jell.ie CVEs

Read at: 2022-01-25T23:49:31+00:00

CVE-2022-23258

Microsoft Edge for Android Spoofing Vulnerability.

Source: National Vulnerability Database | 25 Jan 2022 | 10:15 pm UTC

CVE-2021-43799

Zulip is an open-source team collaboration tool. Zulip Server installs RabbitMQ for internal message passing. In versions of Zulip Server prior to 4.9, the initial installation (until first reboot, or restart of RabbitMQ) does not successfully limit the default ports which RabbitMQ opens; this includes port 25672, the RabbitMQ distribution port, which is used as a management port. RabbitMQ's default "cookie" which protects this port is generated using a weak PRNG, which limits the entropy of the password to at most 36 bits; in practicality, the seed for the randomizer is biased, resulting in approximately 20 bits of entropy. If other firewalls (at the OS or network level) do not protect port 25672, a remote attacker can brute-force the 20 bits of entropy in the "cookie" and leverage it for arbitrary execution of code as the rabbitmq user. They can also read all data which is sent through RabbitMQ, which includes all message traffic sent by users. Version 4.9 contains a patch for this vulnerability. As a workaround, ensure that firewalls prevent access to ports 5672 and 25672 from outside the Zulip server.

Source: National Vulnerability Database | 25 Jan 2022 | 9:15 pm UTC

CVE-2022-23031

On BIG-IP FPS, ASM, and Advanced WAF versions 16.1.x before 16.1.1, 15.1.x before 15.1.4, and 14.1.x before 14.1.4.4, an XML External Entity (XXE) vulnerability exists in an undisclosed page of the F5 Advanced Web Application Firewall (Advanced WAF) and BIG-IP ASM Traffic Management User Interface (TMUI), also referred to as the Configuration utility, that allows an authenticated high-privileged attacker to read local files and force BIG-IP to send HTTP requests. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23032

In all versions before 7.2.1.4, when proxy settings are configured in the network access resource of a BIG-IP APM system, connecting BIG-IP Edge Client on Mac and Windows is vulnerable to a DNS rebinding attack. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23030

On version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when the BIG-IP Virtual Edition (VE) uses the ixlv driver (which is used in SR-IOV mode and requires Intel X710/XL710/XXV710 family of network adapters on the Hypervisor) and TCP Segmentation Offload configuration is enabled, undisclosed requests may cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23029

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23027

On BIG-IP versions 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, 13.1.x beginning in 13.1.3.6, 12.1.5.3-12.1.6, and 11.6.5.2, when a FastL4 profile and an HTTP, FIX, and/or hash persistence profile are configured on the same virtual server, undisclosed requests can cause the virtual server to stop processing new client connections. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23011

On certain hardware BIG-IP platforms, in version 15.1.x before 15.1.4 and 14.1.x before 14.1.3, virtual servers may stop responding while processing TCP traffic due to an issue in the SYN Cookie Protection feature. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23017

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when a virtual server is configured with a DNS profile with the Rapid Response Mode setting enabled and is configured on a BIG-IP system, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23023

On BIG-IP version 16.1.x before 16.1.2.1, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, and BIG-IQ all versions of 8.x and 7.x, undisclosed requests by an authenticated iControl REST user can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23014

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP APM portal access is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23009

On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a BIG-IQ managed BIG-IP device can access other BIG-IP devices managed by the same BIG-IQ system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23022

On BIG-IP version 16.1.x before 16.1.2, when an HTTP profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23019

On BIG-IP version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x and 12.1.x, when a message routing type virtual server is configured with both Diameter Session and Router Profiles, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23020

On BIG-IP version 16.1.x before 16.1.2, when the 'Respond on Error' setting is enabled on the Request Logging profile and configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23013

On BIG-IP DNS & GTM version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a DOM-based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23018

On BIG-IP AFM version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and 13.1.x beginning in 13.1.3.4, when a virtual server is configured with both HTTP protocol security and HTTP Proxy Connect profiles, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23025

On BIG-IP version 16.1.x before 16.1.1, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, when a SIP ALG profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23015

On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, and 14.1.2.6-14.1.4.4, when a Client SSL profile is configured on a virtual server with Client Certificate Authentication set to request/require and Session Ticket enabled and configured, processing SSL traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23026

On BIG-IP ASM & Advanced WAF version 16.1.x before 16.1.2, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.5, and all versions of 13.1.x and 12.1.x, an authenticated user with low privileges, such as a guest, can upload data using an undisclosed REST endpoint causing an increase in disk resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23010

On BIG-IP versions 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile and an HTTP profile are configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23021

On BIG-IP version 16.1.x before 16.1.2, when any of the following configurations are configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate: HTTP redirect rule in an LTM policy, BIG-IP APM Access Profile, and Explicit HTTP Proxy in HTTP Profile. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23016

On versions 16.1.x before 16.1.2 and 15.1.x before 15.1.4.1, when BIG-IP SSL Forward Proxy with TLS 1.3 is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23012

On BIG-IP versions 15.1.x before 15.1.4.1 and 14.1.x before 14.1.4.5, when the HTTP/2 profile is configured on a virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23028

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.5, 14.1.x before 14.1.4.5, and all versions of 13.1.x, when global AFM SYN cookie protection (TCP Half Open flood vector) is activated in the AFM Device Dos or DOS profile, certain types of TCP connections will fail. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-23024

On BIG-IP AFM version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.2, and all versions of 13.1.x, when the IPsec application layer gateway (ALG) logging profile is configured on an IPsec ALG virtual server, undisclosed IPsec traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-38129

Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting versions 12.x up to and including 12.21. The vulnerability could be exploited by a non-privileged local user to access system monitoring data collected by Operations Agent.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-40167

A Memory Corruption Vulnerability in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 and prior may lead to remote code execution through maliciously crafted DWF and TGA files.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-0333

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-0335

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The "delete badge alignment" functionality did not include the necessary token check to prevent a CSRF risk.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-0270

Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers allowing a user to override assigned user name and groups.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-0334

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. Insufficient capability checks could lead to users accessing their grade report for courses where they did not have the required gradereport/user:view capability.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-22789

Charactell - FormStorm Enterprise Account takeover – An attacker can modify (add, remove and update) passwords file for all the users. The xx_users.ini file in the FormStorm folder contains usernames in cleartext and an obfuscated password. Malicious user can take over an account by replacing existing password in the file.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-0332

A flaw was found in Moodle in versions 3.11 to 3.11.4. An SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-41598

A UI misrepresentation vulnerability was identified in GitHub Enterprise Server that allowed more permissions to be granted during a GitHub App's user-authorization web flow than was displayed to the user during approval. To exploit this vulnerability, an attacker would need to create a GitHub App on the instance and have a user authorize the application through the web authentication flow. All permissions being granted would properly be shown during the first authorization, but if the user later updated the set of repositories the app was installed on after the GitHub App had configured additional user-level permissions, those additional permissions would not be displayed, leading to more permissions being granted than the user potentially intended. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.3 and was fixed in versions 3.2.5, 3.1.13, 3.0.21. This vulnerability was reported via the GitHub Bug Bounty program.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-40337

Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-45729

The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions <= 1.8.0) allows authenticated low-role users to create, edit, and delete maps.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-4145

A NULL pointer dereference issue was found in the block mirror layer of QEMU in versions prior to 6.2.0. The `self` pointer is dereferenced in mirror_wait_on_conflicts() without ensuring that it's not NULL. A malicious unprivileged user within the guest could use this flaw to crash the QEMU process on the host when writing data reaches the threshold of mirroring node.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-40159

An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019 may lead to code execution through maliciously crafted JT files.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-4133

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-40158

A maliciously crafted JT file in Autodesk Inventor 2022, 2021, 2020, 2019 may be forced to read beyond allocated boundaries when parsing the JT file. This vulnerability can be exploited to execute arbitrary code

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2021-43298

The code that performs password matching when using 'Basic' HTTP authentication does not use a constant-time memcmp and has no rate-limiting. This means that an unauthenticated network attacker can brute-force the HTTP basic password, byte-by-byte, by recording the webserver's response time until the unauthorized (401) response.

Source: National Vulnerability Database | 25 Jan 2022 | 8:15 pm UTC

CVE-2022-0351

Access of Memory Location Before Start of Buffer in Conda vim prior to 8.2.

Source: National Vulnerability Database | 25 Jan 2022 | 6:15 pm UTC

CVE-2021-39031

IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875.

Source: National Vulnerability Database | 25 Jan 2022 | 5:15 pm UTC

CVE-2021-46087

In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-34867

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13672.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-34866

This vulnerability allows local attackers to escalate privileges on affected installations of Linux Kernel 5.14-rc3. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of eBPF programs. The issue results from the lack of proper validation of user-supplied eBPF programs, which can result in a type confusion condition. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the kernel. Was ZDI-CAN-14689.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-34869

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13797.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-34868

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13712.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-34870

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of NETGEAR XR1000 1.0.0.52_1.0.38 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SOAP messages. The issue results from a lack of authentication required for a privileged request. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-13325.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-46086

xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-34865

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from incorrect string matching logic when accessing protected pages. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-13313.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-46083

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-46084

uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-46085

OneBlog <= 2.2.8 is vulnerable to Insecure Permissions. Low level administrators can delete high-level administrators beyond their authority.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-43863

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-46034

A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box.

Source: National Vulnerability Database | 25 Jan 2022 | 4:15 pm UTC

CVE-2021-46033

In ForestBlog, as of 2021-12-28, File upload can bypass verification.

Source: National Vulnerability Database | 25 Jan 2022 | 3:15 pm UTC

CVE-2021-46089

In JeecgBoot 3.0, there is a SQL injection vulnerability that can operate the database with root privileges.

Source: National Vulnerability Database | 25 Jan 2022 | 3:15 pm UTC

CVE-2021-3850

Authentication Bypass by Primary Weakness in GitHub repository adodb/adodb prior to 5.20.21.

Source: National Vulnerability Database | 25 Jan 2022 | 3:15 pm UTC

CVE-2022-23034

A PV guest could DoS Xen while unmapping a grant To address XSA-380, reference counting was introduced for grant mappings for the case where a PV guest would have the IOMMU enabled. PV guests can request two forms of mappings. When both are in use for any individual mapping, unmapping of such a mapping can be requested in two steps. The reference count for such a mapping would then mistakenly be decremented twice. Underflow of the counters gets detected, resulting in the triggering of a hypervisor bug check.

Source: National Vulnerability Database | 25 Jan 2022 | 2:15 pm UTC

CVE-2022-23035

Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.

Source: National Vulnerability Database | 25 Jan 2022 | 2:15 pm UTC

CVE-2021-45846

A flaw in the AMF parser of Slic3r libslic3r 1.3.0 allows an attacker to cause an application crash using a crafted AMF document, where a metadata tag lacks a "type" attribute.

Source: National Vulnerability Database | 25 Jan 2022 | 2:15 pm UTC

CVE-2021-45847

Several missing input validations in the 3MF parser component of Slic3r libslic3r 1.3.0 can each allow an attacker to cause an application crash using a crafted 3MF input file.

Source: National Vulnerability Database | 25 Jan 2022 | 2:15 pm UTC

CVE-2022-21697

Jupyter Server Proxy is a Jupyter notebook server extension to proxy web services. Versions of Jupyter Server Proxy prior to 3.2.1 are vulnerable to Server-Side Request Forgery (SSRF). Any user deploying Jupyter Server or Notebook with jupyter-proxy-server extension enabled is affected. A lack of input validation allows authenticated clients to proxy requests to other hosts, bypassing the `allowed_hosts` check. Because authentication is required, which already grants permissions to make the same requests via kernel or terminal execution, this is considered low to moderate severity. Users may upgrade to version 3.2.1 to receive a patch or, as a workaround, install the patch manually.

Source: National Vulnerability Database | 25 Jan 2022 | 2:15 pm UTC

CVE-2022-23033

arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more entries from a guest p2m pagetable on Arm (p2m_remove_mapping, guest_physmap_remove_page, and p2m_set_entry with mfn set to INVALID_MFN) do not actually clear the pagetable entry if the entry doesn't have the valid bit set. It is possible to have a valid pagetable entry without the valid bit set when a guest operating system uses set/way cache maintenance instructions. For instance, a guest issuing a set/way cache maintenance instruction, then calling the XENMEM_decrease_reservation hypercall to give back memory pages to Xen, might be able to retain access to those pages even after Xen started reusing them for other purposes.

Source: National Vulnerability Database | 25 Jan 2022 | 2:15 pm UTC

CVE-2022-23944

User can access /plugin api without authentication. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2022-23223

The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2022-23945

Missing authentication on ShenYu Admin when register by HTTP. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-45845

The Path Sanity Check script of FreeCAD 0.19 is vulnerable to OS command injection, allowing an attacker to execute arbitrary commands via a crafted FCStd document.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-46113

In MartDevelopers KEA-Hotel-ERP open source as of 12-31-2021, a remote code execution vulnerability can be exploited by uploading PHP files using the file upload vulnerability in this service.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-45342

A buffer overflow vulnerability in CDataList of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-45343

In LibreCAD 2.2.0, a NULL pointer dereference in the HATCH handling of libdxfrw allows an attacker to crash the application using a crafted DXF document.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-45844

Improper sanitization in the invocation of ODA File Converter from FreeCAD 0.19 allows an attacker to inject OS commands via a crafted filename.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-45802

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because the email and phone parameter values are added to the SQL query without any verification at the time of membership registration.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-45803

MartDevelopers iResturant 1.0 is vulnerable to SQL Injection. SQL Injection occurs because this view parameter value is added to the SQL query without additional verification when viewing reservation.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-45029

Groovy Code Injection & SpEL Injection which lead to Remote Code Execution. This issue affected Apache ShenYu 2.4.0 and 2.4.1.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 pm UTC

CVE-2021-45340

In Libsixel prior to and including v1.10.3, a NULL pointer dereference in the stb_image.h component of libsixel allows attackers to cause a denial of service (DOS) via a crafted PICT file.

Source: National Vulnerability Database | 25 Jan 2022 | 12:15 pm UTC

CVE-2021-45341

A buffer overflow vulnerability in CDataMoji of the jwwlib component of LibreCAD 2.2.0-rc3 and older allows an attacker to achieve Remote Code Execution using a crafted JWW document.

Source: National Vulnerability Database | 25 Jan 2022 | 12:15 pm UTC

CVE-2022-0268

Cross-site Scripting (XSS) - Stored in Packagist getgrav/grav prior to 1.7.28.

Source: National Vulnerability Database | 25 Jan 2022 | 11:15 am UTC

CVE-2022-0338

Improper Privilege Management in Conda loguru prior to 0.5.3.

Source: National Vulnerability Database | 25 Jan 2022 | 9:15 am UTC

CVE-2022-23935

lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check.

Source: National Vulnerability Database | 25 Jan 2022 | 6:15 am UTC

CVE-2021-46483

Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-46482

Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-46481

Jsish v3.5.0 was discovered to contain a memory leak via linenoise at src/linenoise.c.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-44994

There is an Assertion ''JERRY_CONTEXT (jmem_heap_allocated_size) == 0'' failed at /jerry-core/jmem/jmem-heap.c in Jerryscript 3.0.0.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-44993

There is an Assertion ''ecma_is_value_boolean (base_value)'' failed at /jerry-core/ecma/operations/ecma-get-put-value.c in Jerryscript 3.0.0.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-44992

There is an Assertion ''ecma_object_is_typedarray (obj_p)'' failed at /jerry-core/ecma/operations/ecma-typedarray-object.c in Jerryscript 3.0.0.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-46480

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiValueObjDelete in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-46478

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiClearStack in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-46477

Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS).

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-46475

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsi_ArraySliceCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service (DoS).

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-44988

Jerryscript v3.0.0 and below was discovered to contain a stack overflow via ecma_find_named_property in ecma-helpers.c.

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-46474

Jsish v3.5.0 was discovered to contain a heap buffer overflow via jsiEvalCodeSub in src/jsiEval.c. This vulnerability can lead to a Denial of Service (DoS).

Source: National Vulnerability Database | 25 Jan 2022 | 1:15 am UTC

CVE-2021-43394

Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an Incorrect Implementation of an Authentication Algorithm. An LDAP password is not properly validated.

Source: National Vulnerability Database | 24 Jan 2022 | 10:15 pm UTC

CVE-2022-0177

Cross-site Scripting (XSS) - DOM in GitHub repository mrdoob/three.js prior to 0.137.0.

Source: National Vulnerability Database | 24 Jan 2022 | 9:15 pm UTC

CVE-2021-45222

An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human ressources interface, it is vulnerable to privilege escalation by HR personnel.

Source: National Vulnerability Database | 24 Jan 2022 | 8:15 pm UTC

CVE-2021-45226

An issue was discovered in COINS Construction Cloud 11.12. Due to improper validation of user-controlled HTTP headers, attackers can cause it to send password-reset e-mails pointing to arbitrary websites.

Source: National Vulnerability Database | 24 Jan 2022 | 8:15 pm UTC

CVE-2021-45225

An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window).

Source: National Vulnerability Database | 24 Jan 2022 | 8:15 pm UTC

count: 100