVE-2022-30001 Insurance Management System Project SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=.

9.8
2022-05-12 CVE-2022-29539 Resi OS Command Injection vulnerability in Resi Gemini-Net 4.2

resi-calltrace in RESI Gemini-Net 4.2 is affected by OS Command Injection.

9.8
2022-05-12 CVE-2022-29747 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/manage_invoice&id= // Leak place ---> id.

9.8
2022-05-12 CVE-2022-29748 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via \cms\admin?page=client/manage_client&id=.

9.8
2022-05-12 CVE-2022-29749 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_invoice.

9.8
2022-05-12 CVE-2022-29750 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_service.

9.8
2022-05-12 CVE-2022-29751 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_client.

9.8
2022-05-12 CVE-2022-29979 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Master.php?f=delete_designation.

9.8
2022-05-12 CVE-2022-29980 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=user/manage_user&id=.

9.8
2022-05-12 CVE-2022-29981 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/classes/Users.php?f=delete.

9.8
2022-05-12 CVE-2022-29982 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/maintenance/manage_service.php?id=.

9.8
2022-05-12 CVE-2022-29983 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=invoice/view_invoice&id=.

9.8
2022-05-12 CVE-2022-29984 Simple Client Management System Project SQL Injection vulnerability in Simple Client Management System Project Simple Client Management System 1.0

Simple Client Management System 1.0 is vulnerable to SQL Injection via /cms/admin/?page=client/view_client&id=.

9.8
2022-05-12 CVE-2022-29985 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_category.

9.8
2022-05-12 CVE-2022-29986 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_facility.

9.8
2022-05-12 CVE-2022-29987 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=user/manage_user&id=.

9.8
2022-05-12 CVE-2022-29988 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete.

9.8
2022-05-12 CVE-2022-29989 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via \scbs\classes\Master.php?f=delete_booking.

9.8
2022-05-12 CVE-2022-29990 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/view_category.php?id=.

9.8
2022-05-12 CVE-2022-29992 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/categories/manage_category.php?id=.

9.8
2022-05-12 CVE-2022-29993 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/bookings/view_booking.php?id=.

9.8
2022-05-12 CVE-2022-29994 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=facilities/manage_facility&id=.

9.8
2022-05-12 CVE-2022-29995 Online Sports Complex Booking System Project SQL Injection vulnerability in Online Sports Complex Booking System Project Online Sports Complex Booking System 1.0

Online Sports Complex Booking System 1.0 is vulnerable to SQL Injection via /scbs/admin/?page=clients/manage_client&id=.

9.8
2022-05-12 CVE-2022-30525 Zyxel OS Command Injection vulnerability in Zyxel products

A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 500 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 700 firmware versions 5.00 through 5.21 Patch 1, USG FLEX 50(W) firmware versions 5.10 through 5.21 Patch 1, USG20(W)-VPN firmware versions 5.10 through 5.21 Patch 1, ATP series firmware versions 5.10 through 5.21 Patch 1, VPN series firmware versions 4.60 through 5.21 Patch 1, which could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

9.8
2022-05-12 CVE-2021-42863 Jerryscript Classic Buffer Overflow vulnerability in Jerryscript

A buffer overflow in ecma_builtin_typedarray_prototype_filter() in JerryScript version fe3a5c0 allows an attacker to construct a fake object or a fake arraybuffer with unlimited size.

9.8
2022-05-11 CVE-2022-30592 Litespeedtech NULL Pointer Dereference vulnerability in Litespeedtech Lsquic

liblsquic/lsquic_qenc_hdl.c in LiteSpeed QUIC (aka LSQUIC) before 3.1.0 mishandles MAX_TABLE_CAPACITY.

9.8
2022-05-11 CVE-2022-29596 Microstrategy Path Traversal vulnerability in Microstrategy Enterprise Manager 2022

MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure and then entering the Uid=/../../../../../../../../../../../windows/win.ini%00.jpg&Pwd=_any_password_&ConnMode=1&3054=Login substring for directory traversal.

9.8
2022-05-11 CVE-2022-30063 Ftcms Unspecified vulnerability in Ftcms 2.1

ftcms <=2.1 was discovered to be vulnerable to code execution attacks .

9.8
2022-05-11 CVE-2022-30448 Hospital Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Hospital Management System Project Hospital Management System 1.0

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a File upload vulnerability in treatmentrecord.php.

9.8
2022-05-11 CVE-2022-30449 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.

9.8
2022-05-11 CVE-2022-30450 Waimairencms Project Unspecified vulnerability in Waimairencms Project Waimairencms 9.1

A Remote Code Execution (RCE) vulnerability exists in waimairen 9.1 via wx.php

9.8
2022-05-11 CVE-2021-33315 Trendnet Improper Input Validation vulnerability in Trendnet products

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability.

9.8
2022-05-11 CVE-2021-33316 Trendnet Improper Input Validation vulnerability in Trendnet products

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from an integer underflow vulnerability.

9.8
2022-05-11 CVE-2021-34085 Glensawyer Out-of-bounds Read vulnerability in Glensawyer Mp3Gain

Read access violation in the III_dequantize_sample function in mpglibDBL/layer3.c in mp3gain through 1.5.2-r2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact, a different vulnerability than CVE-2017-9872.

9.8
2022-05-11 CVE-2022-30047 Mingsoft SQL Injection vulnerability in Mingsoft Mcms 5.2.7

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.

9.8
2022-05-11 CVE-2022-30048 Mingsoft SQL Injection vulnerability in Mingsoft Mcms 5.2.7

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.

9.8
2022-05-11 CVE-2022-30453 Shopwind Unspecified vulnerability in Shopwind

ShopWind <= 3.4.2 has a RCE vulnerability in Database.php

9.8
2022-05-11 CVE-2021-38969 IBM Use of Hard-coded Credentials vulnerability in IBM Spectrum Virtualize 8.2.0.0/8.3.0.0/8.4.0.0

IBM Spectrum Virtualize 8.2, 8.3, and 8.4 could allow an attacker to allow unauthorized access due to the reuse of support generated credentials.

9.8
2022-05-11 CVE-2022-29006 Phpgurukul SQL Injection vulnerability in PHPgurukul Directory Management System 1.0

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.

9.8
2022-05-11 CVE-2022-29007 Phpgurukul SQL Injection vulnerability in PHPgurukul Dairy Farm Shop Management System 1.0

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.

9.8
2022-05-11 CVE-2022-29009 Phpgurukul SQL Injection vulnerability in PHPgurukul Cyber Cafe Management System 1.0

Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.

9.8
2022-05-11 CVE-2022-29316 Complete Online JOB Search System Project SQL Injection vulnerability in Complete Online JOB Search System Project Complete Online JOB Search System 1.0

Complete Online Job Search System v1.0 was discovered to contain a SQL injection vulnerability via /eris/index.php?q=result&searchfor=advancesearch.

9.8
2022-05-11 CVE-2022-29317 Simple BUS Ticket Booking System Project SQL Injection vulnerability in Simple BUS Ticket Booking System Project Simple BUS Ticket Booking System 1.0

Simple Bus Ticket Booking System v1.0 was discovered to contain multiple SQL injection vulnerbilities via the username and password parameters at /assets/partials/_handleLogin.php.

9.8
2022-05-11 CVE-2022-29656 Wedding Management System Project SQL Injection vulnerability in Wedding Management System Project Wedding Management System 1.0

Wedding Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /Wedding-Management/package_detail.php.

9.8
2022-05-10 CVE-2022-20120 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-203213034References: N/A

9.8
2022-05-10 CVE-2022-29391 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004200c8.

9.8
2022-05-10 CVE-2022-29392 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418c24.

9.8
2022-05-10 CVE-2022-29393 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004192cc.

9.8
2022-05-10 CVE-2022-29394 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the macAddress parameter in the function FUN_0041b448.

9.8
2022-05-10 CVE-2022-29395 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the apcliKey parameter in the function FUN_0041bac4.

9.8
2022-05-10 CVE-2022-29396 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_00418f10.

9.8
2022-05-10 CVE-2022-29397 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the comment parameter in the function FUN_004196c8.

9.8
2022-05-10 CVE-2022-29398 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the File parameter in the function FUN_0041309c.

9.8
2022-05-10 CVE-2022-29399 Totolink Out-of-bounds Write vulnerability in Totolink N600R Firmware 4.3.0Cu.7647B20210106

TOTOLINK N600R V4.3.0cu.7647_B20210106 was discovered to contain a stack overflow via the url parameter in the function FUN_00415bf0.

9.8
2022-05-10 CVE-2022-0947 ABB Improper Initialization vulnerability in ABB products

A vulnerability in ABB ARG600 Wireless Gateway series that could allow an attacker to exploit the vulnerability by remotely connecting to the serial port gateway, and/or protocol converter, depending on the configuration.

9.8
2022-05-10 CVE-2022-23676 Arubanetworks Out-of-bounds Write vulnerability in Arubanetworks products

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below.

9.8
2022-05-10 CVE-2022-28895 Dlink OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06

A command injection vulnerability in the component /setnetworksettings/IPAddress of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.

9.8
2022-05-10 CVE-2022-28896 Dlink OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06

A command injection vulnerability in the component /setnetworksettings/SubnetMask of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.

9.8
2022-05-10 CVE-2022-28901 Dlink OS Command Injection vulnerability in Dlink Dir-882 Firmware 1.30B06

A command injection vulnerability in the component /SetTriggerLEDBlink/Blink of D-Link DIR882 DIR882A1_FW130B06 allows attackers to escalate privileges to root via a crafted payload.

9.8
2022-05-10 CVE-2022-28905 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicemac parameter in /setting/setDeviceName.

9.8
2022-05-10 CVE-2022-28906 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the langtype parameter in /setting/setLanguageCfg.

9.8
2022-05-10 CVE-2022-28907 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the hosttime function in /setting/NTPSyncWithHost.

9.8
2022-05-10 CVE-2022-28908 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the ipdoamin parameter in /setting/setDiagnosisCfg.

9.8
2022-05-10 CVE-2022-28909 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the webwlanidx parameter in /setting/setWebWlanIdx.

9.8
2022-05-10 CVE-2022-28910 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the devicename parameter in /setting/setDeviceName.

9.8
2022-05-10 CVE-2022-28911 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/CloudACMunualUpdate.

9.8
2022-05-10 CVE-2022-28912 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUpgradeFW.

9.8
2022-05-10 CVE-2022-28913 Totolink OS Command Injection vulnerability in Totolink N600R Firmware 5.3C.7159B20190425

TOTOLink N600R V5.3c.7159_B20190425 was discovered to contain a command injection vulnerability via the filename parameter in /setting/setUploadSetting.

9.8
2022-05-10 CVE-2022-28915 Dlink OS Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a command injection vulnerability via the admuser and admpass parameters in /goform/setSysAdm.

9.8
2022-05-10 CVE-2022-29321 Dlink Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the lanip parameter in /goform/setNetworkLan.

9.8
2022-05-10 CVE-2022-29322 Dlink Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the IPADDR and nvmacaddr parameters in /goform/form2Dhcpip.

9.8
2022-05-10 CVE-2022-29323 Dlink Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the MAC parameter in /goform/editassignment.

9.8
2022-05-10 CVE-2022-29324 Dlink Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the proto parameter in /goform/form2IPQoSTcAdd.

9.8
2022-05-10 CVE-2022-29325 Dlink Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addurlfilter parameter in /goform/websURLFilter.

9.8
2022-05-10 CVE-2022-29326 Dlink Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the addhostfilter parameter in /goform/websHostFilter.

9.8
2022-05-10 CVE-2022-29327 Dlink Out-of-bounds Write vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-Link DIR-816 A2_v1.10CNB04 was discovered to contain a stack overflow via the urladd parameter in /goform/websURLFilterAddDel.

9.8
2022-05-10 CVE-2022-29328 Dlink Out-of-bounds Write vulnerability in Dlink Dap-1330 Firmware 1.00.B21

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a stack overflow via the function checkvalidupgrade.

9.8
2022-05-10 CVE-2022-29329 Dlink Out-of-bounds Write vulnerability in Dlink Dap-1330 Firmware 1.00.B21

D-Link DAP-1330_OSS-firmware_1.00b21 was discovered to contain a heap overflow via the devicename parameter in /goform/setDeviceSettings.

9.8
2022-05-10 CVE-2021-43094 Openmrs SQL Injection vulnerability in Openmrs

An SQL Injection vulnerability exists in OpenMRS Reference Application Standalone Edition <=2.11 and Platform Standalone Edition <=2.4.0 via GET requests on arbitrary parameters in patient.page.

9.8
2022-05-10 CVE-2022-28110 Hotel Management System Project SQL Injection vulnerability in Hotel Management System Project Hotel Management System 1.0

Hotel Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at the login page.

9.8
2022-05-10 CVE-2022-29591 Tenda Classic Buffer Overflow vulnerability in Tenda TX9 PRO Firmware 22.03.02.10

Tenda TX9 Pro 22.03.02.10 devices have a SetNetControlList buffer overflow.

9.8
2022-05-09 CVE-2022-30335 Wealth SQL Injection vulnerability in Wealth Bonanza Wealth Management System 7.3.2

Bonanza Wealth Management System (BWM) 7.3.2 allows SQL injection via the login form.

9.8
2022-05-09 CVE-2022-27412 Exploreit SQL Injection vulnerability in Exploreit Explore CMS 1.0

Explore CMS v1.0 was discovered to contain a SQL injection vulnerability via a /page.php?id= request.

9.8
2022-05-09 CVE-2022-28738 Ruby Lang Double Free vulnerability in Ruby-Lang Ruby

A double free was found in the Regexp compiler in Ruby 3.x before 3.0.4 and 3.1.x before 3.1.2.

9.8
2022-05-09 CVE-2022-0592 Mapsvg Unspecified vulnerability in Mapsvg

The MapSVG WordPress plugin before 6.2.20 does not validate and escape a parameter via a REST endpoint before using it in a SQL statement, leading to a SQL Injection exploitable by unauthenticated users.

9.8
2022-05-09 CVE-2022-0814 Ubigeo DE Peru Para Woocommerce Project SQL Injection vulnerability in Ubigeo DE Peru Para Woocommerce Project Ubigeo DE Peru Para Woocommerce

The Ubigeo de Perú para Woocommerce WordPress plugin before 3.6.4 does not properly sanitise and escape some parameters before using them in SQL statements via various AJAX actions, some of which are available to unauthenticated users, leading to SQL Injections

9.8
2022-05-09 CVE-2022-0817 Badgeos Unspecified vulnerability in Badgeos

The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

9.8
2022-05-09 CVE-2022-0826 WP Video Gallery Free Project Unspecified vulnerability in Wp-Video-Gallery-Free Project Wp-Video-Gallery-Free

The WP Video Gallery WordPress plugin through 1.7.1 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users

9.8
2022-05-09 CVE-2022-0836 Semadatacoop Unspecified vulnerability in Semadatacoop Sema API

The SEMA API WordPress plugin before 4.02 does not properly sanitise and escape some parameters before using them in SQL statements via an AJAX action, leading to SQL Injections exploitable by unauthenticated users

9.8
2022-05-09 CVE-2022-0948 Pluginbazaar Unspecified vulnerability in Pluginbazaar Order Listener for Woocommerce

The Order Listener for WooCommerce WordPress plugin before 3.2.2 does not sanitise and escape the id parameter before using it in a SQL statement via a REST route available to unauthenticated users, leading to an SQL injection

9.8
2022-05-09 CVE-2022-1013 AYS PRO Unspecified vulnerability in Ays-Pro Personal Dictionary

The Personal Dictionary WordPress plugin before 1.3.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to a blind SQL injection vulnerability.

9.8
2022-05-12 CVE-2022-1650 Eventsource
Debian
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
9.3
2022-05-14 CVE-2022-1379 Plantuml
Fedoraproject
Server-Side Request Forgery (SSRF) vulnerability in multiple products

URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5.

9.1
2022-05-13 CVE-2022-22260 Huawei Use After Free vulnerability in Huawei Emui and Harmonyos

The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability.

9.1
2022-05-13 CVE-2022-25591 Blogengine Path Traversal vulnerability in Blogengine Blogengine.Net 3.3.8.0

BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request.

9.1
2022-05-11 CVE-2021-42646 Wso2 XXE vulnerability in Wso2 products

XML External Entity (XXE) vulnerability in the file based service provider creation feature of the Management Console in WSO2 API Manager 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; and WSO2 IS as Key Manager 5.7.0, 5.9.0, and 5.10.0; and WSO2 Identity Server 5.7.0, 5.8.0, 5.9.0, 5.10.0, and 5.11.0.

9.1
2022-05-10 CVE-2022-22774 Tibco XXE vulnerability in Tibco products

The DOM XML parser and SAX XML parser components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, and TIBCO Managed File Transfer Internet Server contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute XML External Entity (XXE) attacks on the affected system.

9.1
2022-05-10 CVE-2021-42581 Ramdajs Unspecified vulnerability in Ramdajs Ramda

Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function.

9.1
2022-05-10 CVE-2022-24042 Siemens Insufficient Session Expiration vulnerability in Siemens products

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).

9.1
2022-05-10 CVE-2022-24039 Siemens Unspecified vulnerability in Siemens Desigo Pxc4 Firmware and Desigo Pxc5 Firmware

A vulnerability has been identified in Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).

9.0

186 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-05-15 CVE-2021-41965 Churchcrm SQL Injection vulnerability in Churchcrm

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized EN_tyid, theID and EID fields used when an Edit action on an existing record is being performed.

8.8
2022-05-15 CVE-2022-30708 Webmin Unspecified vulnerability in Webmin

Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin).

8.8
2022-05-13 CVE-2021-42969 Anaconda OS Command Injection vulnerability in Anaconda Anaconda3 2021.05

Certain Anaconda3 2021.05 are affected by OS command injection.

8.8
2022-05-12 CVE-2021-27770 Hcltech Unspecified vulnerability in Hcltech Sametime 11.6

The vulnerability was discovered within the “FaviconService”.

8.8
2022-05-12 CVE-2022-22798 Sysaid Unspecified vulnerability in Sysaid 21.1.30/21.4.45

Sysaid – Pro Plus Edition, SysAid Help Desk Broken Access Control v20.4.74 b10, v22.1.20 b62, v22.1.30 b49 - An attacker needs to log in as a guest after that the system redirects him to the service portal or EndUserPortal.JSP, then he needs to change the path in the URL to /ConcurrentLogin%2ejsp after that he will receive an error message with a login button, by clicking on it, he will connect to the system dashboard.

8.8
2022-05-12 CVE-2022-23139 ZTE Incorrect Authorization vulnerability in ZTE Zxmp M721 Firmware 5.10.030.006

ZTE's ZXMP M721 product has a permission and access control vulnerability.

8.8
2022-05-12 CVE-2022-21182 Inhandnetworks Unspecified vulnerability in Inhandnetworks Inrouter302 Firmware 3.5.4

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4.

8.8
2022-05-12 CVE-2022-25995 Inhandnetworks Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.4

A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4.

8.8
2022-05-12 CVE-2022-26042 Inhandnetworks OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4.

8.8
2022-05-12 CVE-2022-26075 Inhandnetworks OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37

An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37.

8.8
2022-05-12 CVE-2022-26085 Inhandnetworks OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37

An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4.

8.8
2022-05-12 CVE-2022-26420 Inhandnetworks OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37

An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37.

8.8
2022-05-12 CVE-2022-26518 Inhandnetworks OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37

An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37.

8.8
2022-05-12 CVE-2022-26780 Inhandnetworks Improper Input Validation vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4.

8.8
2022-05-12 CVE-2022-26781 Inhandnetworks Out-of-bounds Write vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4.

8.8
2022-05-12 CVE-2022-26782 Inhandnetworks Out-of-bounds Write vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4.

8.8
2022-05-12 CVE-2022-27172 Inhandnetworks Use of Hard-coded Credentials vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37.

8.8
2022-05-12 CVE-2022-28872 F Secure Unspecified vulnerability in F-Secure Safe

A vulnerability affecting F-Secure SAFE browser was discovered.

8.8
2022-05-11 CVE-2022-30451 Waimairencms Project SQL Injection vulnerability in Waimairencms Project Waimairencms 9.1

An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1.

8.8
2022-05-11 CVE-2022-30060 Ftcms Unspecified vulnerability in Ftcms 2.1

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Write via admin/controllers/tp.php

8.8
2022-05-11 CVE-2021-42651 Pentest Collaboration Framework Project Code Injection vulnerability in Pentest Collaboration Framework Project Pentest Collaboration Framework 1.0.8

A Server Side Template Injection (SSTI) vulnerability in Pentest-Collaboration-Framework v1.0.8 allows an authenticated remote attacker to execute arbitrary code through /project/PROJECTNAME/reports/.

8.8
2022-05-11 CVE-2022-29611 SAP Unspecified vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

8.8
2022-05-11 CVE-2022-26116 Fortinet SQL Injection vulnerability in Fortinet Fortinac

Multiple improper neutralization of special elements used in SQL commands ('SQL Injection') vulnerability [CWE-89] in FortiNAC version 8.3.7 and below, 8.5.2 and below, 8.5.4, 8.6.0, 8.6.5 and below, 8.7.6 and below, 8.8.11 and below, 9.1.5 and below, 9.2.2 and below may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted strings parameters.

8.8
2022-05-10 CVE-2022-26927 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Remote Code Execution Vulnerability

8.8
2022-05-10 CVE-2022-1463 Booking Calendar Project Unspecified vulnerability in Booking Calendar Project Booking Calendar

The Booking Calendar plugin for WordPress is vulnerable to PHP Object Injection via the [bookingflextimeline] shortcode in versions up to, and including, 9.1.

8.8
2022-05-10 CVE-2022-1397 Easyappointments Improper Privilege Management vulnerability in Easyappointments

API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

8.8
2022-05-09 CVE-2022-29933 Craftcms Weak Password Recovery Mechanism for Forgotten Password vulnerability in Craftcms Craft CMS

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality.

8.8
2022-05-09 CVE-2022-1631 Microweber Incorrect Authorization vulnerability in Microweber

Users Account Pre-Takeover or Users Account Takeover.

8.8
2022-05-09 CVE-2022-23332 Ejointech Code Injection vulnerability in Ejointech products

Command injection vulnerability in Manual Ping Form (Web UI) in Shenzhen Ejoin Information Technology Co., Ltd.

8.8
2022-05-13 CVE-2021-22275 BR Automation Classic Buffer Overflow vulnerability in Br-Automation Automation Runtime

Buffer Overflow vulnerability in B&R Automation Runtime webserver allows an unauthenticated network-based attacker to stop the cyclic program on the device and cause a denial of service.

8.6
2022-05-13 CVE-2022-25762 Apache
Oracle
Improper Resource Shutdown or Release vulnerability in multiple products

If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache Tomcat 8.5.0 to 8.5.75 or Apache Tomcat 9.0.0.M1 to 9.0.20, it is possible that the application will continue to use the socket after it has been closed.

8.6
2022-05-13 CVE-2020-22983 Microstrategy Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web

A Server-Side Request Forgery (SSRF) vulnerability exists in MicroStrategy Web SDK 11.1 and earlier, allows remote unauthenticated attackers to conduct a server-side request forgery (SSRF) attack via the srcURL parameter to the shortURL task.

8.1
2022-05-12 CVE-2022-21809 Inhandnetworks Unrestricted Upload of File with Dangerous Type vulnerability in Inhandnetworks Inrouter302 Firmware 3.5.37/3.5.4

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4.

8.1
2022-05-10 CVE-2022-23677 Arubanetworks Out-of-bounds Write vulnerability in Arubanetworks products

A remote execution of arbitrary code vulnerability was discovered in ArubaOS-Switch Devices version(s): ArubaOS-Switch 15.xx.xxxx: All versions; ArubaOS-Switch 16.01.xxxx: All versions; ArubaOS-Switch 16.02.xxxx: K.16.02.0033 and below; ArubaOS-Switch 16.03.xxxx: All versions; ArubaOS-Switch 16.04.xxxx: All versions; ArubaOS-Switch 16.05.xxxx: All versions; ArubaOS-Switch 16.06.xxxx: All versions; ArubaOS-Switch 16.07.xxxx: All versions; ArubaOS-Switch 16.08.xxxx: KB/WB/WC/YA/YB/YC.16.08.0024 and below; ArubaOS-Switch 16.09.xxxx: KB/WB/WC/YA/YB/YC.16.09.0019 and below; ArubaOS-Switch 16.10.xxxx: KB/WB/WC/YA/YB/YC.16.10.0019 and below; ArubaOS-Switch 16.11.xxxx: KB/WB/WC/YA/YB/YC.16.11.0003 and below.

8.1
2022-05-12 CVE-2021-0126 Intel Improper Input Validation vulnerability in Intel Manageability Commander

Improper input validation for the Intel(R) Manageability Commander before version 2.2 may allow an authenticated user to potentially enable escalation of privilege via adjacent access.

8.0
2022-05-13 CVE-2022-22281 Sonicwall Classic Buffer Overflow vulnerability in Sonicwall Netextender

A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system.

7.8
2022-05-13 CVE-2022-28826 Adobe Out-of-bounds Write vulnerability in Adobe Framemaker

Adobe Framemaker versions 2029u8 (and earlier) and 2020u4 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-05-12 CVE-2022-23742 Checkpoint Link Following vulnerability in Checkpoint Endpoint Security

Check Point Endpoint Security Client for Windows versions earlier than E86.40 copy files for forensics reports from a directory with low privileges.

7.8
2022-05-12 CVE-2021-26317 AMD Unspecified vulnerability in AMD products

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution.

7.8
2022-05-12 CVE-2021-26386 AMD Out-of-bounds Write vulnerability in AMD products

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call to the Stage 2 Bootloader potentially leading to corrupt memory and code execution.

7.8
2022-05-12 CVE-2021-26369 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products

A malicious or compromised UApp or ABL may be used by an attacker to send a malformed system call to the bootloader, resulting in out-of-bounds memory accesses.

7.8
2022-05-12 CVE-2021-0153 Intel Out-of-bounds Write vulnerability in Intel products

Out-of-bounds write in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

7.8
2022-05-12 CVE-2021-0154 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

7.8
2022-05-12 CVE-2021-0159 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

7.8
2022-05-12 CVE-2021-0188 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Return of pointer value outside of expected range in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

7.8
2022-05-12 CVE-2021-0189 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Use of out-of-range pointer offset in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

7.8
2022-05-12 CVE-2021-0190 Intel Improper Handling of Exceptional Conditions vulnerability in Intel products

Uncaught exception in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

7.8
2022-05-12 CVE-2021-26258 Intel Unspecified vulnerability in Intel Killer Control Center

Improper access control for the Intel(R) Killer(TM) Control Center software before version 2.4.3337.0 may allow an authorized user to potentially enable escalation of privilege via local access.

7.8
2022-05-12 CVE-2021-33122 Intel Unspecified vulnerability in Intel products

Insufficient control flow management in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

7.8
2022-05-12 CVE-2021-33123 Intel Unspecified vulnerability in Intel products

Improper access control in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

7.8
2022-05-12 CVE-2021-40399 WPS Use After Free vulnerability in WPS Office 11.2.0.10351

An exploitable use-after-free vulnerability exists in WPS Spreadsheets ( ET ) as part of WPS Office, version 11.2.0.10351.

7.8
2022-05-12 CVE-2022-21128 Intel Unspecified vulnerability in Intel Advisor

Insufficient control flow management in the Intel(R) Advisor software before version 7.6.0.37 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.8
2022-05-12 CVE-2022-30594 Linux
Debian
Netapp
Missing Authorization vulnerability in multiple products

The Linux kernel before 5.17.2 mishandles seccomp permissions.

7.8
2022-05-11 CVE-2022-24102 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 20.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-05-11 CVE-2022-27794 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by the use of a variable that has not been initialized when processing of embedded fonts, potentially resulting in arbitrary code execution in the context of the current user.

7.8
2022-05-11 CVE-2022-28236 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

7.8
2022-05-11 CVE-2021-43066 Fortinet Exposure of Resource to Wrong Sphere vulnerability in Fortinet Forticlient

A external control of file name or path in Fortinet FortiClientWindows version 7.0.2 and below, version 6.4.6 and below, version 6.2.9 and below, version 6.0.10 and below allows attacker to escalate privilege via the MSI installer.

7.8
2022-05-11 CVE-2022-23743 Checkpoint Incorrect Permission Assignment for Critical Resource vulnerability in Checkpoint Zonealarm

Check Point ZoneAlarm before version 15.8.200.19118 allows a local actor to escalate privileges during the upgrade process.

7.8
2022-05-11 CVE-2021-37851 Eset Improper Handling of Exceptional Conditions vulnerability in Eset products

Local privilege escalation in Windows products of ESET allows user who is logged into the system to exploit repair feature of the installer to run malicious code with higher privileges.

7.8
2022-05-11 CVE-2022-28214 SAP Unspecified vulnerability in SAP products

During an update of SAP BusinessObjects Enterprise, Central Management Server (CMS) - versions 420, 430, authentication credentials are being exposed in Sysmon event logs.

7.8
2022-05-10 CVE-2021-39738 Google Missing Authorization vulnerability in Google Android

In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing permission check.

7.8
2022-05-10 CVE-2022-29105 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Windows Media Foundation Remote Code Execution Vulnerability

7.8
2022-05-10 CVE-2022-29148 Microsoft Unspecified vulnerability in Microsoft Visual Studio 2017

Visual Studio Remote Code Execution Vulnerability

7.8
2022-05-10 CVE-2022-20004 Google Missing Authorization vulnerability in Google Android

In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation.

7.8
2022-05-10 CVE-2022-20005 Google Unspecified vulnerability in Google Android

In validateApkInstallLocked of PackageInstallerSession.java, there is a way to force a mismatch between running code and a parsed APK .

7.8
2022-05-10 CVE-2022-20113 Google Unspecified vulnerability in Google Android 12.0/12.1

In mPreference of DefaultUsbConfigurationPreferenceController.java, there is a possible way to enable file transfer mode due to a logic error in the code.

7.8
2022-05-10 CVE-2022-20114 Google Improper Privilege Management vulnerability in Google Android

In placeCall of TelecomManager.java, there is a possible way for an application to keep itself running with foreground service importance due to a permissions bypass.

7.8
2022-05-10 CVE-2022-20116 Google Unspecified vulnerability in Google Android 12.0/12.1

In onEntryUpdated of OngoingCallController.kt, it is possible to launch non-exported activities due to intent redirection.

7.8
2022-05-10 CVE-2021-26324 AMD Unspecified vulnerability in AMD products

A bug with the SEV-ES TMR may lead to a potential loss of memory integrity for SNP-active VMs.

7.8
2022-05-10 CVE-2021-26353 AMD Improper Initialization vulnerability in AMD products

Failure to validate inputs in SMM may allow an attacker to create a mishandled error leaving the DRTM UApp in a partially initialized state potentially resulting in loss of memory integrity.

7.8
2022-05-10 CVE-2021-46771 AMD Unspecified vulnerability in AMD products

Insufficient validation of addresses in AMD Secure Processor (ASP) firmware system call may potentially lead to arbitrary code execution by a compromised user application.

7.8
2022-05-10 CVE-2022-22454 IBM OS Command Injection vulnerability in IBM Infosphere Information Server on Cloud 11.7

IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.

7.8
2022-05-10 CVE-2022-26987 TP Link
Mercusys
Fastcom
Out-of-bounds Write vulnerability in multiple products

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MmtAtePrase` function.

7.8
2022-05-10 CVE-2022-26988 TP Link
Mercusys
Fastcom
Out-of-bounds Write vulnerability in multiple products

TP-Link TL-WDR7660 2.0.30, Mercury D196G 20200109_2.0.4, and Fast FAC1900R 20190827_2.0.2 routers have a stack overflow issue in `MntAte` function.

7.8
2022-05-10 CVE-2022-1621 VIM
Debian
Fedoraproject
Apple
Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919.
7.8
2022-05-10 CVE-2022-1629 VIM
Fedoraproject
Apple
Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925.
7.8
2022-05-09 CVE-2022-29971 Insightsoftware Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Athena Odbc Driver

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena ODBC Driver 1.1.1 through 1.1.x before 1.1.17 may allow a local user to execute arbitrary code.

7.8
2022-05-09 CVE-2022-29972 Insightsoftware Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Redshift Odbc Driver

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift ODBC Driver (1.4.14 through 1.4.21.1001 and 1.4.22 through 1.4.x before 1.4.52) may allow a local user to execute arbitrary code.

7.8
2022-05-09 CVE-2022-30239 Insightsoftware Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Athena Jdbc Driver

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Athena JDBC Driver 2.0.25 through 2.0.28 may allow a local user to execute code.

7.8
2022-05-09 CVE-2022-30240 Insightsoftware Argument Injection or Modification vulnerability in Insightsoftware Magnitude Simba Amazon Redshift Jdbc Driver

An argument injection vulnerability in the browser-based authentication component of the Magnitude Simba Amazon Redshift JDBC Driver 1.2.40 through 1.2.55 may allow a local user to execute code.

7.8
2022-05-09 CVE-2022-30524 Xpdfreader Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.0.4

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates.

7.8
2022-05-12 CVE-2021-27771 Hcltech Unrestricted Upload of File with Dangerous Type vulnerability in Hcltech Sametime 11.6

User SID can be modified resulting in an Arbitrary File Upload or deletion of directories causing a Denial of Service.

7.6
2022-05-15 CVE-2022-30049 Ruifang Tech Server-Side Request Forgery (SSRF) vulnerability in Ruifang-Tech Rebuild 2.8.3

A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter.

7.5
2022-05-15 CVE-2022-28936 Fisco Bcos Integer Overflow or Wraparound vulnerability in Fisco-Bcos 3.0.0

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet.

7.5
2022-05-15 CVE-2022-28937 Fisco Bcos Integer Overflow or Wraparound vulnerability in Fisco-Bcos 3.0.0

FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients' requests.

7.5
2022-05-13 CVE-2022-1701 Sonicwall Use of Hard-coded Credentials vulnerability in Sonicwall products

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions uses a shared and hard-coded encryption key to store data.

7.5
2022-05-13 CVE-2022-25862 SDS Project Unspecified vulnerability in SDS Project SDS

This affects the package sds from 0.0.0.

7.5
2022-05-13 CVE-2021-27505 Myscada Unspecified vulnerability in Myscada Mypro 7/7.0.26/8.20.0

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive directory listing information.

7.5
2022-05-13 CVE-2021-33005 Myscada Unspecified vulnerability in Myscada Mypro 7/7.0.26/8.20.0

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to arbitrary directories.

7.5
2022-05-13 CVE-2021-33009 Myscada Unspecified vulnerability in Myscada Mypro 7/7.0.26/8.20.0

mySCADA myPRO versions prior to 8.20.0 allows an unauthenticated remote attacker to upload arbitrary files to the file system.

7.5
2022-05-13 CVE-2021-33013 Myscada Missing Authorization vulnerability in Myscada Mypro 7/7.0.26/8.20.0

mySCADA myPRO versions prior to 8.20.0 does not restrict unauthorized read access to sensitive system information.

7.5
2022-05-13 CVE-2022-22252 Huawei Use After Free vulnerability in Huawei Emui, Harmonyos and Magic UI

The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability.

7.5
2022-05-13 CVE-2021-46787 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash.

7.5
2022-05-13 CVE-2021-46788 Huawei Unspecified vulnerability in Huawei Emui and Magic UI

Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations.

7.5
2022-05-13 CVE-2021-46789 Huawei Unspecified vulnerability in Huawei Emui and Magic UI

Configuration defects in the secure OS module.

7.5
2022-05-13 CVE-2022-22261 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

7.5
2022-05-13 CVE-2022-29789 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The HiAIserver has a vulnerability in verifying the validity of the properties used in the model.Successful exploitation of this vulnerability will affect AI services.

7.5
2022-05-13 CVE-2022-29790 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The graphics acceleration service has a vulnerability in multi-thread access to the database.Successful exploitation of this vulnerability may cause service exceptions.

7.5
2022-05-13 CVE-2022-29791 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

7.5
2022-05-13 CVE-2022-29792 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The chip component has a vulnerability of disclosing CPU SNs.Successful exploitation of this vulnerability may affect data confidentiality.

7.5
2022-05-13 CVE-2022-29793 Huawei Unspecified vulnerability in Huawei Emui, Harmonyos and Magic UI

There is a configuration defect in the activation lock of mobile phones.Successful exploitation of this vulnerability may affect application availability.

7.5
2022-05-13 CVE-2022-29795 Huawei NULL Pointer Dereference vulnerability in Huawei Emui and Harmonyos

The frame scheduling module has a null pointer dereference vulnerability.

7.5
2022-05-13 CVE-2022-29796 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services.

7.5
2022-05-13 CVE-2022-27134 B1 Incorrect Authorization vulnerability in B1 Eosio Batdappboomx 327C04Cf

EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the `transfer` function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the `std::string memo` parameter.

7.5
2022-05-13 CVE-2022-29218 Rubygems Unspecified vulnerability in Rubygems Rubygems.Org

RubyGems is a package registry used to supply software for the Ruby language ecosystem.

7.5
2022-05-12 CVE-2021-27777 Hcltech XXE vulnerability in Hcltech Unica

XML External Entity (XXE) injection vulnerabilities occur when poorly configured XML parsers process user supplied input without sufficient validation.

7.5
2022-05-12 CVE-2021-27478 Opener Project Incorrect Conversion between Numeric Types vulnerability in Opener Project Opener

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may cause a denial-of-service condition.

7.5
2022-05-12 CVE-2021-27482 Opener Project Unspecified vulnerability in Opener Project Opener

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may allow the attacker to read arbitrary data.

7.5
2022-05-12 CVE-2021-27498 Opener Project Unspecified vulnerability in Opener Project Opener

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.

7.5
2022-05-12 CVE-2021-27500 Opener Project Unspecified vulnerability in Opener Project Opener

A specifically crafted packet sent by an attacker to EIPStackGroup OpENer EtherNet/IP commits and versions prior to Feb 10, 2021 may result in a denial-of-service condition.

7.5
2022-05-12 CVE-2022-29369 F5 Improper Check for Unusual or Exceptional Conditions vulnerability in F5 NJS 0.7.2

Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.

7.5
2022-05-12 CVE-2022-1698 Organizr Integer Underflow (Wrap or Wraparound) vulnerability in Organizr

Allowing long password leads to denial of service in GitHub repository causefx/organizr prior to 2.1.2000.

7.5
2022-05-12 CVE-2022-1699 Organizr Resource Exhaustion vulnerability in Organizr

Uncontrolled Resource Consumption in GitHub repository causefx/organizr prior to 2.1.2000.

7.5
2022-05-12 CVE-2022-29298 Contec Path Traversal vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00

SolarView Compact ver.6.00 allows attackers to access sensitive files via directory traversal.

7.5
2022-05-12 CVE-2022-30279 Stormshield NULL Pointer Dereference vulnerability in Stormshield Network Security

An issue was discovered in Stormshield Network Security (SNS) 4.3.x before 4.3.8.

7.5
2022-05-12 CVE-2022-29885 Apache
Debian
Oracle
The documentation of Apache Tomcat 10.1.0-M1 to 10.1.0-M14, 10.0.0-M1 to 10.0.20, 9.0.13 to 9.0.62 and 8.5.38 to 8.5.78 for the EncryptInterceptor incorrectly stated it enabled Tomcat clustering to run over an untrusted network.
7.5
2022-05-11 CVE-2022-30557 Foxit Type Confusion vulnerability in Foxit PDF Editor and PDF Reader

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

7.5
2022-05-11 CVE-2021-33317 Trendnet NULL Pointer Dereference vulnerability in Trendnet products

The TRENDnet TI-PG1284i switch(hw v2.0R) prior to version 2.0.2.S0 suffers from a null pointer dereference vulnerability.

7.5
2022-05-11 CVE-2022-29847 Progress Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0

In Progress Ipswitch WhatsUp Gold 21.0.0 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to invoke an API transaction that would allow them to relay encrypted WhatsUp Gold user credentials to an arbitrary host.

7.5
2022-05-11 CVE-2022-30040 Tenda Out-of-bounds Write vulnerability in Tenda Ax1803 Firmware 1.0.0.12890

Tenda AX1803 v1.0.0.1_2890 is vulnerable to Buffer Overflow.

7.5
2022-05-11 CVE-2022-29616 SAP Unspecified vulnerability in SAP products

SAP Host Agent, SAP NetWeaver and ABAP Platform allow an attacker to leverage logical errors in memory management to cause a memory corruption.

7.5
2022-05-11 CVE-2021-44167 Fortinet Incorrect Permission Assignment for Critical Resource vulnerability in Fortinet Forticlient

An incorrect permission assignment for critical resource vulnerability [CWE-732] in FortiClient for Linux version 6.0.8 and below, 6.2.9 and below, 6.4.7 and below, 7.0.2 and below may allow an unauthenticated attacker to access sensitive information in log files and directories via symbolic links.

7.5
2022-05-11 CVE-2022-1510 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1.

7.5
2022-05-11 CVE-2022-29932 Primeur Memory Leak vulnerability in Primeur Spazio 2.5.1.954

The HTTP Server in PRIMEUR SPAZIO 2.5.1.954 (File Transfer) allows an unauthenticated attacker to obtain sensitive data (related to the content of transferred files) via a crafted HTTP request.

7.5
2022-05-11 CVE-2021-3254 Asus Unspecified vulnerability in Asus Dsl-N14U-B1 Firmware 1.1.2.3805

Asus DSL-N14U-B1 1.1.2.3_805 allows remote attackers to cause a Denial of Service (DoS) via a TCP SYN scan using nmap.

7.5
2022-05-10 CVE-2022-1442 Wpmet Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the ~/core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA and many more, in versions up to and including 2.1.3.

7.5
2022-05-10 CVE-2022-1453 Carrcommunications SQL Injection vulnerability in Carrcommunications Rsvpmaker

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file.

7.5
2022-05-10 CVE-2022-1505 Carrcommunications SQL Injection vulnerability in Carrcommunications Rsvpmaker

The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file.

7.5
2022-05-10 CVE-2021-43010 Safedog SQL Injection vulnerability in Safedog Apache 4.0.30255

In Safedog Apache v4.0.30255, attackers can bypass this product for SQL injection.

7.5
2022-05-10 CVE-2022-28986 Lmsdoctor Authorization Bypass Through User-Controlled Key vulnerability in Lmsdoctor 2 Factor Authentication 2021072900

LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts.

7.5
2022-05-10 CVE-2021-41545 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).

7.5
2022-05-09 CVE-2022-23704 HP Unspecified vulnerability in HP Integrated Lights-Out 4 2.78

A potential security vulnerability has been identified in Integrated Lights-Out 4 (iLO 4).

7.5
2022-05-09 CVE-2022-23705 HPE Unspecified vulnerability in HPE Nimbleos

A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE Nimble Storage All Flash Arrays, and HPE Nimble Storage Secondary Flash Arrays which could potentially allow the upload, but not execution, of unauthorized update binaries to the array.

7.5
2022-05-09 CVE-2022-28739 Ruby Lang
Debian
Apple
Out-of-bounds Read vulnerability in multiple products

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2.

7.5
2022-05-09 CVE-2021-20479 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Cloud PAK System

IBM Cloud Pak System 2.3.0 through 2.3.3.3 Interim Fix 1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2022-05-09 CVE-2022-30286 Pyscript Unspecified vulnerability in Pyscript 20220504

pyscriptjs (aka PyScript Demonstrator) in PyScript through 2022-05-04 allows a remote user to read Python source code.

7.5
2022-05-09 CVE-2022-30333 Rarlab
Debian
Path Traversal vulnerability in multiple products

RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file.

7.5
2022-05-12 CVE-2022-22139 Intel Uncontrolled Search Path Element vulnerability in Intel Extreme Tuning Utility 6.4.1.21/6.5.1.360/6.5.3.25

Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.

7.3
2022-05-11 CVE-2022-28247 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an uncontrolled search path vulnerability that could lead to local privilege escalation.

7.3
2022-05-11 CVE-2021-34605 Xinje Unspecified vulnerability in Xinje Xd/E Series PLC Program Tool

A zip slip vulnerability in XINJE XD/E Series PLC Program Tool up to version v3.5.1 can provide an attacker with arbitrary file write privilege when opening a specially-crafted project file.

7.3
2022-05-11 CVE-2021-34606 Xinje Uncontrolled Search Path Element vulnerability in Xinje Xd/E Series PLC Program Tool

A vulnerability exists in XINJE XD/E Series PLC Program Tool in versions up to v3.5.1 that can allow an authenticated, local attacker to load a malicious DLL.

7.3
2022-05-13 CVE-2022-30393 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=product/manage_product&id=.

7.2
2022-05-13 CVE-2022-30396 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=inventory/manage_inventory&id=.

7.2
2022-05-13 CVE-2022-30398 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=orders/view_order&id=.

7.2
2022-05-13 CVE-2022-30399 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_category&id=.

7.2
2022-05-13 CVE-2022-30400 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/orders/view_order.php?view=user&id=.

7.2
2022-05-13 CVE-2022-30401 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=view_product&id=.

7.2
2022-05-13 CVE-2022-30402 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/admin/?page=maintenance/manage_sub_category&id=.

7.2
2022-05-13 CVE-2022-30403 Merchandise Online Store Product SQL Injection vulnerability in Merchandise Online Store Product Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to SQL Injection via /vloggers_merch/?p=products&c=.

7.2
2022-05-13 CVE-2022-30404 College Management System Project SQL Injection vulnerability in College Management System Project College Management System 1.0

College Management System v1.0 is vulnerable to SQL Injection via /College_Management_System/admin/display-teacher.php?teacher_id=.

7.2
2022-05-13 CVE-2022-30411 Covid 19 Travel Pass Management System Project SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=individuals/view_individual&id=.

7.2
2022-05-13 CVE-2022-30412 Covid 19 Travel Pass Management System Project SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/individuals/update_status.php?id=.

7.2
2022-05-13 CVE-2022-30414 Covid 19 Travel Pass Management System Project SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/?page=applications/view_application&id=.

7.2
2022-05-13 CVE-2022-30415 Covid 19 Travel Pass Management System Project SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/admin/applications/update_status.php?id=.

7.2
2022-05-13 CVE-2022-30417 Covid 19 Travel Pass Management System Project SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via ctpms/admin/?page=user/manage_user&id=.

7.2
2022-05-13 CVE-2022-30376 Simple Social Networking Site Project SQL Injection vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/members/view_member.php?id=.

7.2
2022-05-13 CVE-2022-30378 Simple Social Networking Site Project SQL Injection vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=posts/view_post&id=.

7.2
2022-05-13 CVE-2022-30379 Simple Social Networking Site Project SQL Injection vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to SQL Injection via /sns/admin/?page=user/manage_user&id=.

7.2
2022-05-13 CVE-2022-30371 AIR Cargo Management System Project SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/view_cargo_type.php?id=.

7.2
2022-05-13 CVE-2022-30372 AIR Cargo Management System Project SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/classes/Master.php?f=delete_cargo.

7.2
2022-05-13 CVE-2022-30373 AIR Cargo Management System Project SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/cargo_types/manage_cargo_type.php?id=.

7.2
2022-05-13 CVE-2022-30374 AIR Cargo Management System Project SQL Injection vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0

Air Cargo Management System 1.0 is vulnerable to SQL Injection via /acms/admin/?page=transactions/manage_transaction&id=.

7.2
2022-05-12 CVE-2021-0193 IBM Improper Authentication vulnerability in IBM In-Band Manageability

Improper authentication in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.

7.2
2022-05-12 CVE-2021-0194 Intel Unspecified vulnerability in Intel In-Band Manageability

Improper access control in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via network access.

7.2
2022-05-12 CVE-2022-26002 Inhandnetworks Out-of-bounds Write vulnerability in Inhandnetworks Ir302 Firmware 3.5.4

A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4.

7.2
2022-05-12 CVE-2022-26007 Inhandnetworks OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.4

An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4.

7.2
2022-05-12 CVE-2022-30002 Insurance Management System Project SQL Injection vulnerability in Insurance Management System Project Insurance Management System 1.0

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=.

7.2
2022-05-12 CVE-2022-1681 Requarks Improper Authentication vulnerability in Requarks Wiki.Js

Authentication Bypass Using an Alternate Path or Channel in GitHub repository requarks/wiki prior to 2.5.281.

7.2
2022-05-11 CVE-2022-30452 Shopwind SQL Injection vulnerability in Shopwind

ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php

7.2
2022-05-11 CVE-2022-0024 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated network-based PAN-OS administrator to upload a specifically created configuration that disrupts system processes and potentially execute arbitrary code with root privileges when the configuration is committed on both hardware and virtual firewalls.

7.2
2022-05-11 CVE-2022-29318 CAR Rental Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

7.2
2022-05-11 CVE-2022-29655 Wedding Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Wedding Management System Project Wedding Management System 1.0

An arbitrary file upload vulnerability in the Upload Photos module of Wedding Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

7.2
2022-05-11 CVE-2020-19228 Bludit Unrestricted Upload of File with Dangerous Type vulnerability in Bludit 3.13.0

An issue was found in bludit v3.13.0, unsafe implementation of the backup plugin allows attackers to upload arbitrary files.

7.2
2022-05-09 CVE-2022-27224 Galsys OS Command Injection vulnerability in Galsys Nts-6002-Gps Firmware 4.14.103Galleonnts6002.V124

An issue was discovered in Galleon NTS-6002-GPS 4.14.103-Galleon-NTS-6002.V12 4.

7.2
2022-05-13 CVE-2022-1714 Radare Unspecified vulnerability in Radare Radare2

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.

7.1
2022-05-12 CVE-2022-29368 Moddable Out-of-bounds Read vulnerability in Moddable

Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c.

7.1
2022-05-12 CVE-2021-26362 AMD Unspecified vulnerability in AMD products

A malicious or compromised UApp or ABL may be used by an attacker to issue a malformed system call which results in mapping sensitive System Management Network (SMN) registers leading to a loss of integrity and availability.

7.1
2022-05-12 CVE-2021-26366 AMD Unspecified vulnerability in AMD products

An attacker, who gained elevated privileges via some other vulnerability, may be able to read data from Boot ROM resulting in a loss of system integrity.

7.1
2022-05-10 CVE-2022-27167 Eset Improper Handling of Exceptional Conditions vulnerability in Eset products

Privilege escalation vulnerability in Windows products of ESET, spol.

7.1
2022-05-10 CVE-2021-26332 AMD Unspecified vulnerability in AMD products

Failure to verify SEV-ES TMR is not in MMIO space, SEV-ES FW could result in a potential loss of integrity or availability.

7.1
2022-05-10 CVE-2021-26370 AMD Improper Input Validation vulnerability in AMD products

Improper validation of destination address in SVC_LOAD_FW_IMAGE_BY_INSTANCE and SVC_LOAD_BINARY_BY_ATTRIB in a malicious UApp or ABL may allow an attacker to overwrite arbitrary bootloader memory with SPI ROM contents resulting in a loss of integrity and availability.

7.1
2022-05-10 CVE-2021-26408 AMD Unspecified vulnerability in AMD products

Insufficient validation of elliptic curve points in SEV-legacy firmware may compromise SEV-legacy guest migration potentially resulting in loss of guest's integrity or confidentiality.

7.1
2022-05-10 CVE-2022-20118 Google Use After Free vulnerability in Google Android

In ion_ioctl and related functions of ion.c, there is a possible use after free due to a race condition.

7.0
2022-05-10 CVE-2022-20006 Google Race Condition vulnerability in Google Android

In several functions of KeyguardServiceWrapper.java and related files,, there is a possible way to briefly view what's under the lockscreen due to a race condition.

7.0
2022-05-10 CVE-2022-20007 Google Race Condition vulnerability in Google Android

In startActivityForAttachedApplicationIfNeeded of RootWindowContainer.java, there is a possible way to overlay an app that believes it's still in the foreground, when it is not, due to a race condition.

7.0
2022-05-10 CVE-2022-1537 Gruntjs Unspecified vulnerability in Gruntjs Grunt

file.copy operations in GruntJS are vulnerable to a TOCTOU race condition leading to arbitrary file write in GitHub repository gruntjs/grunt prior to 1.5.3.

7.0

181 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-05-13 CVE-2022-29854 Mitel Incorrect Authorization vulnerability in Mitel Minet Firmware 1.8.0.12

A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12) and earlier, could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup.

6.8
2022-05-12 CVE-2021-33077 Intel Unspecified vulnerability in Intel products

Insufficient control flow management in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

6.8
2022-05-12 CVE-2021-33080 Intel Improper Cross-boundary Removal of Sensitive Data vulnerability in Intel products

Exposure of sensitive system information due to uncleared debug information in firmware for some Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC Products may allow an unauthenticated user to potentially enable information disclosure or escalation of privilege via physical access.

6.8
2022-05-12 CVE-2022-0004 Intel Unspecified vulnerability in Intel products

Hardware debug modes and processor INIT setting that allow override of locks for some Intel(R) Processors in Intel(R) Boot Guard and Intel(R) TXT may allow an unauthenticated user to potentially enable escalation of privilege via physical access.

6.8
2022-05-11 CVE-2022-29855 Mitel Unspecified vulnerability in Mitel products

Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup.

6.8
2022-05-10 CVE-2022-20009 Google Out-of-bounds Write vulnerability in Google Android

In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check.

6.8
2022-05-12 CVE-2021-33103 Intel Unspecified vulnerability in Intel products

Unintended intermediary in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

6.7
2022-05-12 CVE-2021-33108 Intel Improper Input Validation vulnerability in Intel In-Band Manageability

Improper input validation in the Intel(R) In-Band Manageability software before version 2.13.0 may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2022-05-12 CVE-2021-33124 Intel Out-of-bounds Write vulnerability in Intel products

Out-of-bounds write in the BIOS authenticated code module for some Intel(R) Processors may allow a privileged user to potentially enable aescalation of privilege via local access.

6.7
2022-05-12 CVE-2022-21237 Intel Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Intel products

Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2022-05-12 CVE-2022-24297 Intel Unspecified vulnerability in Intel products

Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2022-05-12 CVE-2022-24382 Intel Improper Input Validation vulnerability in Intel products

Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.

6.7
2022-05-12 CVE-2022-24910 Inhandnetworks Classic Buffer Overflow vulnerability in Inhandnetworks Ir302 Firmware 3.5.37/3.5.4

A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4.

6.7
2022-05-11 CVE-2021-30361 Checkpoint OS Command Injection vulnerability in Checkpoint Gaia OS and Gaia Portal

The Check Point Gaia Portal's GUI Clients allowed authenticated administrators with permission for the GUI Clients settings to inject a command that would run on the Gaia OS.

6.7
2022-05-11 CVE-2022-0025 Paloaltonetworks Uncontrolled Search Path Element vulnerability in Paloaltonetworks Cortex XDR Agent 7.7.1

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges.

6.7
2022-05-11 CVE-2022-0026 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Cortex XDR Agent

A local privilege escalation (PE) vulnerability exists in Palo Alto Networks Cortex XDR agent software on Windows that enables an authenticated local user with file creation privilege in the Windows root directory (such as C:\) to execute a program with elevated privileges.

6.7
2022-05-11 CVE-2022-22975 Vmware Injection vulnerability in VMWare Pinniped

An issue was discovered in the Pinniped Supervisor with either LADPIdentityProvider or ActiveDirectoryIdentityProvider resources.

6.6
2022-05-13 CVE-2022-22393 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by the application server.

6.5
2022-05-13 CVE-2022-30381 Merchandise Online Store Project Unspecified vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store v1.0 is vulnerable to file deletion via /vloggers_merch/classes/Master.php?f=delete_img.

6.5
2022-05-13 CVE-2022-30408 Covid 19 Travel Pass Management System Project Unspecified vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to file deletion via /ctpms/classes/Master.php?f=delete_img.

6.5
2022-05-13 CVE-2022-30367 AIR Cargo Management System Project Incorrect Default Permissions vulnerability in AIR Cargo Management System Project AIR Cargo Management System 1.0

Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f=delete_img.

6.5
2022-05-13 CVE-2022-30375 Simple Social Networking Site Project Incorrect Default Permissions vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0

Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes/Master.php?f=delete_img.

6.5
2022-05-12 CVE-2021-27772 Hcltech Unspecified vulnerability in Hcltech Sametime 11.6

Users are able to read group conversations without actively taking part in them.

6.5
2022-05-12 CVE-2022-22971 Vmware
Oracle
Netapp
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, application with a STOMP over WebSocket endpoint is vulnerable to a denial of service attack by an authenticated user.

6.5
2022-05-12 CVE-2022-26020 Inhandnetworks Use of Hard-coded Credentials vulnerability in Inhandnetworks Ir302 Firmware 3.5.37

An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4.

6.5
2022-05-12 CVE-2022-26510 Inhandnetworks Improper Verification of Cryptographic Signature vulnerability in Inhandnetworks Ir302 Firmware 3.5.37

A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37.

6.5
2022-05-12 CVE-2022-1044 Trudesk Project Insecure Storage of Sensitive Information vulnerability in Trudesk Project Trudesk

Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.

6.5
2022-05-11 CVE-2021-36613 Mikrotik NULL Pointer Dereference vulnerability in Mikrotik Routeros

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the ptp process.

6.5
2022-05-11 CVE-2021-36614 Mikrotik NULL Pointer Dereference vulnerability in Mikrotik Routeros

Mikrotik RouterOs before stable 6.48.2 suffers from a memory corruption vulnerability in the tr069-client process.

6.5
2022-05-11 CVE-2022-24584 Yubico Incorrect Authorization vulnerability in Yubico OTP

Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server.

6.5
2022-05-11 CVE-2022-29845 Progress Inclusion of Functionality from Untrusted Control Sphere vulnerability in Progress Whatsup Gold 21.1.0/21.1.1/22.0.0

In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read the contents of a local file.

6.5
2022-05-11 CVE-2022-29848 Progress Server-Side Request Forgery (SSRF) vulnerability in Progress Whatsup Gold

In Progress Ipswitch WhatsUp Gold 17.0.0 through 21.1.1, and 22.0.0, it is possible for an authenticated user to invoke an API transaction that would allow them to read sensitive operating-system attributes from a host that is accessible by the WhatsUp Gold system.

6.5
2022-05-11 CVE-2022-30059 Shopwind Path Traversal vulnerability in Shopwind

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Delete vulnerability via the neirong parameter at \backend\controllers\DbController.php.

6.5
2022-05-11 CVE-2022-30061 Ftcms Path Traversal vulnerability in Ftcms 2.1

ftcms <=2.1 was discovered to be vulnerable to directory traversal attacks via the parameter tp.

6.5
2022-05-11 CVE-2022-30062 Ftcms Path Traversal vulnerability in Ftcms 2.1

ftcms <=2.1 was discovered to be vulnerable to Arbitrary File Read via tp.php

6.5
2022-05-11 CVE-2021-46744 AMD Information Exposure Through Discrepancy vulnerability in AMD products

An attacker with access to a malicious hypervisor may be able to infer data values used in a SEV guest on AMD CPUs by monitoring ciphertext values over time.

6.5
2022-05-11 CVE-2021-3611 Qemu
Redhat
A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU.
6.5
2022-05-11 CVE-2022-1406 Gitlab Improper Input Validation vulnerability in Gitlab

Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0 allows a Developer to read protected Group or Project CI/CD variables by importing a malicious project

6.5
2022-05-11 CVE-2022-29008 Phpgurukul Authorization Bypass Through User-Controlled Key vulnerability in PHPgurukul BUS Pass Management System 1.0

An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information.

6.5
2022-05-11 CVE-2022-29977 Libsixel Project Reachable Assertion vulnerability in Libsixel Project Libsixel 1.8.6

There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894 in libsixel img2sixel 1.8.6.

6.5
2022-05-11 CVE-2022-29978 Libsixel Project Incorrect Calculation vulnerability in Libsixel Project Libsixel 1.8.6

There is a floating point exception error in sixel_encoder_do_resize, encoder.c:633 in libsixel img2sixel 1.8.6.

6.5
2022-05-10 CVE-2022-26934 Microsoft Unspecified vulnerability in Microsoft products

Windows Graphics Component Information Disclosure Vulnerability

6.5
2022-05-10 CVE-2022-26935 Microsoft Unspecified vulnerability in Microsoft products

Windows WLAN AutoConfig Service Information Disclosure Vulnerability

6.5
2022-05-10 CVE-2022-28601 Lmsdoctor Incorrect Authorization vulnerability in Lmsdoctor 2 Factor Authentication

A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file.

6.5
2022-05-10 CVE-2022-1476 Servmask Unspecified vulnerability in Servmask All-In-One WP Migration

The All-in-One WP Migration plugin for WordPress is vulnerable to arbitrary file deletion via directory traversal due to insufficient file validation via the ~/lib/model/class-ai1wm-backups.php file, in versions up to, and including, 7.58.

6.5
2022-05-10 CVE-2022-20010 Google Out-of-bounds Read vulnerability in Google Android 12.0/12.1

In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check.

6.5
2022-05-10 CVE-2022-24040 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).

6.5
2022-05-10 CVE-2022-24041 Siemens Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products

A vulnerability has been identified in Desigo DXR2 (All versions < V01.21.142.5-22), Desigo PXC3 (All versions < V01.21.142.4-18), Desigo PXC4 (All versions < V02.20.142.10-10884), Desigo PXC5 (All versions < V02.20.142.10-10884).

6.5
2022-05-11 CVE-2022-28244 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC versions 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) is affected by a violation of secure design principles through bypassing the content security policy, which could result in an attacker sending arbitrarily configured requests to the cross-origin attack target domain.

6.3
2022-05-10 CVE-2021-26390 AMD Unspecified vulnerability in AMD products

A malicious or compromised UApp or ABL may coerce the bootloader into corrupting arbitrary memory potentially leading to loss of integrity of data.

6.2
2022-05-13 CVE-2022-1702 Sonicwall Open Redirect vulnerability in Sonicwall products

SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability.

6.1
2022-05-13 CVE-2022-30489 Wavlink Cross-site Scripting vulnerability in Wavlink Wn535G3 Firmware

WAVLINK WN535 G3 was discovered to contain a cross-site scripting (XSS) vulnerability via the hostname parameter at /cgi-bin/login.cgi.

6.1
2022-05-12 CVE-2020-22984 Microstrategy Cross-site Scripting vulnerability in Microstrategy web SDK

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via key parameter to the getGoogleExtraConfig task.

6.1
2022-05-12 CVE-2020-22985 Microstrategy Cross-site Scripting vulnerability in Microstrategy web SDK

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the key parameter to the getESRIExtraConfig task.

6.1
2022-05-12 CVE-2020-22986 Microstrategy Cross-site Scripting vulnerability in Microstrategy web SDK

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the searchString parameter to the wikiScrapper task.

6.1
2022-05-12 CVE-2020-22987 Microstrategy Cross-site Scripting vulnerability in Microstrategy web SDK

Cross-Site Scripting (XSS) vulnerability in MicroStrategy Web SDK 10.11 and earlier, allows remote unauthenticated attackers to execute arbitrary code via the fileToUpload parameter to the uploadFile task.

6.1
2022-05-12 CVE-2022-22797 Sysaid Open Redirect vulnerability in Sysaid 21.1.30/21.1.50/21.4.45

Sysaid – sysaid Open Redirect - An Attacker can change the redirect link at the parameter "redirectURL" from"GET" request from the url location: /CommunitySSORedirect.jsp?redirectURL=https://google.com.

6.1
2022-05-12 CVE-2022-23165 Sysaid Cross-site Scripting vulnerability in Sysaid

Sysaid – Sysaid 14.2.0 Reflected Cross-Site Scripting (XSS) - The parameter "helpPageName" used by the page "/help/treecontent.jsp" suffers from a Reflected Cross-Site Scripting vulnerability.

6.1
2022-05-12 CVE-2021-22531 Microfocus Cross-site Scripting vulnerability in Microfocus Access Manager 4.5/5.0

A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability.

6.1
2022-05-12 CVE-2022-28818 Adobe Unspecified vulnerability in Adobe Coldfusion

ColdFusion versions CF2021U3 (and earlier) and CF2018U13 are affected by a reflected Cross-Site Scripting (XSS) vulnerability.

6.1
2022-05-12 CVE-2022-21238 Inhandnetworks Cross-site Scripting vulnerability in Inhandnetworks Inrouter302 Firmware 3.5.37/3.5.4

A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4.

6.1
2022-05-12 CVE-2022-25172 Inhandnetworks Incorrect Permission Assignment for Critical Resource vulnerability in Inhandnetworks Ir302 Firmware 3.5.4

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4.

6.1
2022-05-12 CVE-2022-28919 Dokuwiki
Fedoraproject
Cross-site Scripting vulnerability in multiple products

HTMLCreator release_stable_2020-07-29 was discovered to contain a cross-site scripting (XSS) vulnerability via the function _generateFilename.

6.1
2022-05-12 CVE-2022-1682 Facturascripts Cross-site Scripting vulnerability in Facturascripts

Reflected Xss using url based payload in GitHub repository neorazorx/facturascripts prior to 2022.07.

6.1
2022-05-12 CVE-2022-29927 Jetbrains Cross-site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2022.04 reflected XSS on the Build Chain Status page was possible

6.1
2022-05-12 CVE-2022-29929 Jetbrains Cross-site Scripting vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2022.04 potential XSS via Referrer header was possible

6.1
2022-05-11 CVE-2021-28290 Identityserver4 Admin Project Cross-site Scripting vulnerability in Identityserver4.Admin Project Identityserver4.Admin

A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter.

6.1
2022-05-11 CVE-2021-42648 Coder Cross-site Scripting vulnerability in Coder Code-Server

Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.

6.1
2022-05-11 CVE-2022-23137 ZTE Cross-site Scripting vulnerability in ZTE Zxcdn Firmware

ZTE's ZXCDN product has a reflective XSS vulnerability.

6.1
2022-05-11 CVE-2021-43081 Fortinet Cross-site Scripting vulnerability in Fortinet Fortios and Fortiproxy

An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0.

6.1
2022-05-11 CVE-2022-1433 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 14.4 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1.

6.1
2022-05-11 CVE-2022-27656 SAP Unspecified vulnerability in SAP products

The Web administration UI of SAP Web Dispatcher and the Internet Communication Manager (ICM) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

6.1
2022-05-11 CVE-2022-28077 Home Owners Collection Management System Project Cross-site Scripting vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['s'] parameter.

6.1
2022-05-11 CVE-2022-28078 Home Owners Collection Management System Project Cross-site Scripting vulnerability in Home Owners Collection Management System Project Home Owners Collection Management System 1.0

Home Owners Collection Management v1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability in the Admin panel via the $_GET['page'] parameter.

6.1
2022-05-11 CVE-2022-29728 Surveysparrow Cross-site Scripting vulnerability in Surveysparrow Enterprise Survey Software 2022

Survey Sparrow Enterprise Survey Software 2022 has a Reflected cross-site scripting (XSS) vulnerability in the test parameter.

6.1
2022-05-10 CVE-2022-1567 WP JS Project Cross-site Scripting vulnerability in Wp-Js Project Wp-Js 2.0.6

The WP-JS plugin for WordPress contains a script called wp-js.php with the function wp_js_admin, that accepts unvalidated user input and echoes it back to the user.

6.1
2022-05-10 CVE-2022-30278 Synopsys Cross-site Scripting vulnerability in Synopsys Black Duck HUB

A vulnerability in Black Duck Hub’s embedded MadCap Flare documentation files could allow an unauthenticated remote attacker to conduct a cross-site scripting attack.

6.1
2022-05-10 CVE-2021-39024 IBM Cross-site Scripting vulnerability in IBM Guardium Data Encryption 4.0.0.0/5.0.0.0/5.0.0.3

IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 is vulnerable to cross-site scripting.

6.1
2022-05-09 CVE-2022-0625 Admin Menu Editor Project Unspecified vulnerability in Admin Menu Editor Project Admin Menu Editor

The Admin Menu Editor WordPress plugin through 1.0.4 does not sanitize and escape a parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

6.1
2022-05-09 CVE-2022-1047 Themify Unspecified vulnerability in Themify Post Type Builder Search Addon

The Themify Post Type Builder Search Addon WordPress plugin before 1.4.0 does not properly escape the current page URL before reusing it in a HTML attribute, leading to a reflected cross site scripting vulnerability.

6.1
2022-05-09 CVE-2022-1171 Vertical Scroll Recent Post Project Unspecified vulnerability in Vertical Scroll Recent Post Project Vertical Scroll Recent Post 14.0

The Vertical scroll recent post WordPress plugin before 14.0 does not sanitise and escape a parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting

6.1
2022-05-12 CVE-2021-27768 Hcltech Improper Certificate Validation vulnerability in Hcltech Verse

Using the ability to perform a Man-in-the-Middle (MITM) attack, which indicates a lack of hostname verification, sensitive account information was able to be intercepted.

5.9
2022-05-10 CVE-2022-26925 Microsoft Missing Authentication for Critical Function vulnerability in Microsoft products

Windows LSA Spoofing Vulnerability

5.9
2022-05-13 CVE-2022-22325 IBM Unspecified vulnerability in IBM MQ for HPE Nonstop 8.1.0

IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace.

5.5
2022-05-12 CVE-2021-26351 AMD Improper Input Validation vulnerability in AMD products

Insufficient DRAM address validation in System Management Unit (SMU) may result in a DMA (Direct Memory Access) read/write from/to invalid DRAM address that could result in denial of service.

5.5
2022-05-12 CVE-2021-26361 AMD Unspecified vulnerability in AMD products

A malicious or compromised User Application (UApp) or AGESA Boot Loader (ABL) could be used by an attacker to exfiltrate arbitrary memory from the ASP stage 2 bootloader potentially leading to information disclosure.

5.5
2022-05-12 CVE-2021-0155 Intel Unchecked Return Value vulnerability in Intel products

Unchecked return value in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.

5.5
2022-05-12 CVE-2021-33069 Intel Improper Resource Shutdown or Release vulnerability in Intel products

Improper resource shutdown or release in firmware for some Intel(R) SSD, Intel(R) SSD DC, Intel(R) Optane(TM) SSD and Intel(R) Optane(TM) SSD DC may allow a privileged user to potentially enable denial of service via local access.

5.5
2022-05-12 CVE-2021-33117 Intel
Netapp
Improper access control for some 3rd Generation Intel(R) Xeon(R) Scalable Processors before BIOS version MR7, may allow a local attacker to potentially enable information disclosure via local access.
5.5
2022-05-12 CVE-2021-33135 Intel Resource Exhaustion vulnerability in Intel Software Guard Extensions

Uncontrolled resource consumption in the Linux kernel drivers for Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access.

5.5
2022-05-12 CVE-2021-33149 Intel Information Exposure Through Discrepancy vulnerability in Intel products

Observable behavioral discrepancy in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.

5.5
2022-05-12 CVE-2022-21131 Intel Unspecified vulnerability in Intel products

Improper access control for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

5.5
2022-05-12 CVE-2022-21136 Intel Improper Input Validation vulnerability in Intel products

Improper input validation for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable denial of service via local access.

5.5
2022-05-12 CVE-2022-21147 Estsoft Out-of-bounds Read vulnerability in Estsoft Alyac 2.5.7.7

An out of bounds read vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.7.7.

5.5
2022-05-12 CVE-2022-21151 Intel
Netapp
Debian
Processor optimization removal or modification of security-critical code for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
5.5
2022-05-12 CVE-2022-29302 Contec Files or Directories Accessible to External Parties vulnerability in Contec Sv-Cpt-Mc310 Firmware 6.00

SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp.php.

5.5
2022-05-12 CVE-2022-1674 VIM
Fedoraproject
Apple
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938.
5.5
2022-05-11 CVE-2022-28263 Adobe Unspecified vulnerability in Adobe products

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

5.5
2022-05-11 CVE-2021-26339 AMD Unspecified vulnerability in AMD products

A bug in AMD CPU’s core logic may allow for an attacker, using specific code from an unprivileged VM, to trigger a CPU core hang resulting in a potential denial of service.

5.5
2022-05-11 CVE-2021-26348 AMD Unspecified vulnerability in AMD products

Failure to flush the Translation Lookaside Buffer (TLB) of the I/O memory management unit (IOMMU) may lead an IO device to write to memory it should not be able to access, resulting in a potential loss of integrity.

5.5
2022-05-11 CVE-2021-26349 AMD Unspecified vulnerability in AMD products

Failure to assign a new report ID to an imported guest may potentially result in an SEV-SNP guest VM being tricked into trusting a dishonest Migration Agent (MA).

5.5
2022-05-11 CVE-2021-26364 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products

Insufficient bounds checking in an SMU mailbox register could allow an attacker to potentially read outside of the SRAM address range which could result in an exception handling leading to a potential denial of service.

5.5
2022-05-11 CVE-2021-26372 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products

Insufficient bound checks related to PCIE in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

5.5
2022-05-11 CVE-2021-26373 AMD Improper Input Validation vulnerability in AMD products

Insufficient bound checks in the System Management Unit (SMU) may result in a system voltage malfunction that could result in denial of resources and/or possibly denial of service.

5.5
2022-05-11 CVE-2021-26375 AMD Unspecified vulnerability in AMD products

Insufficient General Purpose IO (GPIO) bounds check in System Management Unit (SMU) may result in access/updates from/to invalid address space that could result in denial of service.

5.5
2022-05-11 CVE-2021-26376 AMD Unspecified vulnerability in AMD products

Insufficient checks in System Management Unit (SMU) FeatureConfig may result in reenabling features potentially resulting in denial of resources and/or denial of service.

5.5
2022-05-11 CVE-2021-26378 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products

Insufficient bound checks in the System Management Unit (SMU) may result in access to an invalid address space that could result in denial of service.

5.5
2022-05-11 CVE-2021-26388 AMD Out-of-bounds Read vulnerability in AMD products

Improper validation of the BIOS directory may allow for searches to read beyond the directory table copy in RAM, exposing out of bounds memory contents, resulting in a potential denial of service.

5.5
2022-05-11 CVE-2022-1622 Libtiff
Fedoraproject
Netapp
Apple
Out-of-bounds Read vulnerability in multiple products

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2022-05-11 CVE-2022-1623 Libtiff
Fedoraproject
Netapp
Debian
Out-of-bounds Read vulnerability in multiple products

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tif_lzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2022-05-11 CVE-2022-28774 SAP Unspecified vulnerability in SAP Host Agent 7.22

Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted.

5.5
2022-05-10 CVE-2022-20117 Google Use of a Broken or Risky Cryptographic Algorithm vulnerability in Google Android

In (TBD) of (TBD), there is a possible way to decrypt local data encrypted by the GSC due to improperly used crypto.

5.5
2022-05-10 CVE-2022-20119 Google Use of Uninitialized Resource vulnerability in Google Android

In private_handle_t of mali_gralloc_buffer.h, there is a possible information disclosure due to uninitialized data.

5.5
2022-05-10 CVE-2022-20121 Google Missing Authorization vulnerability in Google Android

In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing permission check.

5.5
2022-05-10 CVE-2022-29107 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Office Security Feature Bypass Vulnerability

5.5
2022-05-10 CVE-2021-39670 Google Allocation of Resources Without Limits or Throttling vulnerability in Google Android 12.0/12.1

In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation.

5.5
2022-05-10 CVE-2021-39700 Google Unspecified vulnerability in Google Android 10.0/11.0/12.0

In the policies of adbd.te, there was a logic error which caused the CTS Listening Ports Test to report invalid results.

5.5
2022-05-10 CVE-2022-20011 Google Missing Authorization vulnerability in Google Android

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check.

5.5
2022-05-10 CVE-2022-20112 Google Improper Privilege Management vulnerability in Google Android

In getAvailabilityStatus of PrivateDnsPreferenceController.java, there is a possible way for a guest user to change private DNS settings due to a permissions bypass.

5.5
2022-05-10 CVE-2022-20115 Google Missing Authorization vulnerability in Google Android 12.0/12.1

In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base station information without location permission due to a missing permission check.

5.5
2022-05-10 CVE-2021-26352 AMD Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in AMD products

Insufficient bound checks in System Management Unit (SMU) PCIe Hot Plug table may result in access/updates from/to invalid address space that could result in denial of service.

5.5
2022-05-10 CVE-2022-1649 Radare NULL Pointer Dereference vulnerability in Radare Radare2

Null pointer dereference in libr/bin/format/mach0/mach0.c in radareorg/radare2 in GitHub repository radareorg/radare2 prior to 5.7.0.

5.5
2022-05-09 CVE-2022-29868 1Password Cleartext Storage of Sensitive Information vulnerability in 1Password

1Password for Mac 7.2.4 through 7.9.x before 7.9.3 is vulnerable to a process validation bypass.

5.5
2022-05-09 CVE-2022-27114 Htmldoc Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

There is a vulnerability in htmldoc 1.9.16.

5.5
2022-05-09 CVE-2022-28161 Brocade Information Exposure Through Log Files vulnerability in Brocade Sannav

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode.

5.5
2022-05-13 CVE-2022-29433 Donations Project Unspecified vulnerability in Donations Project Donations

Authenticated (contributor or higher role) Cross-Site Scripting (XSS) vulnerability in Donations plugin <= 1.8 on WordPress.

5.4
2022-05-11 CVE-2021-31330 Reviewboard Cross-site Scripting vulnerability in Reviewboard Review Board 3.0.20/4.0

A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier.

5.4
2022-05-11 CVE-2022-30057 Shopwind Cross-site Scripting vulnerability in Shopwind

Shopwind <=v3.4.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability.

5.4
2022-05-11 CVE-2021-39059 IBM Cross-site Scripting vulnerability in IBM Jazz Foundation

IBM Jazz Foundation (IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) is vulnerable to cross-site scripting.

5.4
2022-05-11 CVE-2022-29610 SAP Unspecified vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver Application Server ABAP allows an authenticated attacker to upload malicious files and delete (theme) data, which could result in Stored Cross-Site Scripting (XSS) attack.

5.4
2022-05-11 CVE-2022-29727 Surveysparrow Cross-site Scripting vulnerability in Surveysparrow Enterprise Survey Software 2022

Survey Sparrow Enterprise Survey Software 2022 has a Stored cross-site scripting (XSS) vulnerability in the Signup parameter.

5.4
2022-05-11 CVE-2022-29975 Altn Cross-site Scripting vulnerability in Altn Mdaemon

An Authenticated Reflected Cross-site scripting at CC Parameter was discovered in MDaemon before 22.0.0 .

5.4
2022-05-11 CVE-2022-29976 Altn Cross-site Scripting vulnerability in Altn Mdaemon

An Authenticated Reflected Cross-site scripting at BCC Parameter was discovered in MDaemon before 22.0.0 .

5.4
2022-05-10 CVE-2022-1209 Ultimatemember Unspecified vulnerability in Ultimatemember Ultimate Member

The Ultimate Member plugin for WordPress is vulnerable to arbitrary redirects due to insufficient validation on supplied URLs in the social fields of the Profile Page, which makes it possible for attackers to redirect unsuspecting victims in versions up to, and including, 2.3.1.

5.4
2022-05-09 CVE-2021-43712 Employee Daily Task Management System Project Cross-site Scripting vulnerability in Employee Daily Task Management System Project Employee Daily Task Management System 1.0

Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.

5.4
2022-05-09 CVE-2022-27308 Phprojekt Phpsimplygest Project Cross-site Scripting vulnerability in PHProjekt PHPsimplygest Project PHProjekt PHPsimplygest 1.3.0

A stored cross-site scripting (XSS) vulnerability in PHProjekt PhpSimplyGest v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a project title.

5.4
2022-05-09 CVE-2022-0898 Getigniteup Unspecified vulnerability in Getigniteup Igniteup

The IgniteUp WordPress plugin through 3.4.1 does not sanitise and escape some fields when high privilege users don't have the unfiltered_html capability, which could lead to Stored Cross-Site Scripting issues

5.4
2022-05-09 CVE-2022-22319 IBM Unspecified vulnerability in IBM products

IBM Robotic Process Automation 21.0.1 could allow a register user on the system to physically delete a queue that could cause disruption for any scripts dependent on the queue.

5.4
2022-05-13 CVE-2021-46785 Huawei Unspecified vulnerability in Huawei Emui and Harmonyos

The Property module has a vulnerability in permission control.This vulnerability can be exploited to obtain the unique device identifier.

5.3
2022-05-13 CVE-2022-27247 Cdsoft Authorization Bypass Through User-Controlled Key vulnerability in Cdsoft Winhotel.Mx 2021

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference.

5.3
2022-05-12 CVE-2021-27769 Hcltech Unspecified vulnerability in Hcltech Sametime 11.6

Information leakage occurs when a website reveals information that could aid an attacker to further exploit the system.

5.3
2022-05-12 CVE-2022-22970 Vmware
Oracle
Netapp
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

In spring framework versions prior to 5.3.20+ , 5.2.22+ and old unsupported versions, applications that handle file uploads are vulnerable to DoS attack if they rely on data binding to set a MultipartFile or javax.servlet.Part to a field in a model object.

5.3
2022-05-12 CVE-2022-29538 Resi Unspecified vulnerability in Resi Gemini-Net 4.2

RESI Gemini-Net Web 4.2 is affected by Improper Access Control in authorization logic.

5.3
2022-05-11 CVE-2022-29846 Progress Unspecified vulnerability in Progress Whatsup Gold

In Progress Ipswitch WhatsUp Gold 16.1 through 21.1.1, and 22.0.0, it is possible for an unauthenticated attacker to obtain the WhatsUp Gold installation serial number.

5.3
2022-05-11 CVE-2022-30058 Shopwind Path Traversal vulnerability in Shopwind

Shopwind <=v3.4.2 was discovered to contain a Arbitrary File Download vulnerability via the neirong parameter at \backend\controllers\DbController.php.

5.3
2022-05-11 CVE-2022-1352 Gitlab Authorization Bypass Through User-Controlled Key vulnerability in Gitlab

Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.

5.3
2022-05-10 CVE-2022-0866 Redhat Incorrect Authorization vulnerability in Redhat products

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal.

5.3
2022-05-10 CVE-2022-1431 Gitlab Improper Input Validation vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1.

5.3
2022-05-09 CVE-2019-25060 Wpgraphql Unspecified vulnerability in Wpgraphql 0.2.3

The WPGraphQL WordPress plugin before 0.3.5 doesn't properly restrict access to information about other users' roles on the affected site.

5.3
2022-05-09 CVE-2022-0424 Supsystic Unspecified vulnerability in Supsystic Popup

The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and authorisation in an AJAX action, allowing unauthenticated attackers to call it and get the email addresses of subscribed users

5.3
2022-05-09 CVE-2022-22481 IBM Unspecified vulnerability in IBM I 7.2/7.3/7.4

IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain access to the web interface without valid credentials.

5.3
2022-05-12 CVE-2022-29928 Jetbrains Information Exposure Through Log Files vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2022.04 leak of secrets in TeamCity agent logs was possible

4.9
2022-05-12 CVE-2022-29930 Jetbrains Use of Insufficiently Random Values vulnerability in Jetbrains Ktor 2.0.0

SHA1 implementation in JetBrains Ktor Native 2.0.0 was returning the same value.

4.9
2022-05-11 CVE-2022-1460 Gitlab Incorrect Authorization vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1.

4.9
2022-05-12 CVE-2022-28920 Moecraft Cross-site Scripting vulnerability in Moecraft Tieba-Cloud-Sign 4.9

Tieba-Cloud-Sign v4.9 was discovered to contain a cross-site scripting (XSS) vulnerability via the function strip_tags.

4.8
2022-05-11 CVE-2022-22320 IBM Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager 7.3.3/7.4.3

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting.

4.8
2022-05-09 CVE-2022-0874 WP Experts Unspecified vulnerability in Wp-Experts WP Social Buttons

The WP Social Buttons WordPress plugin through 2.1 does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

4.8
2022-05-09 CVE-2022-1104 Code Atlantic Unspecified vulnerability in Code-Atlantic Popup Maker

The Popup Maker WordPress plugin before 1.16.5 does not sanitise and escape some of its Popup settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

4.8
2022-05-09 CVE-2022-1303 Slide Anything Project Unspecified vulnerability in Slide Anything Project Slide Anything

The Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

4.8
2022-05-09 CVE-2022-1338 Commonninja Cross-site Scripting vulnerability in Commonninja Easily Generate Rest API

The Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

4.8
2022-05-12 CVE-2021-33075 Intel Race Condition vulnerability in Intel products

Race condition in firmware for some Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.

4.7
2022-05-12 CVE-2021-33078 Intel Race Condition vulnerability in Intel products

Race condition within a thread in firmware for some Intel(R) Optane(TM) SSD and Intel(R) SSD DC Products may allow a privileged user to potentially enable denial of service via local access.

4.7
2022-05-11 CVE-2021-26347 AMD Improper Validation of Specified Quantity in Input vulnerability in AMD products

Failure to validate the integer operand in ASP (AMD Secure Processor) bootloader may allow an attacker to introduce an integer overflow in the L2 directory table in SPI flash resulting in a potential denial of service.

4.7
2022-05-11 CVE-2021-26350 AMD Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in AMD products

A TOCTOU race condition in SMU may allow for the caller to obtain and manipulate the address of a message port register which may result in a potential denial of service.

4.7
2022-05-12 CVE-2021-33074 Intel Unspecified vulnerability in Intel products

Protection mechanism failure in firmware for some Intel(R) SSD, Intel(R) SSD DC and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

4.6
2022-05-12 CVE-2021-33082 Intel Improper Cross-boundary Removal of Sensitive Data vulnerability in Intel products

Sensitive information in resource not removed before reuse in firmware for some Intel(R) SSD and Intel(R) Optane(TM) SSD Products may allow an unauthenticated user to potentially enable information disclosure via physical access.

4.6
2022-05-12 CVE-2021-33130 Intel Insecure Default Initialization of Resource vulnerability in Intel Realsense ID F450 Firmware

Insecure default variable initialization of Intel(R) RealSense(TM) ID Solution F450 before version 2.6.0.74 may allow an unauthenticated user to potentially enable information disclosure via physical access.

4.6
2022-05-10 CVE-2022-20008 Google Use of Uninitialized Resource vulnerability in Google Android

In mmc_blk_read_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data.

4.6
2022-05-12 CVE-2021-26363 AMD Unspecified vulnerability in AMD products

A malicious or compromised UApp or ABL could potentially change the value that the ASP uses for its reserved DRAM, to one outside of the fenced area, potentially leading to data exposure.

4.4
2022-05-12 CVE-2021-26368 AMD Insufficient Verification of Data Authenticity vulnerability in AMD products

Insufficient check of the process type in Trusted OS (TOS) may allow an attacker with privileges to enable a lesser privileged process to unmap memory owned by a higher privileged process resulting in a denial of service.

4.4
2022-05-12 CVE-2021-33083 Intel Improper Authentication vulnerability in Intel products

Improper authentication in firmware for some Intel(R) SSD, Intel(R) Optane(TM) SSD, Intel(R) Optane(TM) SSD DC and Intel(R) SSD DC Products may allow an privileged user to potentially enable information disclosure via local access.

4.4
2022-05-12 CVE-2021-27773 Hcltech Improper Restriction of Rendered UI Layers or Frames vulnerability in Hcltech Sametime 11.6

This vulnerability allows users to execute a clickjacking attack in the meeting's chat.

4.3
2022-05-12 CVE-2022-28873 F Secure Unspecified vulnerability in F-Secure Safe

A vulnerability affecting F-Secure SAFE browser was discovered.

4.3
2022-05-11 CVE-2022-0027 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Cortex Xsoar

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables authenticated users in non-Read-Only groups to generate an email report that contains summary information about all incidents in the Cortex XSOAR instance, including incidents to which the user does not have access.

4.3
2022-05-11 CVE-2022-1124 Gitlab Incorrect Authorization vulnerability in Gitlab

An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled

4.3
2022-05-11 CVE-2022-1428 Gitlab Allocation of Resources Without Limits or Throttling vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1.

4.3
2022-05-11 CVE-2022-1545 Gitlab Unspecified vulnerability in Gitlab

It was possible to disclose details of confidential notes created via the API in Gitlab CE/EE affecting all versions from 13.2 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1 if an unauthorised project member was tagged in the note.

4.3
2022-05-11 CVE-2022-29613 SAP Unspecified vulnerability in SAP Employee Self Service 605

Due to insufficient input validation, SAP Employee Self Service allows an authenticated attacker with user privileges to alter employee number.

4.3
2022-05-10 CVE-2022-1417 Gitlab Incorrect Authorization vulnerability in Gitlab

Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs

4.3
2022-05-10 CVE-2022-24466 Microsoft Unspecified vulnerability in Microsoft products

Windows Hyper-V Security Feature Bypass Vulnerability

4.1
2022-05-11 CVE-2021-26400 AMD Unspecified vulnerability in AMD CPU

AMD processors may speculatively re-order load instructions which can result in stale data being observed when multiple processors are operating on shared memory, resulting in potential data leakage.

4.0

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-05-11 CVE-2022-1426 Gitlab Improper Authentication vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1.

3.7
2022-05-11 CVE-2022-28252 Adobe Out-of-bounds Read vulnerability in Adobe products

Acrobat Reader DC version 22.001.2011x (and earlier), 20.005.3033x (and earlier) and 17.012.3022x (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

3.3
2022-05-11 CVE-2021-26342 AMD Unspecified vulnerability in AMD products

In SEV guest VMs, the CPU may fail to flush the Translation Lookaside Buffer (TLB) following a particular sequence of operations that includes creation of a new virtual machine control block (VMCB).

3.3
2022-05-09 CVE-2022-28162 Broadcom Cleartext Storage of Sensitive Information vulnerability in Broadcom Sannav 2.1.0/2.1.1/2.1.1.8

Brocade SANnav before version SANnav 2.2.0 logs the REST API Authentication token in plain text.

3.3
2022-05-12 CVE-2022-0005 Intel Cleartext Transmission of Sensitive Information vulnerability in Intel products

Sensitive information accessible by physical probing of JTAG interface for some Intel(R) Processors with SGX may allow an unprivileged user to potentially enable information disclosure via physical access.

2.4