Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38346 | 1 Brizy | 1 Brizy-page Builder | 2022-07-05 | 6.5 MEDIUM | 8.8 HIGH |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. | |||||
| CVE-2021-38344 | 1 Brizy | 1 Brizy-page Builder | 2022-07-05 | 3.5 LOW | 5.4 MEDIUM |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page. | |||||
| CVE-2022-0376 | 1 User-meta | 1 User Meta User Profile Builder And User Management | 2022-07-05 | 3.5 LOW | 4.8 MEDIUM |
| The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well as Shared Field Labels before outputting them in the admin dashboard when editing a form, which could allow high privilege users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed | |||||
| CVE-2021-41636 | 1 Melag | 1 Ftp Server | 2022-07-05 | 6.8 MEDIUM | 6.5 MEDIUM |
| MELAG FTP Server 2.2.0.4 allows an attacker to use the CWD command to break out of the FTP servers root directory and operate on the entire operating system, while the access restrictions of the user running the FTP server apply. | |||||
| CVE-2022-32552 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2022-07-05 | 9.0 HIGH | 8.8 HIGH |
| Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | |||||
| CVE-2022-32553 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2022-07-05 | 9.0 HIGH | 8.8 HIGH |
| Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | |||||
| CVE-2022-32554 | 1 Purestorage | 2 Purity\/\/fa, Purity\/\/fb | 2022-07-05 | 10.0 HIGH | 9.8 CRITICAL |
| Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to possibly exposed credentials for accessing the product’s management interface. The password may be known outside Pure Storage and could be used on an affected system, if reachable, to execute arbitrary instructions with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software. | |||||
| CVE-2021-44917 | 1 Gnuplot | 1 Gnuplot | 2022-07-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Divide by Zero vulnerability exists in gnuplot 5.4 in the boundary3d function in graph3d.c, which could cause a Arithmetic exception and application crash. | |||||
| CVE-2022-26493 | 1 Drupal | 1 Saml Sp 2.0 Single Sign On | 2022-07-03 | 6.5 MEDIUM | 8.8 HIGH |
| Xecurify's miniOrange Premium, Standard, and Enterprise Drupal SAML SP modules possess an authentication and authorization bypass vulnerability. An attacker with access to a HTTP-request intercepting method is able to bypass authentication and authorization by removing the SAML Assertion Signature - impersonating existing users and existing roles, including administrative users/roles. This vulnerability is not mitigated by configuring the module to enforce signatures or certificate checks. Xecurify recommends updating miniOrange modules to their most recent versions. This vulnerability is present in paid versions of the miniOrange Drupal SAML SP product affecting Drupal 7, 8, and 9. | |||||
| CVE-2022-2282 | 2022-07-03 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage. | |||||
| CVE-2021-34527 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-02 | 9.0 HIGH | 8.8 HIGH |
| Windows Print Spooler Remote Code Execution Vulnerability | |||||
| CVE-2021-32738 | 1 Stellar | 1 Js-stellar-sdk | 2022-07-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| js-stellar-sdk is a Javascript library for communicating with a Stellar Horizon server. The `Utils.readChallengeTx` function used in SEP-10 Stellar Web Authentication states in its function documentation that it reads and validates the challenge transaction including verifying that the `serverAccountID` has signed the transaction. In js-stellar-sdk before version 8.2.3, the function does not verify that the server has signed the transaction. Applications that also used `Utils.verifyChallengeTxThreshold` or `Utils.verifyChallengeTxSigners` to verify the signatures including the server signature on the challenge transaction are unaffected as those functions verify the server signed the transaction. Applications calling `Utils.readChallengeTx` should update to version 8.2.3, the first version with a patch for this vulnerability, to ensure that the challenge transaction is completely valid and signed by the server creating the challenge transaction. | |||||
| CVE-2021-1675 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2022-07-02 | 9.3 HIGH | 8.8 HIGH |
| Windows Print Spooler Elevation of Privilege Vulnerability | |||||
| CVE-2021-32477 | 1 Moodle | 1 Moodle | 2022-07-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability (site administrators by default). Moodle versions 3.10 to 3.10.3 are affected. | |||||
| CVE-2021-32003 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2022-07-02 | 2.1 LOW | 5.5 MEDIUM |
| Unprotected Transport of Credentials vulnerability in SiteManager provisioning service allows local attacker to capture credentials if the service is used after provisioning. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. | |||||
| CVE-2021-32002 | 1 Secomea | 2 Sitemanager, Sitemanager Firmware | 2022-07-02 | 2.1 LOW | 3.3 LOW |
| Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware. | |||||
| CVE-2021-32507 | 1 Qsan | 1 Storage Manager | 2022-07-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| Absolute Path Traversal vulnerability in FileDownload in QSAN Storage Manager allows remote authenticated attackers download arbitrary files via the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32518 | 1 Qsan | 1 Storage Manager | 2022-07-02 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3. | |||||
| CVE-2021-32625 | 2 Fedoraproject, Redislabs | 2 Fedora, Redis | 2022-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache, and message broker. An integer overflow bug in Redis version 6.0 or newer, could be exploited using the STRALGO LCS command to corrupt the heap and potentially result with remote code execution. This is a result of an incomplete fix by CVE-2021-29477. The problem is fixed in version 6.2.4 and 6.0.14. An additional workaround to mitigate the problem without patching the redis-server executable is to use ACL configuration to prevent clients from using the STRALGO LCS command. On 64 bit systems which have the fixes of CVE-2021-29477 (6.2.3 or 6.0.13), it is sufficient to make sure that the proto-max-bulk-len config parameter is smaller than 2GB (default is 512MB). | |||||
| CVE-2021-32647 | 1 Nsa | 1 Emissary | 2022-07-02 | 6.5 MEDIUM | 9.1 CRITICAL |
| Emissary is a P2P based data-driven workflow engine. Affected versions of Emissary are vulnerable to post-authentication Remote Code Execution (RCE). The [`CreatePlace`](https://github.com/NationalSecurityAgency/emissary/blob/30c54ef16c6eb6ed09604a929939fb9f66868382/src/main/java/emissary/server/mvc/internal/CreatePlaceAction.java#L36) REST endpoint accepts an `sppClassName` parameter which is used to load an arbitrary class. This class is later instantiated using a constructor with the following signature: `<constructor>(String, String, String)`. An attacker may find a gadget (class) in the application classpath that could be used to achieve Remote Code Execution (RCE) or disrupt the application. Even though the chances to find a gadget (class) that allow arbitrary code execution are low, an attacker can still find gadgets that could potentially crash the application or leak sensitive data. As a work around disable network access to Emissary from untrusted sources. | |||||