Monthly Archive: May 2022

A buffer overflow vulnerability in Lenovo Smart Standby Driver prior to version 4.1.50.0 could allow a local attacker to cause denial of service. Date published : 2022-05-18 https://support.lenovo.com/us/en/product_security/LEN-79452

SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched. Date published : 2022-05-18 https://community.snowsoftware.com/s/feed/0D5690000BsNCO6CQO

Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter. Date published : 2022-05-17 CVE-2021-42943

cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the configuration file information of the website such as the database configuration file (config / config_database) can be read through this vulnerability....

cmseasy V7.7.5_20211012 is affected by an arbitrary file write vulnerability. Through this vulnerability, a PHP script file is written to the website server, and accessing this file can lead to a code execution vulnerability....

IBM DataPower Gateway 10.0.2.0, 10.0.3.0, 10.0.1.0 through 10.0.1.4, and 2018.4.1.0 through 2018.4.1.17 could allow a remote user to cause a denial of service by consuming resources with multiple requests. IBM X-Force ID: 208348. Date...

This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable...

IBM Sterling Secure Proxy 6.0.3 and IBM Secure External Authentication Server 6.0.3 does not properly ensure that a certificate is actually associated with the host due to improper validation of certificates. IBM X-Force ID:...

HashiCorp Vault and Vault Enterprise from 1.10.0 to 1.10.2 did not correctly configure and enforce MFA on login after server restarts. This affects the Login MFA feature introduced in Vault and Vault Enterprise 1.10.0...

needrestart 0.8 through 3.5 before 3.6 is prone to local privilege escalation. Regexes to detect the Perl, Python, and Ruby interpreters are not anchored, allowing a local user to escalate privileges when needrestart tries...

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via /admin/users/save.php. Date published : 2022-05-17 https://github.com/APTX-4879/CVE https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30073.pdf

WBCE CMS 1.5.2 is vulnerable to Cross Site Scripting (XSS) via adminpagessections_save.php namesection2 parameters. Date published : 2022-05-17 https://github.com/APTX-4879/CVE https://github.com/APTX-4879/CVE/blob/main/CVE-2022-30072.pdf

GIMP 2.10.30 and 2.99.10 are vulnerable to Buffer Overflow. Through a crafted XCF file, the program will allocate for a huge amount of memory, resulting in insufficient memory or program crash. Date published :...

In Covid 19 Travel Pass Management 1.0, the code parameter is vulnerable to SQL injection attacks. Date published : 2022-05-17 https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Covid-19-Travel-Pass-Management