Skip to main content

Real-Time Threat Database & Automated Security Assessment: Enhancing Railway Cybersecurity

Introduction

CyRail® offers a comprehensive solution for railway cybersecurity, including a Real-Time Threat Database and Automated Security Assessment features. These tools empower railway professionals to proactively identify and mitigate cybersecurity threats, ensuring the resilience and reliability of critical infrastructure.

Key Features

  • Scalable Model Library: Access a scalable library of security-relevant elements for system modeling, supporting various use cases in different domains.
  • Automated Threat Data Updates: Subscribe to automated updates for real-time alerts and notifications about emerging threats, enabling proactive defense against potential cyber attacks.

Threat Vulnerability Database

NameStatusDescriptionReferencesPhase
CVE-2022-1239CandidateThe HubSpot WordPress plugin before 8.8.15 does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the edit_posts capability (by default contributor and above) to perform SSRF attacksMISC:https://wpscan.com/vulnerability/4ad2bb96-87a4-4590-a058-b03b33d2fcee | URL:https://wpscan.com/vulnerability/4ad2bb96-87a4-4590-a058-b03b33d2fceeAssigned (20220405)
CVE-2022-1240CandidateHeap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the `r_str_ncpy` function. Therefore I think it is very likely to be exploitable. For more general description of heap buffer overflow, see [CWE](https://cwe.mitre.org/data/definitions/122.html).CONFIRM:https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc | URL:https://huntr.dev/bounties/e589bd97-4c74-4e79-93b5-0951a281facc | MISC:https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4 | URL:https://github.com/radareorg/radare2/commit/ca8d8b39f3e34a4fd943270330b80f1148129de4Assigned (20220405)
CVE-2022-1241CandidateThe Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issuesMISC:https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9b | URL:https://wpscan.com/vulnerability/3258393a-eafb-4356-994e-2ff8ce223c9bAssigned (20220405)
CVE-2022-1242Candidate** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Assigned (20220405)
CVE-2022-1243CandidateCRHTLF can lead to invalid protocol extraction potentially leading to XSS in GitHub repository medialize/uri.js prior to 1.19.11.CONFIRM:https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7 | URL:https://huntr.dev/bounties/8c5afc47-1553-4eba-a98e-024e4cc3dfb7 | MISC:https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffae | URL:https://github.com/medialize/uri.js/commit/b0c9796aa1a95a85f40924fb18b1e5da3dc8ffaeAssigned (20220405)
CVE-2022-1244Candidateheap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.CONFIRM:https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82 | URL:https://huntr.dev/bounties/8ae2c61a-2220-47a5-bfe8-fe6d41ab1f82 | MISC:https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3 | URL:https://github.com/radareorg/radare2/commit/2b77b277d67ce061ee6ef839e7139ebc2103c1e3Assigned (20220405)
CVE-2022-1245CandidateA privilege escalation flaw was found in the token exchange feature of keycloak. Missing authorization allows a client application holding a valid access token to exchange tokens for any target client by passing the client_id of the target. This could allow a client to gain unauthorized access to additional services.MISC:https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8 | URL:https://github.com/keycloak/keycloak/security/advisories/GHSA-75p6-52g3-rqc8Assigned (20220405)
CVE-2022-1246Candidate** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-1280. Reason: This candidate is a reservation duplicate of CVE-2022-1280. Notes: All CVE users should reference CVE-2022-1280 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.Assigned (20220405)
CVE-2022-1247CandidateAn issue found in linux-kernel that leads to a race condition in rose_connect(). The rose driver uses rose_neigh->use to represent how many objects are using the rose_neigh. When a user wants to delete a rose_route via rose_ioctl(), the rose driver calls rose_del_node() and removes neighbours only if their “count” and “use” are zero.MISC:https://access.redhat.com/security/cve/CVE-2022-1247 | URL:https://access.redhat.com/security/cve/CVE-2022-1247 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2066799 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2066799Assigned (20220405)
CVE-2022-1248CandidateA vulnerability was found in SAP Information System 1.0 which has been rated as critical. Affected by this issue is the file /SAP_Information_System/controllers/add_admin.php. An unauthenticated attacker is able to create a new admin account for the web application with a simple POST request. Exploit details were disclosed.MISC:http://packetstormsecurity.com/files/166609/SAP-Information-System-1.0.0-Missing-Authorization.html | MISC:https://vuldb.com/?id.196550 | URL:https://vuldb.com/?id.196550Assigned (20220406)
CVE-2022-1249CandidateA NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2065771 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2065771Assigned (20220406)
CVE-2022-1250CandidateThe LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issueMISC:https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/ | URL:https://make.lifterlms.com/2022/04/04/lifterlms-paypal-version-1-4-0/ | MISC:https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718 | URL:https://wpscan.com/vulnerability/1f8cb0b9-7447-44db-8d13-292db5b17718Assigned (20220406)
CVE-2022-1251CandidateThe Ask me WordPress theme before 6.8.4 does not perform nonce checks when processing POST requests to the Edit Profile page, allowing an attacker to trick a user to change their profile information by sending a crafted request.MISC:https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349 | URL:https://wpscan.com/vulnerability/34b3fc35-381a-4bd7-87e3-f1ef0a15a349Assigned (20220406)
CVE-2022-1252CandidateUse of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contentsMISC:https://0g.vc/posts/insecure-cipher-gnuboard5/ | URL:https://0g.vc/posts/insecure-cipher-gnuboard5/ | MISC:https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebb | URL:https://huntr.dev/bounties/c8c2c3e1-67d0-4a11-a4d4-11af567a9ebbAssigned (20220406)
CVE-2022-1253CandidateHeap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.CONFIRM:https://huntr.dev/bounties/1-other-strukturag/libde265 | URL:https://huntr.dev/bounties/1-other-strukturag/libde265 | DEBIAN:DSA-5346 | URL:https://www.debian.org/security/2023/dsa-5346 | MISC:https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8 | URL:https://github.com/strukturag/libde265/commit/8e89fe0e175d2870c39486fdd09250b230ec10b8Assigned (20220406)
CVE-2022-1254CandidateA URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior to 9.2.20, 8.x prior to 8.2.27, and 7.x prior to 7.8.2.31, and controlled release 11.x prior to 11.1.3 allows a remote attacker to redirect a user to a malicious website controlled by the attacker. This is possible because SWG incorrectly creates a HTTP redirect response when a user clicks a carefully constructed URL. Following the redirect response, the new request is still filtered by the SWG policy.CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10381 | URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10381Assigned (20220406)
CVE-2022-1255CandidateThe Import and export users and customers WordPress plugin before 1.19.2.1 does not sanitise and escaped imported CSV data, which could allow high privilege users to import malicious javascript code and lead to Stored Cross-Site Scripting issuesMISC:https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82 | URL:https://wpscan.com/vulnerability/22fe68c4-8f47-491e-be87-5e8e40535a82Assigned (20220406)
CVE-2022-1256CandidateA local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation of symbolic links.CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10382 | URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10382Assigned (20220406)
CVE-2022-1257CandidateInsecure storage of sensitive information vulnerability in MA for Linux, macOS, and Windows prior to 5.7.6 allows a local user to gain access to sensitive information through storage in ma.db. The sensitive information has been moved to encrypted database files.CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10382 | URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10382Assigned (20220406)
CVE-2022-1258CandidateA blind SQL injection vulnerability in the ePolicy Orchestrator (ePO) extension of MA prior to 5.7.6 can be exploited by an authenticated administrator on ePO to perform arbitrary SQL queries in the back-end database, potentially leading to command execution on the server.CONFIRM:https://kc.mcafee.com/corporate/index?page=content&id=SB10382 | URL:https://kc.mcafee.com/corporate/index?page=content&id=SB10382Assigned (20220406)
CVE-2022-1259CandidateA flaw was found in Undertow. A potential security issue in flow control handling by the browser over HTTP/2 may cause overhead or a denial of service in the server. This flaw exists because of an incomplete fix for CVE-2021-3629.MISC:https://access.redhat.com/security/cve/CVE-2022-1259 | URL:https://access.redhat.com/security/cve/CVE-2022-1259 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2072339 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2072339 | MISC:https://security.netapp.com/advisory/ntap-20221014-0006/ | URL:https://security.netapp.com/advisory/ntap-20221014-0006/Assigned (20220406)
CVE-2022-1260Candidate** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.Assigned (20220406)
CVE-2022-1261CandidateMatrikon, a subsidary of Honeywell Matrikon OPC Server (all versions) is vulnerable to a condition where a low privileged user allowed to connect to the OPC server to use the functions of the IPersisFile to execute operating system processes with system-level privileges.CONFIRM:https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-02 | URL:https://www.cisa.gov/uscert/ics/advisories/icsa-22-144-02Assigned (20220406)
CVE-2022-1262CandidateA command injection vulnerability in the protest binary allows an attacker with access to the remote command line interface to execute arbitrary commands as root.MISC:https://www.tenable.com/security/research/tra-2022-09 | URL:https://www.tenable.com/security/research/tra-2022-09Assigned (20220406)
CVE-2022-1263CandidateA NULL pointer dereference issue was found in KVM when releasing a vCPU with dirty ring support enabled. This flaw allows an unprivileged local attacker on the host to issue specific ioctl calls, causing a kernel oops condition that results in a denial of service.MISC:https://access.redhat.com/security/cve/CVE-2022-1263 | URL:https://access.redhat.com/security/cve/CVE-2022-1263 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2072698 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2072698 | MISC:https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4 | URL:https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4 | MISC:https://www.openwall.com/lists/oss-security/2022/04/07/1 | URL:https://www.openwall.com/lists/oss-security/2022/04/07/1Assigned (20220406)
CVE-2022-1264CandidateThe affected product may allow an attacker with access to the Ignition web configuration to run arbitrary code.MISC:https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-03 | URL:https://www.cisa.gov/uscert/ics/advisories/icsa-22-102-03Assigned (20220406)
CVE-2022-1265CandidateThe BulletProof Security WordPress plugin before 6.1 does not sanitize and escape some of its CAPTCHA settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758 | URL:https://wpscan.com/vulnerability/9b66819d-8479-4c0b-b206-7f7ff769f758Assigned (20220407)
CVE-2022-1266CandidateThe Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.MISC:https://wpscan.com/vulnerability/7800d583-fcfc-4360-9dc3-af3f73e12ab4 | URL:https://wpscan.com/vulnerability/7800d583-fcfc-4360-9dc3-af3f73e12ab4Assigned (20220407)
CVE-2022-1267CandidateThe BMI BMR Calculator WordPress plugin through 1.3 does not sanitise and escape arbitrary POST data before outputting it back in the response, leading to a Reflected Cross-Site ScriptingMISC:https://wpscan.com/vulnerability/ed2971c2-b99c-4320-ac46-bea5a0a493ed | URL:https://wpscan.com/vulnerability/ed2971c2-b99c-4320-ac46-bea5a0a493edAssigned (20220407)
CVE-2022-1268CandidateThe Donate Extra WordPress plugin through 2.02 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected cross-Site ScriptingMISC:https://wpscan.com/vulnerability/6d596afb-cac3-4ef2-9742-235c068d1006 | URL:https://wpscan.com/vulnerability/6d596afb-cac3-4ef2-9742-235c068d1006Assigned (20220407)
CVE-2022-1269CandidateThe Fast Flow WordPress plugin before 1.2.12 does not sanitise and escape the page parameter before outputting back in an attribute in an admin dashboard, leading to a Reflected Cross-Site ScriptingMISC:https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bf | URL:https://wpscan.com/vulnerability/65ff0e71-0fcd-4357-9b00-143cb18901bfAssigned (20220407)
CVE-2022-1270CandidateIn GraphicsMagick, a heap buffer overflow was found when parsing MIFF.DEBIAN:DSA-5288 | URL:https://www.debian.org/security/2022/dsa-5288 | GENTOO:GLSA-202209-19 | URL:https://security.gentoo.org/glsa/202209-19 | MISC:https://sourceforge.net/p/graphicsmagick/bugs/664/ | URL:https://sourceforge.net/p/graphicsmagick/bugs/664/ | MLIST:[debian-lts-announce] 20221121 [SECURITY] [DLA 3200-1] graphicsmagick security update | URL:https://lists.debian.org/debian-lts-announce/2022/11/msg00028.htmlAssigned (20220407)
CVE-2022-1271CandidateAn arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system.CONFIRM:https://security.netapp.com/advisory/ntap-20220930-0006/ | GENTOO:GLSA-202209-01 | URL:https://security.gentoo.org/glsa/202209-01 | MISC:https://access.redhat.com/security/cve/CVE-2022-1271 | URL:https://access.redhat.com/security/cve/CVE-2022-1271 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2073310 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2073310 | MISC:https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 | URL:https://git.tukaani.org/?p=xz.git;a=commit;h=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 | MISC:https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html | URL:https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html | MISC:https://security-tracker.debian.org/tracker/CVE-2022-1271 | URL:https://security-tracker.debian.org/tracker/CVE-2022-1271 | MISC:https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch | URL:https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch | MISC:https://www.openwall.com/lists/oss-security/2022/04/07/8 | URL:https://www.openwall.com/lists/oss-security/2022/04/07/8Assigned (20220407)
CVE-2022-1272Candidate** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Assigned (20220408)
CVE-2022-1273CandidateThe Import WP WordPress plugin before 2.4.6 does not validate the imported file in some cases, allowing high privilege users such as admin to upload arbitrary files (such as PHP), leading to RCEMISC:https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603 | URL:https://wpscan.com/vulnerability/ad99b9ba-5f24-4682-a787-00f0e8e32603Assigned (20220408)
CVE-2022-1274CandidateA flaw was found in Keycloak in the execute-actions-email endpoint. This issue allows arbitrary HTML to be injected into emails sent to Keycloak users and can be misused to perform phishing or other attacks against users.MISC:https://herolab.usd.de/security-advisories/usd-2021-0033/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2073157 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2073157 | MISC:https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725 | URL:https://github.com/keycloak/keycloak/security/advisories/GHSA-m4fv-gm5m-4725Assigned (20220408)
CVE-2022-1275CandidateThe BannerMan WordPress plugin through 0.2.4 does not sanitize or escape its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed (such as in multisite)MISC:https://wpscan.com/vulnerability/bc2e5be3-cd2b-4ee9-8d7a-cabce46b7092 | URL:https://wpscan.com/vulnerability/bc2e5be3-cd2b-4ee9-8d7a-cabce46b7092Assigned (20220408)
CVE-2022-1276CandidateOut-of-bounds Read in mrb_get_args in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.CONFIRM:https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25 | URL:https://huntr.dev/bounties/6ea041d1-e2aa-472c-bf3e-da5fa8726c25 | MISC:https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6 | URL:https://github.com/mruby/mruby/commit/c8c083cb750606b2da81582cd8e43b442bb143e6Assigned (20220408)
CVE-2022-1277CandidateInavitas Solar Log product has an unauthenticated SQL Injection vulnerability.MISC:https://www.usom.gov.tr/bildirim/tr-22-0514 | URL:https://www.usom.gov.tr/bildirim/tr-22-0514Assigned (20220408)
CVE-2022-1278CandidateA flaw was found in WildFly, where an attacker can see deployment names, endpoints, and any other data the trace payload may contain.MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2073401 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2073401Assigned (20220408)
CVE-2022-1279CandidateA vulnerability in the encryption implementation of EBICS messages in the open source librairy ebics-java/ebics-java-client allows an attacker sniffing network traffic to decrypt EBICS payloads. This issue affects: ebics-java/ebics-java-client versions prior to 1.2.CONFIRM:https://github.com/ebics-java/ebics-java-client/releases/tag/1.2 | URL:https://github.com/ebics-java/ebics-java-client/releases/tag/1.2Assigned (20220408)
CVE-2022-1280CandidateA use-after-free vulnerability was found in drm_lease_held in drivers/gpu/drm/drm_lease.c in the Linux kernel due to a race problem. This flaw allows a local user privilege attacker to cause a denial of service (DoS) or a kernel information leak.MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2071022 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2071022 | MISC:https://www.openwall.com/lists/oss-security/2022/04/12/3 | URL:https://www.openwall.com/lists/oss-security/2022/04/12/3Assigned (20220408)
CVE-2022-1281CandidateThe Photo Gallery WordPress plugin through 1.6.3 does not properly escape the $_POST['filter_tag'] parameter, which is appended to an SQL query, making SQL Injection attacks possible.CONFIRM:https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758&old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php | URL:https://plugins.trac.wordpress.org/changeset/2706797/photo-gallery/trunk/frontend/models/BWGModelGalleryBox.php?old=2587758&old_path=photo-gallery%2Ftrunk%2Ffrontend%2Fmodels%2FBWGModelGalleryBox.php | MISC:https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8de | URL:https://wpscan.com/vulnerability/2b4866f2-f511-41c6-8135-cf1e0263d8deAssigned (20220408)
CVE-2022-1282CandidateThe Photo Gallery by 10Web WordPress plugin before 1.6.3 does not properly sanitize the $_GET['image_url'] variable, which is reflected back to the users when executing the editimage_bwg AJAX action.CONFIRM:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2706798%40photo-gallery&old=2694928%40photo-gallery&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2706798%40photo-gallery&old=2694928%40photo-gallery&sfp_email=&sfph_mail= | MISC:https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6 | URL:https://wpscan.com/vulnerability/37a58f4e-d2bc-4825-8e1b-4aaf0a1cf1b6Assigned (20220408)
CVE-2022-1283CandidateNULL Pointer Dereference in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability allows attackers to cause a denial of service (application crash).CONFIRM:https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013 | URL:https://huntr.dev/bounties/bfeb8fb8-644d-4587-80d4-cb704c404013 | MISC:https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67 | URL:https://github.com/radareorg/radare2/commit/18d1d064bf599a255d55f09fca3104776fc34a67Assigned (20220408)
CVE-2022-1284Candidateheap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service.CONFIRM:https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7 | URL:https://huntr.dev/bounties/e98ad92c-3a64-48fb-84d4-d13afdbcbdd7 | MISC:https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6 | URL:https://github.com/radareorg/radare2/commit/64a82e284dddabaeb549228380103b57dead32a6Assigned (20220408)
CVE-2022-1285CandidateServer-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.CONFIRM:https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d | URL:https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d | MISC:https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f | URL:https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7fAssigned (20220409)
CVE-2022-1286Candidateheap-buffer-overflow in mrb_vm_exec in mruby/mruby in GitHub repository mruby/mruby prior to 3.2. Possible arbitrary code execution if being exploited.CONFIRM:https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189 | URL:https://huntr.dev/bounties/f918376e-b488-4113-963d-ffe8716e4189 | MISC:https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9 | URL:https://github.com/mruby/mruby/commit/b1d0296a937fe278239bdfac840a3fd0e93b3ee9Assigned (20220409)
CVE-2022-1287CandidateA vulnerability classified as critical was found in School Club Application System 1.0. This vulnerability affects a request to the file /scas/classes/Users.php?f=save_user. The manipulation with a POST request leads to privilege escalation. The attack can be initiated remotely and does not require authentication. The exploit has been disclosed to the public and may be used.MISC:https://vuldb.com/?id.196750 | URL:https://vuldb.com/?id.196750Assigned (20220409)
CVE-2022-1288CandidateA vulnerability, which was classified as problematic, has been found in School Club Application System 1.0. This issue affects access to /scas/admin/. The manipulation of the parameter page with the input %22%3E%3Cimg%20src=x%20onerror=alert(1)%3E leads to a reflected cross site scripting. The attack may be initiated remotely and does not require any form of authentication. The exploit has been disclosed to the public and may be used.MISC:https://vuldb.com/?id.196751 | URL:https://vuldb.com/?id.196751Assigned (20220409)
CVE-2022-1289CandidateA denial of service vulnerability was found in tildearrow Furnace. It has been classified as problematic. This is due to an incomplete fix of CVE-2022-1211. It is possible to initiate the attack remotely but it requires user interaction. The issue got fixed with the patch 0eb02422d5161767e9983bdaa5c429762d3477ce.MISC:https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce | URL:https://github.com/tildearrow/furnace/commit/0eb02422d5161767e9983bdaa5c429762d3477ce | MISC:https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655 | URL:https://github.com/tildearrow/furnace/issues/325#issuecomment-1094139655 | MISC:https://vuldb.com/?id.196755 | URL:https://vuldb.com/?id.196755Assigned (20220410)
CVE-2022-1290CandidateStored XSS in "Name", "Group Name" & "Title" in GitHub repository polonel/trudesk prior to v1.2.0. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.CONFIRM:https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed | URL:https://huntr.dev/bounties/da6d03e6-053f-43b6-99a7-78c2e386e3ed | MISC:https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ec | URL:https://github.com/polonel/trudesk/commit/4f48b3bb86ba66a0085803591065bb6437e864ecAssigned (20220410)
CVE-2022-1291CandidateXSS vulnerability with default `onCellHtmlData` function in GitHub repository hhurz/tableexport.jquery.plugin prior to 1.25.0. Transmitting cookies to third-party servers. Sending data from secure sessions to third-party serversCONFIRM:https://huntr.dev/bounties/49a14371-6058-47dd-9801-ec38a7459fc5 | URL:https://huntr.dev/bounties/49a14371-6058-47dd-9801-ec38a7459fc5 | MISC:https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9 | URL:https://github.com/hhurz/tableexport.jquery.plugin/commit/dcbaee23cf98328397a153e71556f75202988ec9Assigned (20220410)
CVE-2022-1292CandidateThe c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).CONFIRM:https://security.netapp.com/advisory/ntap-20220729-0004/ | CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 | URL:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2 | CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb | URL:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb | CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 | URL:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23 | CONFIRM:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 | URL:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011 | CONFIRM:https://security.netapp.com/advisory/ntap-20220602-0009/ | URL:https://security.netapp.com/advisory/ntap-20220602-0009/ | CONFIRM:https://www.openssl.org/news/secadv/20220503.txt | URL:https://www.openssl.org/news/secadv/20220503.txt | DEBIAN:DSA-5139 | URL:https://www.debian.org/security/2022/dsa-5139 | FEDORA:FEDORA-2022-b651cb69e6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VX4KWHPMKYJL6ZLW4M5IU7E5UV5ZWJQU/ | FEDORA:FEDORA-2022-c9c02865f6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNU5M7BXMML26G3GPYKFGQYPQDRSNKDD/ | GENTOO:GLSA-202210-02 | URL:https://security.gentoo.org/glsa/202210-02 | MISC:https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf | MISC:https://www.oracle.com/security-alerts/cpujul2022.html | URL:https://www.oracle.com/security-alerts/cpujul2022.html | MLIST:[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update | URL:https://lists.debian.org/debian-lts-announce/2022/05/msg00019.htmlAssigned (20220411)
CVE-2022-1293CandidateThe embedded neutralization of Script-Related HTML Tag, was by-passed in the case of some extra conditions.MISC:https://www.ercom.com/security-updates | URL:https://www.ercom.com/security-updatesAssigned (20220411)
CVE-2022-1294CandidateThe IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedMISC:https://wpscan.com/vulnerability/205a24b8-6d14-4458-aecd-79748e1324c7 | URL:https://wpscan.com/vulnerability/205a24b8-6d14-4458-aecd-79748e1324c7Assigned (20220411)
CVE-2022-1295CandidatePrototype Pollution in GitHub repository alvarotrigo/fullpage.js prior to 4.0.2.CONFIRM:https://huntr.dev/bounties/3b9d450c-24ac-4037-b04d-4d4dafbf593a | URL:https://huntr.dev/bounties/3b9d450c-24ac-4037-b04d-4d4dafbf593a | MISC:https://github.com/alvarotrigo/fullpage.js/commit/bf62492a22e5d296e63c3ed918a42fc5645a0d48 | URL:https://github.com/alvarotrigo/fullpage.js/commit/bf62492a22e5d296e63c3ed918a42fc5645a0d48Assigned (20220411)
CVE-2022-1296CandidateOut-of-bounds read in `r_bin_ne_get_relocs` function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.CONFIRM:https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0 | URL:https://huntr.dev/bounties/52b57274-0e1a-4d61-ab29-1373b555fea0 | MISC:https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6 | URL:https://github.com/radareorg/radare2/commit/153bcdc29f11cd8c90e7d639a7405450f644ddb6Assigned (20220411)
CVE-2022-1297CandidateOut-of-bounds Read in r_bin_ne_get_entrypoints function in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability may allow attackers to read sensitive information or cause a crash.CONFIRM:https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac | URL:https://huntr.dev/bounties/ec538fa4-06c6-4050-a141-f60153ddeaac | MISC:https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6 | URL:https://github.com/radareorg/radare2/commit/0a557045476a2969c7079aec9eeb29d02f2809c6Assigned (20220411)
CVE-2022-1298CandidateThe Tabs WordPress plugin before 2.2.8 does not sanitise and escape Tab descriptions, which could allow high privileged users with a role as low as editor to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedMISC:https://wpscan.com/vulnerability/e124d1ab-3e02-4ca5-8218-ce635e8bf074 | URL:https://wpscan.com/vulnerability/e124d1ab-3e02-4ca5-8218-ce635e8bf074Assigned (20220411)
CVE-2022-1299CandidateThe Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedMISC:https://wpscan.com/vulnerability/8c46adb1-82d7-4621-a8c3-15cd90e98b96 | URL:https://wpscan.com/vulnerability/8c46adb1-82d7-4621-a8c3-15cd90e98b96Assigned (20220411)
CVE-2022-1300CandidateMultiple Version of TRUMPF TruTops products expose a service function without necessary authentication. Execution of this function may result in unauthorized access to change of data or disruption of the whole service.CONFIRM:https://cert.vde.com/en/advisories/VDE-2022-016/ | URL:https://cert.vde.com/en/advisories/VDE-2022-016/Assigned (20220411)
CVE-2022-1301CandidateThe WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8 | URL:https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8Assigned (20220411)
CVE-2022-1302CandidateIn the MZ Automation LibIEC61850 in versions prior to 1.5.1 an unauthenticated attacker can craft a goose message, which may result in a denial of service.CONFIRM:https://libiec61850.com/new-release-1-5-1-of-libiec61850/ | URL:https://libiec61850.com/new-release-1-5-1-of-libiec61850/Assigned (20220411)
CVE-2022-1303CandidateThe Slide Anything WordPress plugin before 2.3.44 does not sanitize and escape sliders' description, which could allow high privilege users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/590b446d-f8bc-49b0-93e7-2a6f2e6f62f1 | URL:https://wpscan.com/vulnerability/590b446d-f8bc-49b0-93e7-2a6f2e6f62f1Assigned (20220411)
CVE-2022-1304CandidateAn out-of-bounds read/write vulnerability was found in e2fsprogs 1.46.5. This issue leads to a segmentation fault and possibly arbitrary code execution via a specially crafted filesystem.MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2069726 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2069726Assigned (20220411)
CVE-2022-1305CandidateUse after free in storage in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1285234 | URL:https://crbug.com/1285234Assigned (20220411)
CVE-2022-1306CandidateInappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1299287 | URL:https://crbug.com/1299287Assigned (20220411)
CVE-2022-1307CandidateInappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1301873 | URL:https://crbug.com/1301873Assigned (20220411)
CVE-2022-1308CandidateUse after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1283050 | URL:https://crbug.com/1283050Assigned (20220411)
CVE-2022-1309CandidateInsufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1106456 | URL:https://crbug.com/1106456Assigned (20220411)
CVE-2022-1310CandidateUse after free in regular expressions in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1307610 | URL:https://crbug.com/1307610Assigned (20220411)
CVE-2022-1311CandidateUse after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1310717 | URL:https://crbug.com/1310717Assigned (20220411)
CVE-2022-1312CandidateUse after free in storage in Google Chrome prior to 100.0.4896.88 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1311701 | URL:https://crbug.com/1311701Assigned (20220411)
CVE-2022-1313CandidateUse after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1270539 | URL:https://crbug.com/1270539Assigned (20220411)
CVE-2022-1314CandidateType confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.GENTOO:GLSA-202208-25 | URL:https://security.gentoo.org/glsa/202208-25 | MISC:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-1314 | MISC:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | URL:https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html | MISC:https://crbug.com/1304658 | URL:https://crbug.com/1304658Assigned (20220411)
CVE-2022-1315Candidate** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Assigned (20220411)
CVE-2022-1316CandidateIncorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege EscalationMISC:https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9 | URL:https://github.com/zerotier/zerotierone/commit/ffb444dbeb6bea3cb155502395e61cb6d18708c9 | MISC:https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022 | URL:https://huntr.dev/bounties/e7835226-1b20-4546-b256-3f625badb022Assigned (20220411)
CVE-2022-1317Candidate** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.Assigned (20220411)
CVE-2022-1318CandidateHills ComNav version 3002-19 suffers from a weak communication channel. Traffic across the local network for the configuration pages can be viewed by a malicious actor. The size of certain communications packets are predictable. This would allow an attacker to learn the state of the system if they can observe the traffic. This would be possible even if the traffic were encrypted, e.g., using WPA2, as the packet sizes would remain observable. The communication encryption scheme is theoretically sound, but is not strong enough for the level of protection required.CONFIRM:https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdf | URL:https://www.corporate.carrier.com/Images/CARR-PSA-Hills-ComNav-002-1121_tcm558-149392.pdfAssigned (20220411)
CVE-2022-1319CandidateA flaw was found in Undertow. For an AJP 400 response, EAP 7 is improperly sending two response packets, and those packets have the reuse flag set even though JBoss EAP closes the connection. A failure occurs when the connection is reused after a 400 by CPING since it reads in the second SEND_HEADERS response packet instead of a CPONG.MISC:https://access.redhat.com/security/cve/CVE-2022-1319 | URL:https://access.redhat.com/security/cve/CVE-2022-1319 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2073890 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2073890 | MISC:https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b | URL:https://github.com/undertow-io/undertow/commit/1443a1a2bbb8e32e56788109d8285db250d55c8b | MISC:https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3 | URL:https://github.com/undertow-io/undertow/commit/7c5b3ab885b5638fd3f1e8a935d5063d68aa2df3 | MISC:https://issues.redhat.com/browse/UNDERTOW-2060 | URL:https://issues.redhat.com/browse/UNDERTOW-2060 | MISC:https://security.netapp.com/advisory/ntap-20221014-0006/ | URL:https://security.netapp.com/advisory/ntap-20221014-0006/Assigned (20220412)
CVE-2022-1320CandidateThe Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/43581d6b-333a-48d9-a1ae-b9479da8ff87 | URL:https://wpscan.com/vulnerability/43581d6b-333a-48d9-a1ae-b9479da8ff87Assigned (20220412)
CVE-2022-1321CandidateThe miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfiltered_html is disallowed (for example in multisite setup)MISC:https://wpscan.com/vulnerability/b8784995-0deb-4c83-959f-52b37881e05c | URL:https://wpscan.com/vulnerability/b8784995-0deb-4c83-959f-52b37881e05cAssigned (20220412)
CVE-2022-1322CandidateThe Coming Soon - Under Construction WordPress plugin through 1.1.9 does not sanitize and escape some of its settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/e1724471-26bd-4cb3-a279-51783102ed0c | URL:https://wpscan.com/vulnerability/e1724471-26bd-4cb3-a279-51783102ed0cAssigned (20220412)
CVE-2022-1323CandidateThe Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request.MISC:https://wpscan.com/vulnerability/2d8020e1-6489-4555-9956-2dc190aaa61b | URL:https://wpscan.com/vulnerability/2d8020e1-6489-4555-9956-2dc190aaa61bAssigned (20220412)
CVE-2022-1324CandidateThe Event Timeline WordPress plugin through 1.1.5 does not sanitize and escape Timeline Text, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fd | URL:https://wpscan.com/vulnerability/2ce2a387-acc8-482a-9452-a4d9acb187fdAssigned (20220412)
CVE-2022-1325CandidateA flaw was found in Clmg, where with the help of a maliciously crafted pandore or bmp file with modified dx and dy header field values it is possible to trick the application into allocating huge buffer sizes like 64 Gigabyte upon reading the file from disk or from a virtual buffer.MISC:https://access.redhat.com/security/cve/CVE-2022-1325 | URL:https://access.redhat.com/security/cve/CVE-2022-1325 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2074549 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2074549 | MISC:https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90 | URL:https://github.com/GreycLab/CImg/commit/619cb58dd90b4e03ac68286c70ed98acbefd1c90 | MISC:https://github.com/GreycLab/CImg/issues/343 | URL:https://github.com/GreycLab/CImg/issues/343 | MISC:https://github.com/GreycLab/CImg/pull/348 | URL:https://github.com/GreycLab/CImg/pull/348 | MISC:https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/ | URL:https://huntr.dev/bounties/a5e4fc45-8f14-4dd1-811b-740fc50c95d2/Assigned (20220412)
CVE-2022-1326CandidateThe Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/f57615d9-a567-4c2a-9f06-2c6b61f56074 | URL:https://wpscan.com/vulnerability/f57615d9-a567-4c2a-9f06-2c6b61f56074Assigned (20220412)
CVE-2022-1327CandidateThe Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1e | URL:https://wpscan.com/vulnerability/6b71eb38-0a4a-49d1-96bc-84bbe675be1eAssigned (20220412)
CVE-2022-1328CandidateBuffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input lineCONFIRM:https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json | URL:https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1328.json | MISC:https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 | URL:https://gitlab.com/muttmua/mutt/-/commit/e5ed080c00e59701ca62ef9b2a6d2612ebf765a5 | MISC:https://gitlab.com/muttmua/mutt/-/issues/404 | URL:https://gitlab.com/muttmua/mutt/-/issues/404Assigned (20220412)
CVE-2022-1329CandidateThe Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.MISC:http://packetstormsecurity.com/files/168615/WordPress-Elementor-3.6.2-Shell-Upload.html | MISC:https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/ | MISC:https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.php | URL:https://plugins.trac.wordpress.org/changeset/2708766/elementor/trunk/core/app/modules/onboarding/module.php | MISC:https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/ | URL:https://www.wordfence.com/blog/2022/04/elementor-critical-remote-code-execution-vulnerability/Assigned (20220412)
CVE-2022-1330Candidatestored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .CONFIRM:https://huntr.dev/bounties/08d2a6d0-772f-4b05-834e-86343f263c35 | URL:https://huntr.dev/bounties/08d2a6d0-772f-4b05-834e-86343f263c35 | MISC:https://github.com/alvarotrigo/fullpage.js/commit/e7a5db42711700c8a584e61b5e532a64039fe92b | URL:https://github.com/alvarotrigo/fullpage.js/commit/e7a5db42711700c8a584e61b5e532a64039fe92bAssigned (20220412)
CVE-2022-1331CandidateIn four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.MISC:https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-01 | URL:https://www.cisa.gov/uscert/ics/advisories/icsa-22-104-01Assigned (20220412)
CVE-2022-1332CandidateOne of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.MISC:https://mattermost.com/security-updates/ | URL:https://mattermost.com/security-updates/Assigned (20220413)
CVE-2022-1333CandidateMattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.MISC:https://mattermost.com/security-updates/ | URL:https://mattermost.com/security-updates/Assigned (20220413)
CVE-2022-1334CandidateThe WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/af3b32c9-f386-4bb6-a362-86a27f49a739 | URL:https://wpscan.com/vulnerability/af3b32c9-f386-4bb6-a362-86a27f49a739Assigned (20220413)
CVE-2022-1335CandidateThe Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/cfc80857-8674-478f-9604-7a8849e5b85e | URL:https://wpscan.com/vulnerability/cfc80857-8674-478f-9604-7a8849e5b85eAssigned (20220413)
CVE-2022-1336CandidateThe Carousel CK WordPress plugin through 1.1.0 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowedMISC:https://wpscan.com/vulnerability/39e127f1-c36e-4699-892f-3755ee17bab6 | URL:https://wpscan.com/vulnerability/39e127f1-c36e-4699-892f-3755ee17bab6Assigned (20220413)
CVE-2022-1337CandidateThe image proxy component in Mattermost version 6.4.1 and earlier allocates memory for multiple copies of a proxied image, which allows an authenticated attacker to crash the server via links to very large image files.MISC:https://mattermost.com/security-updates/ | URL:https://mattermost.com/security-updates/Assigned (20220413)
CVE-2022-1338CandidateThe Easily Generate Rest API Url WordPress plugin through 1.0.0 does not escape some of its settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowedMISC:https://wpscan.com/vulnerability/51b91d0e-33af-41ce-b95f-d422586f1d5f | URL:https://wpscan.com/vulnerability/51b91d0e-33af-41ce-b95f-d422586f1d5fAssigned (20220413)
CVE-2022-1339CandidateSQL injection in ElementController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the dataCONFIRM:https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9 | URL:https://huntr.dev/bounties/ae8dc737-844e-40da-a9f7-e72d8e50f6f9 | MISC:https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752c | URL:https://github.com/pimcore/pimcore/commit/adae3be64427466bf0df15ceaea2ac30da93752cAssigned (20220413)
CVE-2022-1340CandidateCross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0.CONFIRM:https://huntr.dev/bounties/4746f149-fc55-48a1-a7ab-fd7c7412c05a | URL:https://huntr.dev/bounties/4746f149-fc55-48a1-a7ab-fd7c7412c05a | MISC:https://github.com/yetiforcecompany/yetiforcecrm/commit/2c14baaf8dbc7fd82d5c585f2fa0c23528450618 | URL:https://github.com/yetiforcecompany/yetiforcecrm/commit/2c14baaf8dbc7fd82d5c585f2fa0c23528450618Assigned (20220413)
CVE-2022-1341CandidateAn issue was discovered in in bwm-ng v0.6.2. An arbitrary null write exists in get_cmdln_options() function in src/options.c.MISC:https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17 | URL:https://github.com/vgropp/bwm-ng/commit/9774f23bf78a6e6d3ae4cfe3d73bad34f2fdcd17 | MISC:https://github.com/vgropp/bwm-ng/issues/26 | URL:https://github.com/vgropp/bwm-ng/issues/26Assigned (20220413)
CVE-2022-1342CandidateA lack of password masking in Devolutions Remote Desktop Manager allows physically proximate attackers to observe sensitive data. A caching issue can cause sensitive fields to sometimes stay revealed when closing and reopening a panel, which could lead to involuntarily disclosing sensitive information. This issue affects: Devolutions Remote Desktop Manager 2022.1.24 version and prior versions.MISC:https://devolutions.net/security/advisories/DEVO-2022-0003 | URL:https://devolutions.net/security/advisories/DEVO-2022-0003Assigned (20220413)
CVE-2022-1343CandidateThe function `OCSP_basic_verify` verifies the signer certificate on an OCSP response. In the case where the (non-default) flag OCSP_NOCHECKS is used then the response will be positive (meaning a successful verification) even in the case where the response signing certificate fails to verify. It is anticipated that most users of `OCSP_basic_verify` will not use the OCSP_NOCHECKS flag. In this case the `OCSP_basic_verify` function will return a negative value (indicating a fatal error) in the case of a certificate verification failure. The normal expected return value in this case would be 0. This issue also impacts the command line OpenSSL "ocsp" application. When verifying an ocsp response with the "-no_cert_checks" option the command line application will report that the verification is successful even though it has in fact failed. In this case the incorrect successful response will also be accompanied by error messages showing the failure and contradicting the apparently successful result. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).CONFIRM:https://security.netapp.com/advisory/ntap-20220602-0009/ | CONFIRM:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a | URL:https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2eda98790c5c2741d76d23cc1e74b0dc4f4b391a | CONFIRM:https://www.openssl.org/news/secadv/20220503.txt | URL:https://www.openssl.org/news/secadv/20220503.txt | MISC:https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdfAssigned (20220413)
CVE-2022-1344CandidateStored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.CONFIRM:https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c | URL:https://huntr.dev/bounties/35f66966-af13-4f07-9734-0c50fdfc3a8c | MISC:https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a | URL:https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43aAssigned (20220413)
CVE-2022-1345CandidateStored XSS viva .svg file upload in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.CONFIRM:https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25 | URL:https://huntr.dev/bounties/781b5c2a-bc98-41a0-a276-ea12399e5a25 | MISC:https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a | URL:https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43aAssigned (20220413)
CVE-2022-1346CandidateMultiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse.CONFIRM:https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f | URL:https://huntr.dev/bounties/8fe435b0-192f-41ca-b41e-580fcd34892f | MISC:https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a | URL:https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43aAssigned (20220413)
CVE-2022-1347CandidateStored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalationCONFIRM:https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf | URL:https://huntr.dev/bounties/6059501f-05d2-4e76-ae03-5eb64835e6bf | MISC:https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43a | URL:https://github.com/causefx/organizr/commit/a09d834d995599756b62016af7026d2408ecf43aAssigned (20220413)
CVE-2022-1348CandidateA vulnerability was found in logrotate in how the state file is created. The state file is used to prevent parallel executions of multiple instances of logrotate by acquiring and releasing a file lock. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation. This flaw affects logrotate versions before 3.20.0.FEDORA:FEDORA-2022-87c0f05204 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYEB4F37BY6GLEJKP2EPVAVQ6TA3HQKR/ | FEDORA:FEDORA-2022-ff0188b37c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y7EHGYRE6DSFSBXQIWYDGTSXKO6IFSJQ/ | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-1348 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-1348 | MLIST:[oss-security] 20220525 Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file | URL:http://www.openwall.com/lists/oss-security/2022/05/25/3 | MLIST:[oss-security] 20220525 Re: Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file | URL:http://www.openwall.com/lists/oss-security/2022/05/25/4 | MLIST:[oss-security] 20220525 Re: Re: CVE-2022-1348 logrotate: potential DoS from unprivileged users via the state file | URL:http://www.openwall.com/lists/oss-security/2022/05/25/5Assigned (20220413)
CVE-2022-1349CandidateThe WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user.MISC:https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa | URL:https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aaAssigned (20220413)
CVE-2022-1350CandidateA vulnerability classified as problematic was found in GhostPCL 9.55.0. This vulnerability affects the function chunk_free_object of the file gsmchunk.c. The manipulation with a malicious file leads to a memory corruption. The attack can be initiated remotely but requires user interaction. The exploit has been disclosed to the public as a POC and may be used. It is recommended to apply the patches to fix this issue.MISC:https://bugs.ghostscript.com/attachment.cgi?id=22323 | URL:https://bugs.ghostscript.com/attachment.cgi?id=22323 | MISC:https://bugs.ghostscript.com/show_bug.cgi?id=705156 | URL:https://bugs.ghostscript.com/show_bug.cgi?id=705156 | MISC:https://vuldb.com/?id.197290 | URL:https://vuldb.com/?id.197290Assigned (20220414)
CVE-2022-1351CandidateStored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4.CONFIRM:https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615 | URL:https://huntr.dev/bounties/c23ae6c2-2e53-4bf5-85b0-e90418476615 | MISC:https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7ac | URL:https://github.com/pimcore/pimcore/commit/8c39a8b8f14dce078b31f61c4da599ca6f8fc7acAssigned (20220414)
CVE-2022-1352CandidateDue to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members.CONFIRM:https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1352.json | URL:https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-1352.json | MISC:https://gitlab.com/gitlab-org/gitlab/-/issues/350691 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/350691 | MISC:https://hackerone.com/reports/1450306 | URL:https://hackerone.com/reports/1450306Assigned (20220414)
CVE-2022-1353CandidateA vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.CONFIRM:https://security.netapp.com/advisory/ntap-20220629-0001/ | DEBIAN:DSA-5127 | URL:https://www.debian.org/security/2022/dsa-5127 | DEBIAN:DSA-5173 | URL:https://www.debian.org/security/2022/dsa-5173 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2066819 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2066819 | MISC:https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c | URL:https://github.com/torvalds/linux/commit/9a564bccb78a76740ea9d75a259942df8143d02c | MLIST:[debian-lts-announce] 20220701 [SECURITY] [DLA 3065-1] linux security update | URL:https://lists.debian.org/debian-lts-announce/2022/07/msg00000.htmlAssigned (20220414)
CVE-2022-1354CandidateA heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffinfo tool, triggering a heap buffer overflow issue and causing a crash that leads to a denial of service.MISC:DSA-5333 | URL:https://www.debian.org/security/2023/dsa-5333 | MISC:GLSA-202210-10 | URL:https://security.gentoo.org/glsa/202210-10 | MISC:[debian-lts-announce] 20230120 [SECURITY] [DLA 3278-1] tiff security update | URL:https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html | MISC:https://access.redhat.com/security/cve/CVE-2022-1354 | URL:https://access.redhat.com/security/cve/CVE-2022-1354 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2074404 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2074404 | MISC:https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798 | URL:https://gitlab.com/libtiff/libtiff/-/commit/87f580f39011109b3bb5f6eca13fac543a542798 | MISC:https://gitlab.com/libtiff/libtiff/-/issues/319 | URL:https://gitlab.com/libtiff/libtiff/-/issues/319 | MISC:https://security.netapp.com/advisory/ntap-20221014-0007/ | URL:https://security.netapp.com/advisory/ntap-20221014-0007/Assigned (20220414)