05/02/2022 06:16 AM EDT
Original release date: May 2, 2022
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| jfinalcms_project — jfinalcms | JFinalCMS v2.0 was discovered to contain a SQL injection vulnerability via the Article Management function. | 2022-04-22 | 7.5 | CVE-2022-27341 MISC |
| link-admin_project — link-admin | Link-Admin v0.0.1 was discovered to contain a SQL injection vulnerability via DictRest.ResponseResult(). | 2022-04-22 | 7.5 | CVE-2022-27342 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 209399. | 2022-04-22 | 6.8 | CVE-2021-38886 XF CONFIRM |
| pimcore — pimcore | SQL injection in GridHelperService.php in GitHub repository pimcore/pimcore prior to 10.3.6. This vulnerability is capable of steal the data | 2022-04-22 | 5 | CVE-2022-1429 MISC CONFIRM |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow a remote attacker to obtain credentials from a user’s browser via incorrect autocomplete settings. IBM X-Force ID: 209693. | 2022-04-22 | 4.3 | CVE-2021-38904 XF CONFIRM |
| microweber — microweber | Reflected XSS on demo.microweber.org/demo/ |
2022-04-22 | 4.3 | CVE-2022-1439 CONFIRM MISC |
| crypt-server_project — crypt-server | Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. | 2022-04-22 | 4.3 | CVE-2022-29589 MISC MISC |
| ibm — cognos_analytics | IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. | 2022-04-22 | 4 | CVE-2021-20464 CONFIRM XF |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM X-Force ID: 204468. | 2022-04-22 | 4 | CVE-2021-29824 CONFIRM XF |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 could allow an authenticated user to view report pages that they should not have access to. IBM X-Force ID: 209697. | 2022-04-22 | 4 | CVE-2021-38905 XF CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials. IBM X-Force ID: 209691. | 2022-04-22 | 3.5 | CVE-2021-38903 CONFIRM XF |
| ibm — cognos_analytics | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240. | 2022-04-22 | 3.5 | CVE-2021-38946 CONFIRM XF |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| artifex — ghostscript | Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. | 2022-04-25 | not yet calculated | CVE-2019-25059 MISC MLIST |
| wordpress — dw_question_&_answer_pro_ |
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. | 2022-04-25 | not yet calculated | CVE-2021-24800 MISC |
| wordpress — dw_question_&_answer_pro_ |
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status. | 2022-04-25 | not yet calculated | CVE-2021-24805 MISC |
| wordpress — advanced_page_visit_counter_ |
The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection | 2022-04-25 | not yet calculated | CVE-2021-24957 MISC |
| wordpress — tatsu_wordpress_plugin | The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker. | 2022-04-25 | not yet calculated | CVE-2021-25094 MISC MISC |
| wordpress– english_wordpress_admin_ |
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_ |
2022-04-25 | not yet calculated | CVE-2021-25111 MISC |
| sophos — authenticator_for_android | An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and Intercept X for Mobile (Android) before version 9.7.3495. | 2022-04-27 | not yet calculated | CVE-2021-25266 CONFIRM |
| maxboard — maxboard | Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. | 2022-04-26 | not yet calculated | CVE-2021-26628 MISC |
| tobesoft — xplatform | A path traversal vulnerability in XPLATFORM’s runtime archive function could lead to arbitrary file creation. When the .xzip archive file is decompressed, an arbitrary file can be d in the parent path by using the path traversal pattern ‘..\’. | 2022-04-26 | not yet calculated | CVE-2021-26629 MISC |
| ibm — qradar_siem | IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information from another user’s dashboard providing the dashboard ID of that user. IBM X-Force ID: 203030. | 2022-04-27 | not yet calculated | CVE-2021-29776 CONFIRM XF |
| nomachine — nomachine_for_windows | NoMachine for Windows prior to version 6.15.1 and 7.5.2 suffer from local privilege escalation due to the lack of safe DLL loading. This vulnerability allows local non-privileged users to perform DLL Hijacking via any writable directory listed under the system path and ultimately execute code as NT AUTHORITY\SYSTEM. | 2022-04-28 | not yet calculated | CVE-2021-33436 MISC MISC MISC MISC |
| bender/ebee — charge_controllers | In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable. | 2022-04-27 | not yet calculated | CVE-2021-34587 CONFIRM |
| bender/ebee — charge_controllers | In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot . | 2022-04-27 | not yet calculated | CVE-2021-34588 CONFIRM |
| bender/ebee — charge_controllers | In Bender/ebee Charge Controllers in multiple versions are prone to an RFID leak. The RFID of the last charge event can be read without authentication via the web interface. | 2022-04-27 | not yet calculated | CVE-2021-34589 CONFIRM |
| bender/ebee — charge_controllers | In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. | 2022-04-27 | not yet calculated | CVE-2021-34590 CONFIRM |
| bender/ebee — charge_controllers | In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd. | 2022-04-27 | not yet calculated | CVE-2021-34591 CONFIRM |
| bender/ebee — charge_controllers | In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields. | 2022-04-27 | not yet calculated | CVE-2021-34592 CONFIRM |
| bender/ebee — cc612 | In Bender/ebee Charge Controllers in multiple versions are prone to Hardcoded Credentials. Bender charge controller CC612 in version 5.20.1 and below is prone to hardcoded ssh credentials. An attacker may use the password to gain administrative access to the web-UI. | 2022-04-27 | not yet calculated | CVE-2021-34601 CONFIRM |
| bender/ebee — charge_controllers | In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields that are executed with root privileges. | 2022-04-27 | not yet calculated | CVE-2021-34602 CONFIRM |
| 3scale — apicast | A flaw was found in 3Scale APICast in versions prior to 2.11.0, where it incorrectly identified connections for reuse. This flaw allows an attacker to bypass security restrictions for an API request when hosting multiple APIs on the same IP address. | 2022-04-27 | not yet calculated | CVE-2021-3523 MISC |
| solarwinds — serv-u | A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1. | 2022-04-25 | not yet calculated | CVE-2021-35250 MISC MISC |
| metasys — ads/adx/oas | Under certain circumstances improper privilege management in Metasys ADS/ADX/OAS servers versions 10 and 11 could allow an authenticated user to elevate their privileges to administrator. | 2022-04-29 | not yet calculated | CVE-2021-36207 CERT CONFIRM |
| veryfixpro — veryfixpro | VeryFitPro (com.veryfit2hr.second) 3.2.8 hashes the account’s password locally on the device and uses the hash to authenticate in all communication with the backend API, including login, registration and changing of passwords. This allows an attacker in possession of a hash to takeover a user’s account, rendering the benefits of storing hashed passwords in the database useless. | 2022-04-25 | not yet calculated | CVE-2021-36460 MISC MISC MISC |
| wordpress –alexander_ustimenko’s_ |
Stored Cross-Site Scripting (XSS) vulnerability in Alexander Ustimenko’s Psychological tests & quizzes plugin <= 0.21.19 on WordPress possible for users with contributor or higher user rights. | 2022-04-26 | not yet calculated | CVE-2021-36867 CONFIRM CONFIRM |
| tripetto — tripetto_plugin | Unauthenticated Cross-Site Scripting (XSS) vulnerability in Tripetto’s Tripetto plugin <= 5.1.4 on WordPress via SVG image upload. | 2022-04-26 | not yet calculated | CVE-2021-36895 CONFIRM CONFIRM |
| lenovo — pcmanager | A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. | 2022-04-22 | not yet calculated | CVE-2021-3721 MISC |
| lenovo — pcmanager | A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. | 2022-04-22 | not yet calculated | CVE-2021-3722 MISC |
| lenovo — multiple_products | An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | 2022-04-22 | not yet calculated | CVE-2021-3849 CONFIRM |
| ibm — qradar_siem | IBM QRadar SIEM 7.3, 7.4, and 7.5 in some situations may not automatically log users out after they exceede their idle timeout. IBM X-Force ID: 208341. | 2022-04-27 | not yet calculated | CVE-2021-38869 CONFIRM XF |
| ibm — qradar_siem | IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397. | 2022-04-27 | not yet calculated | CVE-2021-38874 XF CONFIRM |
| ibm — qradar | IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756. | 2022-04-27 | not yet calculated | CVE-2021-38878 CONFIRM XF |
| ibm — qradar_siem | IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021 | 2022-04-27 | not yet calculated | CVE-2021-38919 CONFIRM XF |
| ibm — qradar_siem | IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037. | 2022-04-27 | not yet calculated | CVE-2021-38939 XF CONFIRM |
| ibm — infosphere_information_server | IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408. | 2022-04-28 | not yet calculated | CVE-2021-38952 CONFIRM XF |
| lenovo — multiple_products | An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan Power Controller2 (FPC2) and Lenovo System Management Module (SMM) firmware during an that could allow an unauthenticated attacker to execute commands on the SMM and FPC2. SMM2 is not affected. | 2022-04-22 | not yet calculated | CVE-2021-3897 CONFIRM |
| motorola — multiple_products | Versions of Motorola Ready For and Motorola Device Help Android applications prior to 2021-04-08 do not properly verify the server certificate which could lead to the communication channel being accessible by an attacker. | 2022-04-22 | not yet calculated | CVE-2021-3898 MISC |
| ibm — planning_analytics_workspace | IBM Planning Analytics Workspace 2.0 could be vulnerable to malicious file upload by not validating the file types or sizes. Attackers can make use of this weakness and upload malicious executable files into the system and it can be sent to victim for performing further attacks. IBM X-Force ID: 214025. | 2022-04-25 | not yet calculated | CVE-2021-39040 XF CONFIRM |
| ibm — urbancode_deploy | IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2022-04-29 | not yet calculated | CVE-2021-39082 CONFIRM XF |
| lenovo — lenovovariable_smi_handler | A potential vulnerability in LenovoVariable SMI Handler due to insufficient validation in some Lenovo Notebook models BIOS may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2021-3970 MISC |
| lenovo — notebook | A potential vulnerability by a driver used during older manufacturing processes on some consumer Lenovo Notebook devices that was mistakenly included in the BIOS image could allow an attacker with elevated privileges to modify firmware protection region by modifying an NVRAM variable. | 2022-04-22 | not yet calculated | CVE-2021-3971 MISC |
| lenovo — notebook | A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices’ BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | 2022-04-22 | not yet calculated | CVE-2021-3972 MISC |
| red_hat — gnome-shell | Linux distributions using CAP_SYS_NICE for gnome-shell may be exposed to a privilege escalation issue. An attacker, with low privilege permissions, may take advantage of the way CAP_SYS_NICE is currently implemented and eventually load code to increase its process scheduler priority leading to possible DoS of other services running in the same machine. | 2022-04-29 | not yet calculated | CVE-2021-3982 MISC MISC |
| artica — proxy | There is a Directory Traversal vulnerability in Artica Proxy (4.30.000000 SP206 through SP255, and VMware appliance 4.30.000000 through SP273) via the filename parameter to /cgi-bin/main.cgi. | 2022-04-25 | not yet calculated | CVE-2021-40680 FULLDISC |
| eclipse — openj9 | In Eclipse Openj9 before version 0.32.0, Java 8 & 11 fail to throw the exception captured during bytecode verification when verification is triggered by a MethodHandle invocation, allowing unverified methods to be invoked using MethodHandles. | 2022-04-27 | not yet calculated | CVE-2021-41041 CONFIRM CONFIRM |
| novelplus — novel-plus | novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution. | 2022-04-28 | not yet calculated | CVE-2021-41921 MISC |
| magic_cms_msvod — magic_cms_msvod | The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database. | 2022-04-29 | not yet calculated | CVE-2021-41942 MISC |
| encode– oss_httpx | Encode OSS httpx <=1.0.0.beta0 is affected by improper input validation in `httpx.URL`, `httpx.Client` and some functions using `httpx.URL.copy_with`. | 2022-04-28 | not yet calculated | CVE-2021-41945 MISC MISC MISC MISC MISC |
| subrion_cms — subrion_cms | A cross-site scripting (XSS) vulnerability exists in the “contact us” plugin for Subrion CMS <= 4.2.1 version via “List of subjects”. | 2022-04-29 | not yet calculated | CVE-2021-41948 MISC |
| pingidentity — pingid_windows_login | A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass. | 2022-04-30 | not yet calculated | CVE-2021-41992 MISC MISC |
| pingidentity — pingid_adnroid | A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | 2022-04-30 | not yet calculated | CVE-2021-41993 MISC MISC |
| pingidentity — pingid_ios | A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | 2022-04-30 | not yet calculated | CVE-2021-41994 MISC MISC |
| pingidentity — pingid_desktop | PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP. | 2022-04-30 | not yet calculated | CVE-2021-42001 MISC MISC |
| aemu — aemu | A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | 2022-04-29 | not yet calculated | CVE-2021-4206 MISC MISC |
| aemu — aemu | A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. | 2022-04-29 | not yet calculated | CVE-2021-4207 MISC MISC |
| lenovo — nvme_driver | A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2021-4210 MISC |
| lenovo — smbios_event_log_driver | A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2021-4211 MISC |
| lenovo — nlegacy_bios_mode_driver | A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code. | 2022-04-22 | not yet calculated | CVE-2021-4212 MISC |
| wordpress — sp_project_&_document_manager_ |
The SP Project & Document Manager WordPress plugin before 4.24 allows any authenticated users, such as subscribers, to upload files. The plugin attempts to prevent PHP and other similar files that could be executed on the server from being uploaded by checking the file extension. It was discovered that on Windows servers, the security checks in place were insufficient, enabling bad actors to potentially upload backdoors on vulnerable sites. | 2022-04-25 | not yet calculated | CVE-2021-4225 MISC MISC |
| elcomplus — smartptt | Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system. | 2022-04-28 | not yet calculated | CVE-2021-43930 |
Share this:
Discover more from #News247WorldPress
Subscribe to get the latest posts sent to your email.