Weekly Vulnerabilities Reports > May 23 to 29, 2022

Overview

363 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 59 high severity vulnerabilities. This weekly summary report vulnerabilities in 315 products from 160 vendors including Apple, Chshcms, Cisco, Dell, and Openautomationsoftware. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Out-of-bounds Write", "Classic Buffer Overflow", and "Out-of-bounds Read".

  • 321 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 149 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 265 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 73 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 30 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

37 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-05-26 CVE-2022-30493 Automotive Shop Management System Project SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0

In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).

10.0
2022-05-26 CVE-2022-24422 Dell Improper Authentication vulnerability in Dell Idrac9

Dell iDRAC9 versions 5.00.00.00 and later but prior to 5.10.10.00, contain an improper authentication vulnerability.

10.0
2022-05-23 CVE-2021-32935 Cognex Deserialization of Untrusted Data vulnerability in Cognex In-Sight OPC Server

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a remote attacker access to system level permission commands and local privilege escalation.

10.0
2022-05-23 CVE-2021-32941 Annke Out-of-bounds Write vulnerability in Annke N48Pbb Firmware 3.4.106

Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow, which allows an unauthorized remote attacker to execute arbitrary code with the same privileges as the server user (root).

10.0
2022-05-26 CVE-2022-26739 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2022-05-26 CVE-2022-26740 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2022-05-26 CVE-2022-26741 Apple Classic Buffer Overflow vulnerability in Apple Macos

A buffer overflow issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-26742 Apple Classic Buffer Overflow vulnerability in Apple Macos

A buffer overflow issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-26744 Apple Out-of-bounds Write vulnerability in Apple Iphone OS

A memory corruption issue was addressed with improved state management.

9.3
2022-05-26 CVE-2022-26749 Apple Classic Buffer Overflow vulnerability in Apple Macos

A buffer overflow issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-26750 Apple Classic Buffer Overflow vulnerability in Apple Macos

A buffer overflow issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-26752 Apple Classic Buffer Overflow vulnerability in Apple Macos

A buffer overflow issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-26753 Apple Classic Buffer Overflow vulnerability in Apple Macos

A buffer overflow issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-26754 Apple Classic Buffer Overflow vulnerability in Apple Macos

A buffer overflow issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-26756 Apple Out-of-bounds Write vulnerability in Apple mac OS X

An out-of-bounds write issue was addressed with improved input validation.

9.3
2022-05-26 CVE-2022-26757 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

9.3
2022-05-26 CVE-2022-26761 Apple Out-of-bounds Write vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-26763 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

An out-of-bounds access issue was addressed with improved bounds checking.

9.3
2022-05-26 CVE-2022-26768 Apple Out-of-bounds Write vulnerability in Apple Macos and Watchos

A memory corruption issue was addressed with improved state management.

9.3
2022-05-26 CVE-2022-26769 Apple Out-of-bounds Write vulnerability in Apple mac OS X and Macos

A memory corruption issue was addressed with improved input validation.

9.3
2022-05-26 CVE-2022-26770 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read issue was addressed with improved input validation.

9.3
2022-05-26 CVE-2022-26771 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved state management.

9.3
2022-05-26 CVE-2022-26772 Apple Out-of-bounds Write vulnerability in Apple Macos

A memory corruption issue was addressed with improved state management.

9.3
2022-05-26 CVE-2022-26702 Apple Use After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

9.3
2022-05-26 CVE-2022-26714 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved validation.

9.3
2022-05-26 CVE-2022-26715 Apple Out-of-bounds Write vulnerability in Apple mac OS X

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2022-05-26 CVE-2022-26720 Apple Out-of-bounds Write vulnerability in Apple mac OS X

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2022-05-26 CVE-2022-26721 Apple Improper Initialization vulnerability in Apple mac OS X

A memory initialization issue was addressed.

9.3
2022-05-26 CVE-2022-26722 Apple Improper Initialization vulnerability in Apple mac OS X

A memory initialization issue was addressed.

9.3
2022-05-26 CVE-2022-26736 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2022-05-26 CVE-2022-26737 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2022-05-26 CVE-2022-26738 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2022-05-26 CVE-2022-22672 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved memory handling.

9.3
2022-05-26 CVE-2022-22675 Apple Out-of-bounds Write vulnerability in Apple products

An out-of-bounds write issue was addressed with improved bounds checking.

9.3
2022-05-27 CVE-2022-20797 Cisco OS Command Injection vulnerability in Cisco Secure Network Analytics 2.1.1

A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Cisco Stealthwatch Enterprise, could allow an authenticated, remote attacker to execute arbitrary commands as an administrator on the underlying operating system.

9.0
2022-05-26 CVE-2022-30584 RSA Incorrect Authorization vulnerability in RSA Archer 6.10.0.0/6.10.0.1

Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS functionality that could potentially be exploited by malicious users to compromise the affected system.

9.0
2022-05-26 CVE-2022-1261 Honeywell Unspecified vulnerability in Honeywell Matrikon OPC Server

Matrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.

9.0

59 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-05-23 CVE-2022-1467 Aveva Exposure of Resource to Wrong Sphere vulnerability in Aveva products

Windows OS can be configured to overlay a “language bar” on top of any application.

8.5
2022-05-24 CVE-2014-125001 Cardosystems Improper Privilege Management vulnerability in Cardosystems Scala Rider Q3 Firmware

A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3.

8.3
2022-05-26 CVE-2022-26701 Apple Race Condition vulnerability in Apple products

A race condition was addressed with improved locking.

7.6
2022-05-24 CVE-2021-4229 UA Parser JS Project Inclusion of Functionality from Untrusted Control Sphere vulnerability in Ua-Parser-Js Project Ua-Parser-Js 0.7.29/0.8.0/1.0.0

A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0.

7.6
2022-05-29 CVE-2022-1927 VIM
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

7.5
2022-05-26 CVE-2022-26775 Apple Integer Overflow or Wraparound vulnerability in Apple mac OS X and Macos

An integer overflow was addressed with improved input validation.

7.5
2022-05-26 CVE-2022-26776 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved checks.

7.5
2022-05-26 CVE-2022-29632 Roncoo Unrestricted Upload of File with Dangerous Type vulnerability in Roncoo Roncoo-Education 9.0.0

An arbitrary file upload vulnerability in the component /course/api/upload/pic of Roncoo Education v9.0.0 allows attackers to execute arbitrary code via a crafted file.

7.5
2022-05-26 CVE-2022-29633 Linglong Project Incorrect Authorization vulnerability in Linglong Project Linglong 1.0

An access control issue in Linglong v1.0 allows attackers to access the background of the application via a crafted cookie.

7.5
2022-05-26 CVE-2022-26708 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved checks.

7.5
2022-05-26 CVE-2022-26711 Apple Integer Overflow or Wraparound vulnerability in Apple products

An integer overflow issue was addressed with improved input validation.

7.5
2022-05-26 CVE-2022-26723 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Macos

A memory corruption issue was addressed with improved input validation.

7.5
2022-05-26 CVE-2022-30495 Automotive Shop Management System Project Authorization Bypass Through User-Controlled Key vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)

7.5
2022-05-26 CVE-2022-30516 Hospital Management System Project SQL Injection vulnerability in Hospital Management System Project Hospital Management System 1.0

In Hospital-Management-System v1.0, the editid parameter in the doctor.php page is vulnerable to SQL injection attacks.

7.5
2022-05-26 CVE-2022-30472 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)

Tenda AC Seris Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function fromAddressNat

7.5
2022-05-26 CVE-2022-30474 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a heap overflow in the httpd module when handling /goform/saveParentControlInfo request.

7.5
2022-05-26 CVE-2022-30476 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetFirewallCfg request.

7.5
2022-05-26 CVE-2022-30477 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/SetClientState request.

7.5
2022-05-26 CVE-2022-30500 Jflyfox SQL Injection vulnerability in Jflyfox Jfinal CMS 5.1.0

Jfinal cms 5.1.0 is vulnerable to SQL Injection.

7.5
2022-05-26 CVE-2022-1664 Debian Path Traversal vulnerability in Debian Linux and Dpkg

Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability.

7.5
2022-05-26 CVE-2022-29660 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/pic/del.

7.5
2022-05-25 CVE-2022-26082 Openautomationsoftware Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112.

7.5
2022-05-25 CVE-2022-26833 Openautomationsoftware Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112

An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121.

7.5
2022-05-25 CVE-2022-23775 Truestack Incorrect Authorization vulnerability in Truestack Direct Connect

TrueStack Direct Connect 1.4.7 has Incorrect Access Control.

7.5
2022-05-25 CVE-2022-29379 F5 Out-of-bounds Write vulnerability in F5 NJS 0.7.3

** DISPUTED ** Nginx NJS v0.7.3 was discovered to contain a stack overflow in the function njs_default_module_loader at /src/njs/src/njs_module.c.

7.5
2022-05-25 CVE-2022-29650 Online Food Ordering System Project SQL Injection vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0

Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php.

7.5
2022-05-25 CVE-2022-26945 Hashicorp Command Injection vulnerability in Hashicorp Go-Getter 2.0.2

HashiCorp go-getter before 2.0.2 allows Command Injection.

7.5
2022-05-25 CVE-2022-28862 Archibus SQL Injection vulnerability in Archibus web Central 21.3.3.815

In Archibus Web Central before 26.2, multiple SQL Injection vulnerabilities occur in dwr/call/plaincall/workflow.runWorkflowRule.dwr.

7.5
2022-05-25 CVE-2022-30321 Hashicorp Unspecified vulnerability in Hashicorp Go-Getter 2.0.0/2.0.1/2.0.2

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3).

7.5
2022-05-25 CVE-2022-30322 Hashicorp Unspecified vulnerability in Hashicorp Go-Getter 2.0.0/2.0.1/2.0.2

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3).

7.5
2022-05-25 CVE-2022-30323 Hashicorp Unspecified vulnerability in Hashicorp Go-Getter 2.0.0/2.0.1/2.0.2

HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3).

7.5
2022-05-25 CVE-2022-30595 Python Out-of-bounds Write vulnerability in Python Pillow 9.1.0

libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files.

7.5
2022-05-25 CVE-2022-29361 Palletsprojects HTTP Request Smuggling vulnerability in Palletsprojects Werkzeug

** DISPUTED ** Improper parsing of HTTP requests in Pallets Werkzeug v2.1.0 and below allows attackers to perform HTTP Request Smuggling using a crafted HTTP request with multiple requests included inside the body.

7.5
2022-05-24 CVE-2022-29334 H Project Improper Authentication vulnerability in H Project H 1.0

An issue in H v1.0 allows attackers to bypass authentication via a session replay attack.

7.5
2022-05-24 CVE-2022-29337 Cdatatec Command Injection vulnerability in Cdatatec Fd702Xw-X-R430 Firmware 2.1.13X001

C-DATA FD702XW-X-R430 v2.1.13_X001 was discovered to contain a command injection vulnerability via the va_cmd parameter in formlanipv6.

7.5
2022-05-24 CVE-2013-10003 Telecomsoftware SQL Injection vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center

A vulnerability classified as critical has been found in Telecommunication Software SAMwin Contact Center Suite 5.1.

7.5
2022-05-24 CVE-2021-45914 Luxsoft Improper Authentication vulnerability in Luxsoft Luxcal

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a POST request.

7.5
2022-05-24 CVE-2021-45915 Luxsoft Improper Authentication vulnerability in Luxsoft Luxcal

In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value.

7.5
2022-05-24 CVE-2022-29223 Microsoft Classic Buffer Overflow vulnerability in Microsoft Azure Rtos Usbx

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack.

7.5
2022-05-24 CVE-2022-29246 Microsoft Classic Buffer Overflow vulnerability in Microsoft Azure Rtos Usbx

Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack.

7.5
2022-05-24 CVE-2022-30838 Covid 19 Travel Pass Management System Project SQL Injection vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to SQL Injection via /ctpms/classes/Master.php?f=update_application_status

7.5
2022-05-24 CVE-2022-30461 Water Billing System Project SQL Injection vulnerability in Water Billing System Project Water Billing System 1.0

Water-billing-management-system v1.0 is vulnerable to SQL Injection via /wbms/classes/Master.php?f=delete_client, id

7.5
2022-05-24 CVE-2021-42654 Sscms Unrestricted Upload of File with Dangerous Type vulnerability in Sscms Siteserver CMS

SiteServer CMS < V5.1 is affected by an unrestricted upload of a file with dangerous type (getshell), which could be used to execute arbitrary code.

7.5
2022-05-24 CVE-2022-30454 Merchandise Online Store Project SQL Injection vulnerability in Merchandise Online Store Project Merchandise Online Store 1.0

Merchandise Online Store 1.0 is vulnerable to SQL Injection via /vloggers_merch/classes/Master.php?f=delete_product.

7.5
2022-05-24 CVE-2022-30455 Badminton Center Management System Project SQL Injection vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System 1.0 is vulnerable to SQL Injection via /bcms/classes/Master.php?f=delete_court_rental, id.

7.5
2022-05-23 CVE-2022-28932 Dlink Incorrect Default Permissions vulnerability in Dlink Dsl-G2452Dg Firmware

D-Link DSL-G2452DG HW:T1\\tFW:ME_2.00 was discovered to contain insecure permissions.

7.5
2022-05-23 CVE-2022-29599 Apache Command Injection vulnerability in Apache Maven Shared Utils

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

7.5
2022-05-23 CVE-2022-0781 Nirweb SQL Injection vulnerability in Nirweb Support

The Nirweb support WordPress plugin before 2.8.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action (available to unauthenticated users), leading to an SQL injection

7.5
2022-05-23 CVE-2022-1014 WP Contacts Manager Project SQL Injection vulnerability in WP Contacts Manager Project WP Contacts Manager

The WP Contacts Manager WordPress plugin through 2.2.4 fails to properly sanitize user supplied POST data before it is being interpolated in an SQL statement and then executed, leading to an SQL injection vulnerability.

7.5
2022-05-27 CVE-2022-30700 Trendmicro Incorrect Permission Assignment for Critical Resource vulnerability in Trendmicro Apex ONE 2019

An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to load a DLL with escalated privileges on affected installations.

7.2
2022-05-27 CVE-2022-30701 Trendmicro Uncontrolled Search Path Element vulnerability in Trendmicro Apex ONE 2019

An uncontrolled search path element vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to craft a special configuration file to load an untrusted library with escalated privileges on affected installations.

7.2
2022-05-26 CVE-2022-26691 Apple
Debian
Fedoraproject
Openprinting
Improper Privilege Management vulnerability in multiple products

A logic issue was addressed with improved state management.

7.2
2022-05-26 CVE-2022-1882 Linux Use After Free vulnerability in Linux Kernel

A use-after-free flaw was found in the Linux kernel’s pipes functionality in how a user performs manipulations with the pipe post_one_notification() after free_pipe_info() that is already called.

7.2
2022-05-26 CVE-2022-24417 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

7.2
2022-05-26 CVE-2022-24418 Dell Improper Input Validation vulnerability in Dell products

Dell BIOS contains an improper input validation vulnerability.

7.2
2022-05-26 CVE-2022-26865 Dell Improper Authentication vulnerability in Dell Supportassist OS Recovery 5.5.1

Dell Support Assist OS Recovery versions before 5.5.2 contain an Authentication Bypass vulnerability.

7.2
2022-05-26 CVE-2022-30785 Tuxera Unspecified vulnerability in Tuxera Ntfs-3G

A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

7.2
2022-05-25 CVE-2022-29402 TP Link Missing Authentication for Critical Function vulnerability in Tp-Link Tl-Wr840N Firmware

TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console.

7.2
2022-05-24 CVE-2022-26532 Zyxel OS Command Injection vulnerability in Zyxel products

A argument injection vulnerability in the 'packet-trace' CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to execute arbitrary OS commands by including crafted arguments to the CLI command.

7.2

219 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-05-27 CVE-2022-28394 Trendmicro Uncontrolled Search Path Element vulnerability in Trendmicro Password Manager

EOL Product CVE - Installer of Trend Micro Password Manager (Consumer) versions 3.7.0.1223 and below provided by Trend Micro Incorporated contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).

6.9
2022-05-26 CVE-2022-26743 Apple Out-of-bounds Write vulnerability in Apple Macos

An out-of-bounds write issue was addressed with improved bounds checking.

6.9
2022-05-27 CVE-2022-1897 VIM
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

6.8
2022-05-27 CVE-2022-1898 VIM
Fedoraproject
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 8.2.

6.8
2022-05-26 CVE-2022-26747 Apple Unspecified vulnerability in Apple Xcode

This issue was addressed with improved checks.

6.8
2022-05-26 CVE-2022-26748 Apple Out-of-bounds Write vulnerability in Apple mac OS X

An out-of-bounds write issue was addressed with improved input validation.

6.8
2022-05-26 CVE-2022-26751 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved input validation.

6.8
2022-05-26 CVE-2022-29637 Iminho Unrestricted Upload of File with Dangerous Type vulnerability in Iminho Mindoc 2.1

An arbitrary file upload vulnerability in Mindoc v2.1-beta.5 allows attackers to execute arbitrary commands via a crafted Zip file.

6.8
2022-05-26 CVE-2022-26704 Apple Link Following vulnerability in Apple Macos

A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks.

6.8
2022-05-26 CVE-2022-26718 Apple Out-of-bounds Read vulnerability in Apple Macos

An out-of-bounds read issue was addressed with improved input validation.

6.8
2022-05-26 CVE-2022-31265 Wargaming Authentication Bypass by Capture-replay vulnerability in Wargaming World of Warships 0.11.4

The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source.

6.8
2022-05-26 CVE-2022-21831 Rubyonrails Code Injection vulnerability in Rubyonrails Active Storage

A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments.

6.8
2022-05-26 CVE-2022-1886 VIM Out-of-bounds Write vulnerability in VIM

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

6.8
2022-05-26 CVE-2021-34360 Qnap Cross-Site Request Forgery (CSRF) vulnerability in Qnap NAS Proxy Server

A cross-site request forgery (CSRF) vulnerability has been reported to affect QNAP device running Proxy Server.

6.8
2022-05-25 CVE-2022-27305 Gibbonedu Session Fixation vulnerability in Gibbonedu Gibbon

Gibbon v23 does not generate a new session ID cookie after a user authenticates, making the application vulnerable to session fixation.

6.8
2022-05-25 CVE-2022-1851 VIM
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

6.8
2022-05-24 CVE-2022-29333 Cyberlink Improper Privilege Management vulnerability in Cyberlink Powerdirector 14.0

A vulnerability in CyberLink Power Director v14 allows attackers to escalate privileges via a crafted .exe file.

6.8
2022-05-24 CVE-2021-42612 Halibut Project Use After Free vulnerability in Halibut Project Halibut 1.2

A use after free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document.

6.8
2022-05-24 CVE-2021-42613 Halibut Project Double Free vulnerability in Halibut Project Halibut 1.2

A double free in cleanup_index in index.c in Halibut 1.2 allows an attacker to cause a denial of service or possibly have other unspecified impact via a crafted text document.

6.8
2022-05-24 CVE-2021-42614 Halibut Project Use After Free vulnerability in Halibut Project Halibut 1.2

A use after free in info_width_internal in bk_info.c in Halibut 1.2 allows an attacker to cause a segmentation fault or possibly have unspecified other impact via a crafted text document.

6.8
2022-05-24 CVE-2021-32965 Deltaww Type Confusion vulnerability in Deltaww Diascreen

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to type confusion, which may allow an attacker to remotely execute arbitrary code.

6.8
2022-05-24 CVE-2021-32969 Deltaww Out-of-bounds Write vulnerability in Deltaww Diascreen

Delta Electronics DIAScreen versions prior to 1.1.0 are vulnerable to an out-of-bounds write condition, which may result in a system crash or allow an attacker to remotely execute arbitrary code.

6.8
2022-05-24 CVE-2022-29305 Imgurl Project SQL Injection vulnerability in Imgurl Project Imgurl 2.31

imgurl v2.31 was discovered to contain a Blind SQL injection vulnerability via /upload/localhost.

6.8
2022-05-23 CVE-2022-29002 Xuxueli Cross-Site Request Forgery (CSRF) vulnerability in Xuxueli Xxl-Job 2.3.0

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.

6.8
2022-05-23 CVE-2022-28944 Emcosoftware Download of Code Without Integrity Check vulnerability in Emcosoftware products

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check.

6.8
2022-05-23 CVE-2022-30014 Simple Food Website Project Cross-Site Request Forgery (CSRF) vulnerability in Simple Food Website Project Simple Food Website 1.0

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater account.

6.8
2022-05-23 CVE-2021-42585 GNU Out-of-bounds Write vulnerability in GNU Libredwg

A heap buffer overflow was discovered in copy_compressed_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

6.8
2022-05-23 CVE-2021-42586 GNU Out-of-bounds Write vulnerability in GNU Libredwg

A heap buffer overflow was discovered in copy_bytes in decode_r2007.c in dwgread before 0.12.4 via a crafted dwg file.

6.8
2022-05-27 CVE-2022-30687 Trendmicro Link Following vulnerability in Trendmicro Maximum Security 2022 17.7

Trend Micro Maximum Security 2022 is vulnerable to a link following vulnerability that could allow a low privileged local user to manipulate the product's secure erase feature to delete arbitrary files.

6.6
2022-05-26 CVE-2022-21827 Citrix Improper Privilege Management vulnerability in Citrix Gateway Plug-In 12.158/12.158.15/13.061.48

An improper privilege vulnerability has been discovered in Citrix Gateway Plug-in for Windows (Citrix Secure Access for Windows) <21.9.1.2 what could allow an attacker who has gained local access to a computer with Citrix Gateway Plug-in installed, to corrupt or delete files as SYSTEM.

6.6
2022-05-25 CVE-2021-44719 Docker Files or Directories Accessible to External Parties vulnerability in Docker Desktop

Docker Desktop 4.3.0 has Incorrect Access Control.

6.6
2022-05-26 CVE-2022-26857 Dell Incorrect Authorization vulnerability in Dell Openmanage Enterprise 3.5/3.6.1

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization vulnerability.

6.5
2022-05-26 CVE-2022-29661 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/save.

6.5
2022-05-26 CVE-2022-29662 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/news/save.

6.5
2022-05-26 CVE-2022-29663 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/hy.

6.5
2022-05-26 CVE-2022-29664 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/pl_save.

6.5
2022-05-26 CVE-2022-29665 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/topic/save.

6.5
2022-05-26 CVE-2022-29666 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.

6.5
2022-05-26 CVE-2022-29667 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via /admin.php/pic/admin/pic/hy.

6.5
2022-05-26 CVE-2022-29669 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/news/admin/lists/zhuan.

6.5
2022-05-26 CVE-2022-29670 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/type/del.

6.5
2022-05-26 CVE-2022-29676 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a SQL injection vulnerability via the id parameter at /admin.php/pic/admin/lists/zhuan.

6.5
2022-05-26 CVE-2022-29680 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/zu_del.

6.5
2022-05-26 CVE-2022-29681 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Links/del.

6.5
2022-05-26 CVE-2022-29682 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/vod/admin/topic/del.

6.5
2022-05-26 CVE-2022-29683 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/page_del.

6.5
2022-05-26 CVE-2022-29684 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/Label/js_del.

6.5
2022-05-26 CVE-2022-29685 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/User/level_sort.

6.5
2022-05-26 CVE-2022-29686 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/lists/zhuan.

6.5
2022-05-26 CVE-2022-29687 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/user/level_del.

6.5
2022-05-26 CVE-2022-29688 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/hy.

6.5
2022-05-26 CVE-2022-29689 Chshcms SQL Injection vulnerability in Chshcms Cscms Music Portal System 4.2

CSCMS Music Portal System v4.2 was discovered to contain a blind SQL injection vulnerability via the id parameter at /admin.php/singer/admin/singer/del.

6.5
2022-05-26 CVE-2021-40317 Piwigo SQL Injection vulnerability in Piwigo 11.5.0

Piwigo 11.5.0 is affected by a SQL injection vulnerability via admin.php and the id parameter.

6.5
2022-05-25 CVE-2022-22127 Tableau Unspecified vulnerability in Tableau Server

Tableau is aware of a broken access control vulnerability present in Tableau Server affecting Tableau Server customers using Local Identity Store for managing users.

6.5
2022-05-25 CVE-2022-29651 Online Food Ordering System Project Unrestricted Upload of File with Dangerous Type vulnerability in Online Food Ordering System Project Online Food Ordering System 1.0

An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file.

6.5
2022-05-25 CVE-2022-1883 Camptocamp SQL Injection vulnerability in Camptocamp Terraboard

SQL Injection in GitHub repository camptocamp/terraboard prior to 2.2.0.

6.5
2022-05-24 CVE-2022-23050 Zohocorp Unrestricted Upload of File with Dangerous Type vulnerability in Zohocorp Manageengine Applications Manager

ManageEngine AppManager15 (Build No:15510) allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality.

6.5
2022-05-24 CVE-2022-22495 IBM SQL Injection vulnerability in IBM I 7.3/7.4/7.5

IBM i 7.3, 7.4, and 7.5 is vulnerable to SQL injection.

6.5
2022-05-24 CVE-2022-29221 Smarty
Debian
Code Injection vulnerability in multiple products

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.

6.5
2022-05-24 CVE-2022-30843 Room Rent Portal Site Project SQL Injection vulnerability in Room Rent Portal Site Project Room Rent Portal Site 1.0

Room-rent-portal-site v1.0 is vulnerable to SQL Injection via /rrps/classes/Master.php?f=delete_category, id.

6.5
2022-05-24 CVE-2022-30459 Chatbot APP With Suggestion IN PHP OOP Project SQL Injection vulnerability in Chatbot APP With Suggestion in PHP/Oop Project Chatbot APP With Suggestion in PHP/Oop 1.0

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to SQL Injection via /simple_chat_bot/classes/Master.php?f=delete_response, id.

6.5
2022-05-24 CVE-2022-30463 Automotive Shop Management System Project SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0

Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.

6.5
2022-05-24 CVE-2021-42655 Sscms SQL Injection vulnerability in Sscms Siteserver CMS 6.15.51

SiteServer CMS V6.15.51 is affected by a SQL injection vulnerability.

6.5
2022-05-24 CVE-2022-1837 Home Clean Services Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0

A vulnerability was found in Home Clean Services Management System 1.0.

6.5
2022-05-24 CVE-2022-1838 Home Clean Services Management System Project SQL Injection vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0.

6.5
2022-05-24 CVE-2022-1839 Home Clean Services Management System Project SQL Injection vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0

A vulnerability classified as critical was found in Home Clean Services Management System 1.0.

6.5
2022-05-23 CVE-2022-28999 Bloodshed Incorrect Default Permissions vulnerability in Bloodshed Dev-C++ 4.9.9.2

Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe.

6.5
2022-05-23 CVE-2022-29376 Apachefriends Incorrect Default Permissions vulnerability in Apachefriends Xampp

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute arbitrary code via overwriting binaries located in the directory.

6.5
2022-05-23 CVE-2022-30016 Rescue Dispatch Management System Project Incorrect Authorization vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.

6.5
2022-05-26 CVE-2022-26693 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved checks.

6.4
2022-05-26 CVE-2022-26694 Apple Unspecified vulnerability in Apple Macos

This issue was addressed with improved checks.

6.4
2022-05-26 CVE-2022-1899 Radare Out-of-bounds Read vulnerability in Radare Radare2

Out-of-bounds Read in GitHub repository radareorg/radare2 prior to 5.7.0.

6.4
2022-05-26 CVE-2022-20821 Cisco Information Exposure vulnerability in Cisco IOS XR

A vulnerability in the health check RPM of Cisco IOS XR Software could allow an unauthenticated, remote attacker to access the Redis instance that is running within the NOSi container.

6.4
2022-05-25 CVE-2021-27779 Hcltech Missing Encryption of Sensitive Data vulnerability in Hcltech Versionvault Express 2.0.1

VersionVault Express exposes sensitive information that an attacker can use to impersonate the server or eavesdrop on communications with the server.

6.4
2022-05-24 CVE-2020-4926 IBM Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol.

6.4
2022-05-24 CVE-2013-10002 Telecomsoftware Use of Hard-coded Credentials vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center

A vulnerability was found in Telecommunication Software SAMwin Contact Center Suite 5.1.

6.4
2022-05-24 CVE-2021-42659 Tenda Classic Buffer Overflow vulnerability in Tenda AC9 Firmware 15.03.05.19(6318)/15.03.06.42Multi

There is a buffer overflow vulnerability in the Web server httpd of the router in Tenda router devices such as Tenda AC9 V1.0 V15.03.02.19(6318) and Tenda AC9 V3.0 V15.03.06.42_multi.

6.1
2022-05-27 CVE-2022-1907 Libmobi Project Out-of-bounds Read vulnerability in Libmobi Project Libmobi

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.

5.8
2022-05-27 CVE-2022-1908 Libmobi Project Out-of-bounds Read vulnerability in Libmobi Project Libmobi

Buffer Over-read in GitHub repository bfabiszewski/libmobi prior to 0.11.

5.8
2022-05-26 CVE-2022-26773 Apple Unspecified vulnerability in Apple Itunes

A logic issue was addressed with improved state management.

5.8
2022-05-26 CVE-2022-26697 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read issue was addressed with improved input validation.

5.8
2022-05-26 CVE-2022-26698 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read issue was addressed with improved bounds checking.

5.8
2022-05-25 CVE-2022-29248 Guzzlephp
Drupal
Information Exposure vulnerability in multiple products

Guzzle is a PHP HTTP client.

5.8
2022-05-27 CVE-2022-20806 Cisco Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.

5.5
2022-05-26 CVE-2022-30508 Dedecms Incorrect Permission Assignment for Critical Resource vulnerability in Dedecms 5.7.93

DedeCMS v5.7.93 was discovered to contain arbitrary file deletion vulnerability in upload.php via the delete parameter.

5.5
2022-05-26 CVE-2022-22576 Haxx Improper Authentication vulnerability in Haxx Curl

An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer.

5.5
2022-05-24 CVE-2022-1669 Circutor Stack-based Buffer Overflow vulnerability in Circutor Compact Dc-S Basic Firmware 1.2.17

A buffer overflow vulnerability has been detected in the firewall function of the device management web portal.

5.5
2022-05-24 CVE-2022-1849 Filegator Session Fixation vulnerability in Filegator

Session Fixation in GitHub repository filegator/filegator prior to 7.8.0.

5.5
2022-05-24 CVE-2022-1850 Filegator Path Traversal vulnerability in Filegator

Path Traversal in GitHub repository filegator/filegator prior to 7.8.0.

5.5
2022-05-24 CVE-2022-29237 Apereo Improper Authentication vulnerability in Apereo Opencast

Opencast is a free and open source solution for automated video capture and distribution at scale.

5.5
2022-05-23 CVE-2022-28998 Xlightftpd Out-of-bounds Write vulnerability in Xlightftpd Xlight FTP 3.9.3.2

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted code.

5.5
2022-05-27 CVE-2022-25878 Protobufjs Project Unspecified vulnerability in Protobufjs Project Protobufjs

The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the Object.prototype.

5.0
2022-05-27 CVE-2021-27780 Hcltech Unspecified vulnerability in Hcltech Bigfix Mobile and Modern Client Management

The software may be vulnerable to both Un-Auth XML interaction and unauthenticated device enrollment.

5.0
2022-05-26 CVE-2022-26725 Apple Unspecified vulnerability in Apple Macos

A logic issue was addressed with improved state management.

5.0
2022-05-26 CVE-2022-22673 Apple Unspecified vulnerability in Apple Iphone OS

This issue was addressed with improved checks.

5.0
2022-05-26 CVE-2021-33014 Kuka Use of Hard-coded Credentials vulnerability in Kuka KR C4 Firmware and KSS

An attacker can gain VxWorks Shell after login due to hard-coded credentials on a KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.

5.0
2022-05-26 CVE-2021-33016 Kuka Use of Hard-coded Credentials vulnerability in Kuka KR C4 Firmware and KSS

An attacker can gain full access (read/write/delete) to sensitive folders due to hard-coded credentials on KUKA KR C4 control software for versions prior to 8.7 or any product running KSS.

5.0
2022-05-26 CVE-2022-30473 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)

Tenda AC Series Router AC18_V15.03.05.19(6318) has a stack-based buffer overflow vulnerability in function form_fast_setting_wifi_set

5.0
2022-05-26 CVE-2022-30475 Tenda Out-of-bounds Write vulnerability in Tenda Ac18 Firmware 15.03.05.19(6318)

Tenda AC Series Router AC18_V15.03.05.19(6318) was discovered to contain a stack-based buffer overflow in the httpd module when handling /goform/WifiExtraSet request.

5.0
2022-05-26 CVE-2022-29720 74Cms Files or Directories Accessible to External Parties vulnerability in 74Cms 74Cmsse 3.5.1

74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component \index\controller\Download.php.

5.0
2022-05-26 CVE-2022-29721 74Cms SQL Injection vulnerability in 74Cms 74Cmsse 3.5.1

74cmsSE v3.5.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /home/jobfairol/resumelist.

5.0
2022-05-26 CVE-2021-42859 Mini XML Project Missing Release of Resource after Effective Lifetime vulnerability in Mini-Xml Project Mini-Xml 3.2

** DISPUTED ** A memory leak issue was discovered in Mini-XML v3.2 that could cause a denial of service.

5.0
2022-05-26 CVE-2021-42860 Mini XML Project Missing Release of Resource after Effective Lifetime vulnerability in Mini-Xml Project Mini-Xml 3.2

** DISPUTED ** A stack buffer overflow exists in Mini-XML v3.2.

5.0
2022-05-25 CVE-2022-31651 SOX Project Reachable Assertion vulnerability in SOX Project SOX 14.4.2

In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.

5.0
2022-05-25 CVE-2022-26026 Openautomationsoftware Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112

A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112.

5.0
2022-05-25 CVE-2022-26043 Openautomationsoftware Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112

An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112.

5.0
2022-05-25 CVE-2022-26067 Openautomationsoftware Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112

An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112.

5.0
2022-05-25 CVE-2022-26077 Openautomationsoftware Cleartext Transmission of Sensitive Information vulnerability in Openautomationsoftware OAS Platform 16.00.0112

A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112.

5.0
2022-05-25 CVE-2022-26303 Openautomationsoftware Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112

An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112.

5.0
2022-05-25 CVE-2022-27169 Openautomationsoftware Missing Authentication for Critical Function vulnerability in Openautomationsoftware OAS Platform 16.00.0112

An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112.

5.0
2022-05-25 CVE-2022-30427 Ginadmin Project Path Traversal vulnerability in Ginadmin Project Ginadmin

In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal.

5.0
2022-05-25 CVE-2022-30428 Ginadmin Project Files or Directories Accessible to External Parties vulnerability in Ginadmin Project Ginadmin

In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading.

5.0
2022-05-25 CVE-2022-1678 Linux Unspecified vulnerability in Linux Kernel

An issue was discovered in the Linux Kernel from 4.18 to 4.19, an improper update of sock reference in TCP pacing can lead to memory/netns leak, which can be used by remote clients.

5.0
2022-05-25 CVE-2021-32997 Bakerhughes Use of Password Hash With Insufficient Computational Effort vulnerability in Bakerhughes products

The affected Baker Hughes Bentley Nevada products (3500 System 1 6.x, Part No.

5.0
2022-05-25 CVE-2022-1815 Diagrams Server-Side Request Forgery (SSRF) vulnerability in Diagrams Drawio

Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository jgraph/drawio prior to 18.1.2.

5.0
2022-05-24 CVE-2022-22497 IBM Unspecified vulnerability in IBM Aspera Faspex 4.4.1/5.0.0

IBM Aspera Faspex 4.4.1 and 5.0.0 could allow unauthorized access due to an incorrectly computed security token.

5.0
2022-05-24 CVE-2021-3629 Redhat Resource Exhaustion vulnerability in Redhat products

A flaw was found in Undertow.

5.0
2022-05-24 CVE-2021-32964 Aggsoft Relative Path Traversal vulnerability in Aggsoft Webserver

The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to a path traversal attack, which may allow an attacker to read arbitrary files from the file system.

5.0
2022-05-24 CVE-2013-10004 Telecomsoftware Improper Restriction of Excessive Authentication Attempts vulnerability in Telecomsoftware Samwin Agent and Samwin Contact Center

A vulnerability classified as critical was found in Telecommunication Software SAMwin Contact Center Suite 5.1.

5.0
2022-05-24 CVE-2021-4230 Airfield Online Project Improper Authentication vulnerability in Airfield Online Project Airfield Online

A vulnerability has been found in Airfield Online and classified as problematic.

5.0
2022-05-24 CVE-2022-29249 Javaez Project Reversible One-Way Hash vulnerability in Javaez Project Javaez 1.6

JavaEZ is a library that adds new functions to make Java easier.

5.0
2022-05-24 CVE-2021-42248 Gjson Project Unspecified vulnerability in Gjson Project Gjson

GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.

5.0
2022-05-24 CVE-2022-29217 Pyjwt Project
Fedoraproject
Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products

PyJWT is a Python implementation of RFC 7519.

5.0
2022-05-24 CVE-2022-29219 Chainsafe Integer Overflow or Wraparound vulnerability in Chainsafe Lodestar

Lodestar is a TypeScript implementation of the Ethereum Consensus specification.

5.0
2022-05-24 CVE-2022-29242 Gost Engine Project Classic Buffer Overflow vulnerability in Gost Engine Project Gost Engine

GOST engine is a reference implementation of the Russian GOST crypto algorithms for OpenSSL.

5.0
2022-05-24 CVE-2022-29567 Vaadin Information Exposure vulnerability in Vaadin

The default configuration of a TreeGrid component uses Object::toString as a key on the client-side and server communication in Vaadin 14.8.5 through 14.8.9, 22.0.6 through 22.0.14, 23.0.0.beta2 through 23.0.8 and 23.1.0.alpha1 through 23.1.0.alpha4, resulting in potential information disclosure of values that should not be available on the client-side.

5.0
2022-05-24 CVE-2022-31263 Joinmastodon Unspecified vulnerability in Joinmastodon Mastodon

app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.

5.0
2022-05-24 CVE-2022-29309 Mysiteforme Project Server-Side Request Forgery (SSRF) vulnerability in Mysiteforme Project Mysiteforme 2.2.1

mysiteforme v2.2.1 was discovered to contain a Server-Side Request Forgery.

5.0
2022-05-24 CVE-2022-29377 Totolink Out-of-bounds Write vulnerability in Totolink A3600R Firmware 4.1.2Cu.5182B20201102

Totolink A3600R V4.1.2cu.5182_B20201102 was discovered to contain a stacker overflow in the fread function at infostat.cgi.

5.0
2022-05-23 CVE-2022-31487 Inoutscripts SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger and Blockchain Fiatexchanger

Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.

5.0
2022-05-23 CVE-2022-31488 Inoutscripts SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger 1.2.1

Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.

5.0
2022-05-23 CVE-2022-31489 Inoutscripts SQL Injection vulnerability in Inoutscripts Blockchain Altexchanger 1.2.1

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.

5.0
2022-05-23 CVE-2022-28997 Cszcms Server-Side Request Forgery (SSRF) vulnerability in Cszcms 1.3.0

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via a local file inclusion at /admin/filemanager/connector/.

5.0
2022-05-23 CVE-2022-28874 F Secure
Withsecure
Out-of-bounds Write vulnerability in multiple products

Multiple Denial-of-Service vulnerabilities was discovered in the F-Secure Atlant and in certain WithSecure products while scanning fuzzed PE32-bit files cause memory corruption and heap buffer overflow which eventually can crash the scanning engine.

5.0
2022-05-26 CVE-2022-22674 Apple Out-of-bounds Read vulnerability in Apple mac OS X and Macos

An out-of-bounds read issue existed that led to the disclosure of kernel memory.

4.9
2022-05-26 CVE-2022-26688 Apple Link Following vulnerability in Apple mac OS X and Macos

An issue in the handling of symlinks was addressed with improved validation.

4.9
2022-05-26 CVE-2022-29082 Dell Improper Certificate Validation vulnerability in Dell EMC Networker

Dell EMC NetWorker versions 19.1.x, 19.1.0.x, 19.1.1.x, 19.2.x, 19.2.0.x, 19.2.1.x 19.3.x, 19.3.0.x, 19.4.x, 19.4.0.x, 19.5.x,19.5.0.x, 19.6 and 19.6.0.1 and 19.6.0.2 contain an Improper Validation of Certificate with Host Mismatch vulnerability in Rabbitmq port 5671 which could allow remote attackers to spoof certificates.

4.9
2022-05-26 CVE-2022-26774 Apple Improper Privilege Management vulnerability in Apple Itunes

A logic issue was addressed with improved state management.

4.6
2022-05-26 CVE-2022-30783 Tuxera Unchecked Return Value vulnerability in Tuxera Ntfs-3G

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.

4.6
2022-05-26 CVE-2022-30784 Tuxera Classic Buffer Overflow vulnerability in Tuxera Ntfs-3G

A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22.

4.6
2022-05-26 CVE-2022-30786 Tuxera Out-of-bounds Write vulnerability in Tuxera Ntfs-3G

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22.

4.6
2022-05-26 CVE-2022-30787 Tuxera Integer Underflow (Wrap or Wraparound) vulnerability in Tuxera Ntfs-3G

An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite.

4.6
2022-05-26 CVE-2022-30788 Tuxera Out-of-bounds Write vulnerability in Tuxera Ntfs-3G

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22.

4.6
2022-05-26 CVE-2022-30789 Tuxera Out-of-bounds Write vulnerability in Tuxera Ntfs-3G

A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22.

4.6
2022-05-25 CVE-2022-29256 Sharp Project Command Injection vulnerability in Sharp Project Sharp

sharp is an application for Node.js image processing.

4.6
2022-05-24 CVE-2021-3717 Redhat Files or Directories Accessible to External Parties vulnerability in Redhat products

A flaw was found in Wildfly.

4.6
2022-05-24 CVE-2022-22309 IBM Missing Authentication for Critical Function vulnerability in IBM Power System S922 Firmware

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY interface.

4.6
2022-05-24 CVE-2022-26531 Zyxel Improper Input Validation vulnerability in Zyxel products

Multiple improper input validation flaws were identified in some CLI commands of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, VPN series firmware versions 4.30 through 5.21, NSG series firmware versions 1.00 through 1.33 Patch 4, NXC2500 firmware version 6.10(AAIG.3) and earlier versions, NAP203 firmware version 6.25(ABFA.7) and earlier versions, NWA50AX firmware version 6.25(ABYW.5) and earlier versions, WAC500 firmware version 6.30(ABVS.2) and earlier versions, and WAX510D firmware version 6.30(ABTF.2) and earlier versions, that could allow a local authenticated attacker to cause a buffer overflow or a system crash via a crafted payload.

4.6
2022-05-23 CVE-2022-31466 Quickheal Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00

Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files.

4.4
2022-05-23 CVE-2022-31467 Quickheal Uncontrolled Search Path Element vulnerability in Quickheal Total Security 10.1.0.316/11.00/12.00

A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load.

4.4
2022-05-27 CVE-2022-20666 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-27 CVE-2022-20667 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-27 CVE-2022-20668 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-27 CVE-2022-20669 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-27 CVE-2022-20670 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-27 CVE-2022-20671 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-27 CVE-2022-20672 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-27 CVE-2022-20673 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-27 CVE-2022-20674 Cisco Cross-site Scripting vulnerability in Cisco Common Services Platform Collector

Multiple vulnerabilities in the web-based management interface of Cisco Common Services Platform Collector (CSPC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2022-05-26 CVE-2022-26745 Apple Out-of-bounds Write vulnerability in Apple Macos

A memory corruption issue was addressed with improved validation.

4.3
2022-05-26 CVE-2022-26746 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed by removing the vulnerable code.

4.3
2022-05-26 CVE-2022-26755 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed with improved environment sanitization.

4.3
2022-05-26 CVE-2022-26766 Apple Improper Certificate Validation vulnerability in Apple products

A certificate parsing issue was addressed with improved checks.

4.3
2022-05-26 CVE-2022-26767 Apple Incorrect Authorization vulnerability in Apple Macos

The issue was addressed with additional permissions checks.

4.3
2022-05-26 CVE-2022-31648 Talend Cross-site Scripting vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0

Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint.

4.3
2022-05-26 CVE-2022-26706 Apple Unspecified vulnerability in Apple products

An access issue was addressed with additional sandbox restrictions on third-party applications.

4.3
2022-05-26 CVE-2022-26712 Apple Unspecified vulnerability in Apple Macos

This issue was addressed by removing the vulnerable code.

4.3
2022-05-26 CVE-2022-26726 Apple Unspecified vulnerability in Apple mac OS X

This issue was addressed with improved checks.

4.3
2022-05-26 CVE-2022-26727 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved entitlements.

4.3
2022-05-26 CVE-2022-26728 Apple Unspecified vulnerability in Apple mac OS X and Macos

This issue was addressed with improved entitlements.

4.3
2022-05-26 CVE-2022-26731 Apple Unspecified vulnerability in Apple Iphone OS

A logic issue was addressed with improved state management.

4.3
2022-05-26 CVE-2022-22616 Apple Incorrect Authorization vulnerability in Apple mac OS X and Macos

This issue was addressed with improved checks.

4.3
2022-05-26 CVE-2022-22662 Apple Exposure of Resource to Wrong Sphere vulnerability in Apple mac OS X and Macos

A cookie management issue was addressed with improved state management.

4.3
2022-05-26 CVE-2022-22663 Apple Incorrect Authorization vulnerability in Apple products

This issue was addressed with improved checks to prevent unauthorized actions.

4.3
2022-05-26 CVE-2022-22676 Apple Improper Input Validation vulnerability in Apple Macos 12.0.0/12.0.1/12.1

An event handler validation issue in the XPC Services API was addressed by removing the service.

4.3
2022-05-26 CVE-2021-4232 ZOO Management System Project Cross-site Scripting vulnerability in ZOO Management System Project ZOO Management System 1.0

A vulnerability classified as problematic has been found in Zoo Management System 1.0.

4.3
2022-05-26 CVE-2022-22577 Rubyonrails Cross-site Scripting vulnerability in Rubyonrails Actionpack

An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses.

4.3
2022-05-26 CVE-2022-27777 Rubyonrails Cross-site Scripting vulnerability in Rubyonrails Actionpack

A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes.

4.3
2022-05-26 CVE-2022-29091 Dell Cross-site Scripting vulnerability in Dell products

Dell Unity, Dell UnityVSA, and Dell UnityXT versions prior to 5.2.0.0.5.173 contain a Reflected Cross-Site Scripting Vulnerability in Unisphere GUI.

4.3
2022-05-26 CVE-2021-42692 Tinytoml Project Out-of-bounds Write vulnerability in Tinytoml Project Tinytoml 0.4

There is a stack-overflow vulnerability in tinytoml v0.4 that can cause a crash or DoS.

4.3
2022-05-25 CVE-2022-31650 SOX Project Incorrect Comparison vulnerability in SOX Project SOX 14.4.2

In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.

4.3
2022-05-25 CVE-2022-29251 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin.

4.3
2022-05-25 CVE-2022-29252 Xwiki Cross-site Scripting vulnerability in Xwiki

XWiki Platform Wiki UI Main Wiki is a package for managing subwikis.

4.3
2022-05-25 CVE-2022-31620 IJG Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IJG Libjpeg

In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service.

4.3
2022-05-25 CVE-2022-28875 F Secure Improper Resource Shutdown or Release vulnerability in F-Secure products

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Atlant and in certain WithSecure products whereby the scanning the aemobile component can crash the scanning engine.

4.3
2022-05-25 CVE-2022-29408 Vsourz Cross-site Scripting vulnerability in Vsourz Advanced CF7 DB

Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital's Advanced Contact form 7 DB plugin <= 1.8.7 at WordPress.

4.3
2022-05-25 CVE-2021-32966 Philips Cleartext Transmission of Sensitive Information vulnerability in Philips Interoperability Solution XDS

Philips Interoperability Solution XDS versions 2.5 through 3.11 and 2018-1 through 2021-1 are vulnerable to clear text transmission of sensitive information when configured to use LDAP via TLS and where the domain controller returns LDAP referrals, which may allow an attacker to remotely read LDAP system credentials.

4.3
2022-05-25 CVE-2021-32989 Lcds Cross-site Scripting vulnerability in Lcds Laquis Scada

When a non-existent resource is requested, the LCDS LAquis SCADA application (version 4.3.1.1011 and prior) returns error messages which may allow reflected cross-site scripting.

4.3
2022-05-25 CVE-2021-44974 Radare NULL Pointer Dereference vulnerability in Radare Radare2

radareorg radare2 version 5.5.2 is vulnerable to NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser.

4.3
2022-05-25 CVE-2022-29349 Keking Cross-site Scripting vulnerability in Keking Kkfileview 4.0.0

kkFileView v4.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.

4.3
2022-05-25 CVE-2022-29358 Epub2Txt2 Project Integer Overflow or Wraparound vulnerability in Epub2Txt2 Project Epub2Txt2 2.04

epub2txt2 v2.04 was discovered to contain an integer overflow via the function bug in _parse_special_tag at sxmlc.c.

4.3
2022-05-25 CVE-2022-29359 School Club Application System Project Cross-site Scripting vulnerability in School Club Application System Project School Club Application System 1.0

A stored cross-site scripting (XSS) vulnerability in /scas/?page=clubs/application_form&id=7 of School Club Application System v0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter.

4.3
2022-05-25 CVE-2022-29710 Limesurvey Cross-site Scripting vulnerability in Limesurvey

A cross-site scripting (XSS) vulnerability in uploadConfirm.php of LimeSurvey v5.3.9 and below allows attackers to execute arbitrary web scripts or HTML via a crafted plugin.

4.3
2022-05-24 CVE-2021-32962 Aggsoft Cross-site Scripting vulnerability in Aggsoft Webserver

The AGG Software Web Server version 4.0.40.1014 and prior is vulnerable to cross-site scripting, which may allow an attacker to remotely execute arbitrary code.

4.3
2022-05-24 CVE-2021-44975 Radare Classic Buffer Overflow vulnerability in Radare Radare2 5.5.2

radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.

4.3
2022-05-24 CVE-2022-30839 Room Rent Portal Site Project Cross-site Scripting vulnerability in Room Rent Portal Site Project Room Rent Portal Site 1.0

Room-rent-portal-site v1.0 is vulnerable to Cross Site Scripting (XSS) via /rrps/classes/Master.php?f=save_category, vehicle_name.

4.3
2022-05-24 CVE-2022-31261 Morpheusdata XXE vulnerability in Morpheusdata Morpheus

An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4.

4.3
2022-05-24 CVE-2022-1848 Erudika Unspecified vulnerability in Erudika Para

Business Logic Errors in GitHub repository erudika/para prior to 1.45.11.

4.3
2022-05-24 CVE-2022-0734 Zyxel Cross-site Scripting vulnerability in Zyxel products

A cross-site scripting vulnerability was identified in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.35 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.35 through 5.20, and VPN series firmware versions 4.35 through 5.20, that could allow an attacker to obtain some information stored in the user's browser, such as cookies or session tokens, via a malicious script.

4.3
2022-05-23 CVE-2022-29004 E Diary Management System Project Cross-site Scripting vulnerability in E-Diary Management System Project E-Diary Management System 1.0

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.

4.3
2022-05-23 CVE-2022-29005 Online Birth Certificate System Project Cross-site Scripting vulnerability in Online Birth Certificate System Project Online Birth Certificate System 1.2

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fname or lname parameters.

4.3
2022-05-23 CVE-2022-0346 Xmlsitemapgenerator Cross-site Scripting vulnerability in Xmlsitemapgenerator XML Sitemap Generator

The XML Sitemap Generator for Google WordPress plugin before 2.0.4 does not validate a parameter which can be set to an arbitrary value, thus causing XSS via error message or RCE if allow_url_include is turned on.

4.3
2022-05-23 CVE-2022-1192 Turn OFF ALL Comments Project Cross-site Scripting vulnerability in Turn OFF ALL Comments Project Turn OFF ALL Comments

The Turn off all comments WordPress plugin through 1.0 does not sanitise and escape the rows parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting

4.3
2022-05-23 CVE-2022-1218 Duogeek Cross-site Scripting vulnerability in Duogeek Domain Replace

The Domain Replace WordPress plugin through 1.3.8 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

4.3
2022-05-23 CVE-2022-1221 Gwyn S Imagemap Selector Project Cross-site Scripting vulnerability in Gwyn'S Imagemap Selector Project Gwyn'S Imagemap Selector

The Gwyn's Imagemap Selector WordPress plugin through 0.3.3 does not sanitise and escape some parameters before outputting them back in attributes, leading to a Reflected Cross-Site Scripting.

4.3
2022-05-23 CVE-2022-1268 Donate Extra Project Cross-site Scripting vulnerability in Donate Extra Project Donate Extra 2.02

The Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site Scripting

4.3
2022-05-23 CVE-2022-1547 Wpchill Cross-site Scripting vulnerability in Wpchill Check & LOG Email

The Check & Log Email WordPress plugin before 1.0.6 does not sanitise and escape a parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

4.3
2022-05-27 CVE-2022-20807 Cisco Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.

4.0
2022-05-26 CVE-2022-30585 RSA Incorrect Authorization vulnerability in RSA Archer 6.10.0.0/6.10.0.1

The REST API in Archer Platform 6.x before 6.11 (6.11.0.0) contains an Authorization Bypass Vulnerability.

4.0
2022-05-26 CVE-2022-24414 Dell Information Exposure vulnerability in Dell Cloudlink

Dell EMC CloudLink 7.1.3 and all earlier versions, Auth Token is exposed in GET requests.

4.0
2022-05-25 CVE-2022-29253 Xwiki Path Traversal vulnerability in Xwiki

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.

4.0
2022-05-25 CVE-2021-27783 Hcltech Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Mobile and Bigfix Modern Client Management

User generated PPKG file for Bulk Enroll may have unencrypted sensitive information exposed.

4.0
2022-05-25 CVE-2022-1348 Logrotate Project
Fedoraproject
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

A vulnerability was found in logrotate in how the state file is created.

4.0
2022-05-25 CVE-2021-35487 Nokia SQL Injection vulnerability in Nokia Broadcast Message Center

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates (for the Manage Alerts page) via the extIdentifier HTTP POST parameter.

4.0
2022-05-25 CVE-2022-29405 Apache Incorrect Permission Assignment for Critical Resource vulnerability in Apache Archiva

In Apache Archiva, any registered user can reset password for any users.

4.0
2022-05-24 CVE-2022-0910 Zyxel Improper Authentication vulnerability in Zyxel products

A downgrade from two-factor authentication to one-factor authentication vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.32 through 4.71, USG FLEX series firmware versions 4.50 through 5.21, ATP series firmware versions 4.32 through 5.21, and VPN series firmware versions 4.32 through 5.21, that could allow an authenticated attacker to bypass the second authentication phase to connect the IPsec VPN server even though the two-factor authentication (2FA) was enabled.

4.0
2022-05-23 CVE-2021-41714 Tipask Download of Code Without Integrity Check vulnerability in Tipask

In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can download arbitrary files on the Tipask server such as .env, /etc/passwd, laravel.log, causing infomation leakage.

4.0
2022-05-23 CVE-2022-1810 Publify Project Incorrect Permission Assignment for Critical Resource vulnerability in Publify Project Publify

Improper Access Control in GitHub repository publify/publify prior to 9.2.9.

4.0
2022-05-23 CVE-2021-41834 Jfrog Incorrect Permission Assignment for Critical Resource vulnerability in Jfrog Artifactory

JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control, the copy functionality can be used by a low-privileged user to read and copy any artifact that exists in the Artifactory deployment due to improper permissions validation.

4.0

48 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-05-26 CVE-2021-28508 Arista Cleartext Transmission of Sensitive Information vulnerability in Arista EOS and Terminattr

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols.

3.6
2022-05-26 CVE-2021-28509 Arista Cleartext Transmission of Sensitive Information vulnerability in Arista EOS and Terminattr

This advisory documents the impact of an internally found vulnerability in Arista EOS state streaming telemetry agent TerminAttr and OpenConfig transport protocols.

3.6
2022-05-25 CVE-2022-21951 Suse Missing Encryption of Sensitive Data vulnerability in Suse Rancher

A Missing Encryption of Sensitive Data vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.

3.6
2022-05-24 CVE-2022-22977 Vmware XXE vulnerability in VMWare Tools

VMware Tools for Windows(12.0.0, 11.x.y and 10.x.y) contains an XML External Entity (XXE) vulnerability.

3.6
2022-05-29 CVE-2022-1928 Gitea Cross-site Scripting vulnerability in Gitea

Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.

3.5
2022-05-27 CVE-2021-27781 Hcltech Cross-site Scripting vulnerability in Hcltech Bigfix Mobile and Modern Client Management

The Master operator may be able to embed script tag in HTML with alert pop-up display cookie.

3.5
2022-05-27 CVE-2022-20765 Cisco Cross-site Scripting vulnerability in Cisco UCS Director

A vulnerability in the web applications of Cisco UCS Director could allow an authenticated, remote attacker to conduct a cross-site scripting attack on an affected system.

3.5
2022-05-27 CVE-2022-20802 Cisco Cross-site Scripting vulnerability in Cisco Enterprise Chat and Email

A vulnerability in the web interface of Cisco Enterprise Chat and Email (ECE) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

3.5
2022-05-27 CVE-2022-1909 Organizr Cross-site Scripting vulnerability in Organizr

Cross-site Scripting (XSS) - Stored in GitHub repository causefx/organizr prior to 2.1.2200.

3.5
2022-05-26 CVE-2022-30494 Automotive Shop Management System Project Cross-site Scripting vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0

In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.

3.5
2022-05-26 CVE-2021-4231 Angular Cross-site Scripting vulnerability in Angular

A vulnerability was found in Angular up to 11.0.4/11.1.0-next.2.

3.5
2022-05-26 CVE-2022-20809 Cisco Information Exposure Through Log Files vulnerability in Cisco Telepresence Video Communication Server

Multiple vulnerabilities in the API and web-based management interfaces of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker to write files or disclose sensitive information on an affected device.

3.5
2022-05-25 CVE-2022-29380 Creativeitem Cross-site Scripting vulnerability in Creativeitem Academy LMS 4.3

Academy-LMS v4.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the SEO panel.

3.5
2022-05-25 CVE-2022-29362 Zkeacms Cross-site Scripting vulnerability in Zkeacms 3.5.2

A cross-site scripting (XSS) vulnerability in /navigation/create?ParentID=%23 of ZKEACMS v3.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ParentID parameter.

3.5
2022-05-24 CVE-2022-30842 Covid 19 Travel Pass Management System Project Cross-site Scripting vulnerability in Covid 19 Travel Pass Management System Project Covid 19 Travel Pass Management System 1.0

Covid-19 Travel Pass Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /ctpms/classes/Users.php?f=save, firstname.

3.5
2022-05-24 CVE-2022-30458 Automotive Shop Management System Project Cross-site Scripting vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0

Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.

3.5
2022-05-24 CVE-2022-30460 Simple Social Networking Site Project Cross-site Scripting vulnerability in Simple Social Networking Site Project Simple Social Networking Site 1.0

Simple Social Networking Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /sns/classes/Users.php?f=save, firstname.

3.5
2022-05-24 CVE-2022-30462 Water Billing System Project Cross-site Scripting vulnerability in Water Billing System Project Water Billing System 1.0

Water-billing-management-system v1.0 is affected by: Cross Site Scripting (XSS) via /wbms/classes/Users.php?f=save, firstname.

3.5
2022-05-24 CVE-2022-30464 Chatbot APP With Suggestion IN PHP OOP Project Cross-site Scripting vulnerability in Chatbot APP With Suggestion in PHP/Oop Project Chatbot APP With Suggestion in PHP/Oop 1.0

ChatBot App with Suggestion in PHP/OOP v1.0 is vulnerable to Cross Site Scripting (XSS) via /simple_chat_bot/classes/Master.php?f=save_response.

3.5
2022-05-24 CVE-2022-30837 Toll TAX Management System Project Cross-site Scripting vulnerability in Toll TAX Management System Project Toll TAX Management System 1.0

Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name.

3.5
2022-05-24 CVE-2021-42656 Sscms Cross-site Scripting vulnerability in Sscms Siteserver CMS 6.15.51

SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.

3.5
2022-05-24 CVE-2022-30456 Badminton Center Management System Project Cross-site Scripting vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

Badminton Center Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via /bcms/classes/Master.php?f=save_court_rental.

3.5
2022-05-24 CVE-2022-1819 Student Information System Project Cross-site Scripting vulnerability in Student Information System Project Student Information System 1.0

A vulnerability, which was classified as problematic, was found in Student Information System 1.0.

3.5
2022-05-24 CVE-2022-1840 Home Clean Services Management System Project Cross-site Scripting vulnerability in Home Clean Services Management System Project Home Clean Services Management System 1.0

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0.

3.5
2022-05-23 CVE-2022-30015 Simple Food Website Project Cross-site Scripting vulnerability in Simple Food Website Project Simple Food Website 1.0

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on http://127.0.0.1:1234/food/admin/all_users.php like Full Username, etc .This causes stored xss.

3.5
2022-05-23 CVE-2021-42233 Simple Blog Project Cross-site Scripting vulnerability in Simple Blog Project Simple Blog

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability.

3.5
2022-05-23 CVE-2022-30017 Rescue Dispatch Management System Project Cross-site Scripting vulnerability in Rescue Dispatch Management System Project Rescue Dispatch Management System 1.0

Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.

3.5
2022-05-23 CVE-2022-1811 Publify Project Cross-site Scripting vulnerability in Publify Project Publify

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.

3.5
2022-05-23 CVE-2022-0900 Netdatasoft Cross-site Scripting vulnerability in Netdatasoft Divvy Drive

A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive's "aciklama" parameter could allow anyone to gain users' session informations.

3.5
2022-05-23 CVE-2022-1816 ZOO Management System Project Cross-site Scripting vulnerability in ZOO Management System Project ZOO Management System 1.0

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0.

3.5
2022-05-23 CVE-2022-1817 Badminton Center Management System Project Cross-site Scripting vulnerability in Badminton Center Management System Project Badminton Center Management System 1.0

A vulnerability, which was classified as problematic, was found in Badminton Center Management System.

3.5
2022-05-23 CVE-2022-1825 Collectiveaccess Cross-site Scripting vulnerability in Collectiveaccess Providence 1.1/1.2/1.3

Cross-site Scripting (XSS) - Reflected in GitHub repository collectiveaccess/providence prior to 1.8.

3.5
2022-05-23 CVE-2022-1093 Joomunited Cross-site Scripting vulnerability in Joomunited WP Meta SEO

The WP Meta SEO WordPress plugin before 4.4.7 does not sanitise or escape the breadcrumb separator before outputting it to the page, allowing a high privilege user such as an administrator to inject arbitrary javascript into the page even when unfiltered html is disallowed.

3.5
2022-05-23 CVE-2022-1298 Wpshopmart Cross-site Scripting vulnerability in Wpshopmart Tabs Responsive

The Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

3.5
2022-05-23 CVE-2022-1320 10Web Cross-site Scripting vulnerability in 10Web Sliderby10Web

The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

3.5
2022-05-23 CVE-2022-1558 Curtain Project Cross-site Scripting vulnerability in Curtain Project Curtain

The Curtain WordPress plugin through 1.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfiltered_html capability is disallowed

3.5
2022-05-24 CVE-2022-22306 Fortinet Improper Certificate Validation vulnerability in Fortinet Fortios

An improper certificate validation vulnerability [CWE-295] in FortiOS 6.0.0 through 6.0.14, 6.2.0 through 6.2.10, 6.4.0 through 6.4.8, 7.0.0 may allow a network adjacent and unauthenticated attacker to man-in-the-middle the communication between the FortiGate and some peers such as private SDNs and external cloud platforms.

2.9
2022-05-26 CVE-2022-26764 Apple Out-of-bounds Write vulnerability in Apple products

A memory corruption issue was addressed with improved validation.

2.6
2022-05-26 CVE-2022-26690 Apple Race Condition vulnerability in Apple Macos

Description: A race condition was addressed with additional validation.

2.6
2022-05-24 CVE-2021-3597 Redhat Race Condition vulnerability in Redhat products

A flaw was found in undertow.

2.6
2022-05-26 CVE-2022-26703 Apple Missing Authorization vulnerability in Apple Iphone OS

An authorization issue was addressed with improved state management.

2.1
2022-05-26 CVE-2022-26724 Apple Improper Authentication vulnerability in Apple Tvos

An authentication issue was addressed with improved state management.

2.1
2022-05-25 CVE-2022-31621 Mariadb Improper Locking vulnerability in Mariadb

MariaDB Server before 10.7 is vulnerable to Denial of Service.

2.1
2022-05-25 CVE-2022-31622 Mariadb Improper Resource Shutdown or Release vulnerability in Mariadb

MariaDB Server before 10.7 is vulnerable to Denial of Service.

2.1
2022-05-25 CVE-2022-31623 Mariadb Improper Locking vulnerability in Mariadb

MariaDB Server before 10.7 is vulnerable to Denial of Service.

2.1
2022-05-25 CVE-2022-31624 Mariadb Improper Resource Shutdown or Release vulnerability in Mariadb

MariaDB Server before 10.7 is vulnerable to Denial of Service.

2.1
2022-05-23 CVE-2021-32958 Claroty Unspecified vulnerability in Claroty Secure Remote Access

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with local command line interface access to gain the secret key, subsequently allowing them to generate valid session tokens for the web user interface (UI).

2.1
2022-05-26 CVE-2022-26765 Apple Race Condition vulnerability in Apple products

A race condition was addressed with improved state handling.

1.9