CVE-2024-25385: Analyzing the Vulnerability in flvmeta v1.2.2 That Allows Attackers to Cause a Denial of Service Attack
CVE-2023-52161 - Unauthorized access to protected Wi-Fi networks via EAPOL handshake manipulation in iNet Wireless Daemon (IWD)
CVE-2024-25851 - Explained: Netis WF278 v2.1.40144 Command Injection Vulnerability via config_sequence
CVE-2023-49100 - Trusted Firmware-A (TF-A) Out-of-Bounds Read in SDEI Service and Its Implications
CVE-2022-45177 - LIVEBOX Collaboration vDesk Observable Response Discrepancy Issue
CVE-2022-45169: LIVEBOX Collaboration vDesk Open Redirect Vulnerability & Exploit
CVE-2023-52437 - A Deep Dive into the Withdrawn Vulnerability
CVE-2022-45320: Liferay Portal Vulnerability Allows Remote Authenticated Users to Gain Ownership of Wiki Pages
CVE-2023-45286: Race Condition in Go-Resty Library Discloses HTTP Request Bodies Across Requests
CVE-2023-39325 - Mitigating Malicious HTTP/2 Client Attacks via Server Resource Consumption Limitation
CVE-2023-36922 - Unauthorized Command Injection in SAP NetWeaver ABAP (IS-OIL) due to Programming Error
CVE-2021-38561 The index calculation of golang.org/x/text before 0.3.7 is mishandled, causing an out-of-bounds read in BCP 47 tag parsing.
CVE-2021-44856 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
CVE-2022-41767 An issue was found in MediaWiki before 1.35.8, 1.36.x, 1.37.x, and 1.38.x before 1.38.3.
CVE-2022-37706 Enlightenment before 0.25.4 is setuid root and has a system library function that mishandles pathnames that begin with /dev.
CVE-2022-42898 MIT Kerberos 5 has an integer overflow that may lead to remote code execution on 32-bit platforms.
CVE-2022-45197 Slixmpp before 1.8.3 lacks SSL Certificate hostname validation, which allows an attacker to pose as any server.
CVE-2022-42931 The password was saved by the Form Manager, not the password manager.
CVE-2022-42932 Memory safety bugs were found in Thunderbird 102.3.
CVE-2022-36319 Overflow and transform can interfere with each other, resulting in unpredictable mouse behavior.
CVE-2022-22754 An extension could have auto-updated itself and bypassed the prompt which grants it requested permissions.
CVE-2022-29918 Mozillla developers reported memory safety bugs in Firefox 99.
CVE-2022-36317 An overly long URL can cause a Denial of Service. This only applies to Firefox for Android.
CVE-2022-42930 If two Workers initialize CacheStorage, a data race could happen in ThirdPartyUtil
CVE-2022-2226 An OpenPGP digital signature includes the date when the signature was created. When displaying an email with a digital signature, the email's date will be shown.
CVE-2022-22738 An application could access out of bounds memory and cause a heap buffer overflow. This could be exploited to crash the application.
CVE-2022-22741 Resizing a popup while requesting fullscreen access would make it impossible to leave fullscreen mode.
CVE-2022-22744 The "Copy as curl" feature in DevTools isn't properly escaped for PowerShell. This could lead to command injection in a powershell prompt. This bug affects only Thunderbird for Windows.
CVE-2022-29911 An improper implementation of code>allow-top-navigation-by-user-activation/code> could lead to script execution without code>allow-scripts/code> being present.
CVE-2022-22748 Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program or handling an external URL protocol.
CVE-2022-29909 Documents in deeply-nested cross-origin browsing contexts could have gained the top-level origin's permissions, bypassing the prompt and possibly inheriting the permissions.
CVE-2022-45421 Mozilla developers Andrew McCreight and Gabriele Svelto found memory safety bugs in Thunderbird 102.4.
CVE-2022-34472 If a PAC URL is set and the server hosting the PAC is not reachable, OCSP requests will be blocked, resulting in incorrect error pages.
CVE-2022-45404 An attacker can go fullscreen through popups and code>window.print()/code> calls. This can lead to user confusion or spoofing attacks.
CVE-2022-38477 Firefox 103 and ESR 102.1 have memory safety bugs.
CVE-2022-36320 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-28282 Using a link rel="localization"> could lead to a use-after-free and potential exploitable crash.
CVE-2022-2505 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-34482 An attacker could trick a user to drag and drop an image to a filesystem to get an executable filename, which could contain malicious code.
CVE-2022-34478 The ms-msdt, search, and search-ms protocols bring content from browsers to Microsoft applications, avoiding the browser.
CVE-2022-42929 A browser may shut down if a site calls code>window.print()/code>, which may persist beyond browser restart.
CVE-2022-2200 An attacker can corrupt an object prototype to set undesired attributes, which can lead to privileged code execution.
CVE-2022-34480 An allocated pointer would be freed if one allocation fails.
CVE-2022-3034 An code>iframe/code> was specified in an HTML email, but Thunderbird didn't load the document.
CVE-2022-3033 An HTML email containing a code>meta/code> tag with the code>http-equiv="refresh"> attribute can be used to launch a DNS request and refresh the page. This can be used to launch a phishing attack.
CVE-2022-3032 An code>iframe/code> element with a code>srcdoc/code> attribute could use remote objects inside the nested document, which were not blocked.
CVE-2022-31736 A malicious website could have learned the size of a cross-origin resource.
CVE-2022-36318 When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-31740 WASM code could cause a register allocation problem and exploitable crash on arm64.
CVE-2022-1802 An attacker could have corrupted the methods of an Array object to achieve execution of attacker-controlled code in a privileged context
CVE-2022-42928 An annotation missing in some allocated types could have lead to memory corruption and a crash.
CVE-2022-34479 A malicious website that shows a popup could take over the address bar and spoof users.
CVE-2022-42927 A same-origin policy violation could have allowed theft of cross-origin URL entries, leaking the result of a redirect.
CVE-2022-38472 XSLT error handling can be abused to associate attacker-controlled content with another origin. This could be used to fool the user into submitting data intended for the spoofed origin.
CVE-2022-38474 A website with microphone access could record audio without notification.
CVE-2022-0566 An attacker can write 1 byte outside of Thunderbird's bounds to exploit this vulnerability.
CVE-2022-28287 Text selection could cause text selection caching to behave incorrectly, causing a crash.
CVE-2022-3775 Grub2's font code doesn't validate if the glyph's width and height is in bitmap size.
CVE-2022-20691 The Cisco ATA 190 Series Adaptive Telephone Adapter has a vulnerability that could be exploited to cause a DoS condition.
CVE-2022-20687 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20689 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20686 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20690 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-33186 Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, and earlier versions have a vulnerability that could allow a remote unauthenticated attacker to execute commands on the switch that could disable the switch or modify Zoning.
CVE-2022-41622 BIG-IP and BIG-IQ are vulnerable to CSRF attacks through iControl SOAP.
CVE-2022-35256: Exploring the Vulnerability in Node v18.7.'s llhttp Parser and its Impact on HTTP Request Smuggling
CVE-2022-35260 - Curl Buffer Overflow in `.netrc` File Parsing Could Lead to Denial-of-Service
CVE-2022-4252 SourceCodester Canteen Management System has a vulnerability that is classified as problematic. The manipulation leads to cross site scripting.
CVE-2022-36431 An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 18.104.22.168 allows unauthenticated attackers to execute arbitrary code.
CVE-2022-44294 The Sanitization Management System v1.0 is vulnerable to SQL Injection.
CVE-2022-36136 The latest version of the ChurchCRM XSS vulnerabilities allow attackers to store XSS.
CVE-2022-36137 CRM version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS.
CVE-2022-41912 The crewjam/saml go library before version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9.
CVE-2022-39332 Nextcloud desktop sync client with desktop client application, attacker can inject HTML.
CVE-2022-41158 Vulnerable code can be created with cookie values as file paths.
CVE-2022-40282 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection
CVE-2022-45884 An issue was discovered in the Linux kernel through 6.0.9
CVE-2022-29825 An attacker can access sensitive information using an hard-coded password vulnerability in Mitsubishi Electric GX Works3 versions.
CVE-2022-44255 An overflow in the pre-authentication function of the TOTOLINK LR350 V9.3.5u.6369_B20220309 has been found.
CVE-2020-23591 An attacker can upload files through the " /mgm_dev_upgrade.asp " to delete all files for Denial of Service.
CVE-2022-44201 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44806 D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
CVE-2022-44187 Netgear R7000P V22.214.171.124 is vulnerable to Buffer Overflow via wan_dns1_pri.
CVE-2022-2513 IEDs are stored in a cleartext form in Hitachi Energy's ConnPack, PCM600 versions below.
CVE-2022-41937 The XWiki Platform is a generic wiki platform that offers runtime services for applications built on it. The application allows anyone with view access to modify any page.
CVE-2022-41223 The Director database component of MiVoice Connect through 19.3 could be vulnerable to a code-injection attack.
CVE-2022-45016 The XSS vulnerability in the WBCE CMS Search Settings module allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-4066 An issue was found in the function onion_response_flush of the file src/onion/response.c of the component Log Handler.
CVE-2022-4065 The cbeust testing tool has a critical vulnerability. The file testng-core/src/main/java/org/testng/JarFileUtils.java of the XML File Parser component has a vulnerability.
CVE-2022-31606 The NVIDIA GPU Display Driver has a vulnerability in the DxgkDdiEscape kernel mode handler that can allow an attacker with user capabilities to crash the system.
CVE-2022-31608 The NVIDIA GPU Display Driver has a vulnerability in D-Bus that a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, or escalation of privilege.
CVE-2021-22141 An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16
CVE-2021-37936 Kibana wasn't sanitizing document fields containing HTML, which allowed attackers to write arbitrary HTML.
CVE-2022-45163 An information disclosure vulnerability exists on NXP devices configured in SDP mode i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, and i.M.
CVE-2021-33621 cgi gem before 0.1.0.2, 0.2.x, and 0.3.x allows HTTP response splitting.
CVE-2022-41888 TensorFlow is an open source platform for machine learning. When using GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that is not checked >
CVE-2022-41885 TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor, it overflows and is patched in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce.
CVE-2022-41884 TensorFlow is an open source machine learning platform that can raise an error if a numpy array has a shape of one element with the others summing up to a large number.
CVE-2022-41880 TensorFlow is an open source machine learning platform. When the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max, a heap oob read occurs.
CVE-2022-41908 TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 string will fail check in tf.raw_ops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645.
CVE-2022-41901 TensorFlow is an open source platform for machine learning. An input matrix with rank 0 will fail in "SparseMatrixNNZ"
CVE-2022-41781 Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
CVE-2022-24038 Infraskope Security Event Manager has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed.
CVE-2022-24939 An invalid packet can cause a stack overflow in the ZNet stack.
CVE-2021-36905 Multiple Auth
CVE-2022-20428 An out of bounds write could lead to local escalation of privilege with System execution privileges.
CVE-2022-20427 There is a possible way to corrupt memory and gain System execution privileges in (TBD) of (TBD).
CVE-2022-39178 Webvendome's internal server IP is disclosed in a GET request.
CVE-2022-43457 SQL Injection in Delta Electronics DIAEnergie v1.9.02.001
CVE-2022-43332 An XSS vulnerability in Wondercms v3.3.4 allows attackers to inject arbitrary web script or HTML.
CVE-2022-44577 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-43096 Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
CVE-2021-31608 Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CVE-2022-42903 Zoho SupportCenter Plus allows low-privileged users to view the organization users list.
CVE-2022-43142 The add-fee.php component has an XSS vulnerability that can execute arbitrary web scripts, HTML files, or other dangerous content.
CVE-2022-41920 Lancet is a library for go that contains useful utility functions. An issue was found with zip fileutil, which is fixed in version 2.1.10 and 1.3.4.
CVE-2022-43140 The cn.keking.web.controller.OnlinePreviewController has a SSRF vulnerability.
CVE-2022-40751 UCD 126.96.36.199 through 188.8.131.52 may have a bug that allows an admin with "Manage Security" permissions to get files back.
CVE-2022-42893 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-42892 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-42954 Keyfactor EJBCA before 7.10.0 allows XSS.
CVE-2022-42982 NtripCaster 2.0.39 allows querying information over UDP without authentication. The NTRIP sourcetable is typically tens of kBs and can be requested with a packet of 30 bytes.
CVE-2022-42985 The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform XSS attacks.
CVE-2022-40881 SolarWinds IoT Device Management contains a command injection vulnerability.
CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.
CVE-2022-43781 An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system.
CVE-2022-42960 EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 has DOM XSS due to improper validation of message events to accessibility.js
CVE-2022-44005 BACKCLICK Professional 5.9.63 has a vulnerability that can reveal subscribers' e-mail addresses if the newsletter sign-up functionality uses consecutive IDs.
CVE-2022-44002 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-43999 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44007 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-39318 FreeRDP is a library for remote desktop protocol and clients, but affected versions don't have input validation. A malicious server can trick a client to crash with a division by zero.
CVE-2022-39319 - Critical Vulnerability in FreeRDP Library's `urbdrc` Channel and How to Mitigate
CVE-2022-41877 FreeRDP is a library for remote desktop protocol, affected versions have input length validation in `drive` channel missing.
CVE-2022-39320 FreeRDP is a library for remote desktop protocol and clients. An affected version may attempt integer addition on too narrow types and allocate a buffer too small holding the data written.
CVE-2022-39383 KubeVela is an application delivery platform. Users using the VelaUX API could be affected by this vulnerability.
CVE-2022-44069 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVE-2022-43262 The Human Resource Management System v1.0 had a SQL injection vulnerability in the password parameter.
CVE-2022-43264 - Directory Traversal and Arbitrary File Download Vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2
CVE-2022-4018 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41917 OpenSearch is a community-driven open source fork of Elasticsearch and Kibana that allows users to specify a local file.
CVE-2022-3920 Consul and Consul Enterprise 1.13.0 to 1.13.3 do not filter out nodes and services that are used for the UI.
CVE-2022-41918 OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana
CVE-2022-29276 AhciBusDxe has SMI vulnerabilities, which lead to SMRAM corruption. This was discovered by Insyde during security review.
CVE-2022-4006 A vulnerability in WBCE CMS is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler.
CVE-2022-38201 Esri Portal for ArcGIS Quick Capture Web Designer has an unvalidated redirect vulnerability.
CVE-2022-30771 The initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions.
CVE-2022-38385 The IBM Cloud Pak for Security 184.108.40.206 through 220.127.116.11 could be exploited by an authenticated user to obtain sensitive information or perform unauthorized actions.
CVE-2022-42785 Multiple W&T products of the ComServer Series are prone to an authentication bypass
CVE-2022-20943 Multiple vulnerabilities in the SMB2 processor of the Snort detection engine could allow an unauthenticated, remote attacker to bypass the configured policies or cause a DoS.
CVE-2022-20949 The management web server of Cisco Firepower Threat Defense could be exploited by an authenticated, remote attacker with high privileges.
CVE-2022-29275 Untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering and lead to escalation of privileges. This issue was discovered by Insyde during security review.
CVE-2022-20940 An vulnerability in Cisco Firepower Threat Defense could allow an attacker to gain access to sensitive information.
CVE-2022-20839 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20935 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20941 The web-based management interface of Cisco Firepower could be vulnerable to an unauthenticated, remote attacker who could access sensitive information.
CVE-2022-27895 Foundry was vulnerable to log files being captured due to an issue in earlier versions.
CVE-2022-45387 The Jenkins BART Plugin 1.0.3 and earlier does not escape the content of build logs before rendering it on the UI, resulting in a XSS vulnerability.
CVE-2022-45391 Jenkins NS-ND Integration Performance Plugin 18.104.22.168 and earlier disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
CVE-2022-45382 Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds, resulting in a stored XSS vulnerabi l. This can be exploited by attackers who can edit build display name.
CVE-2022-45399 An permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45390 An error in the Jenkins loader.io plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-45394 An attacker with Item/Read permission can delete build logs.
CVE-2022-45380 Jenkins JUnit Plugin converted HTTP(S) URLs to clickable links which were unsafe, resulting in a XSS vulnerability that is exploitable by attackers with Item/Configure permission.
CVE-2022-42001 BlueSpiceBookshelf extension allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-3958 BlueSpiceUserSidebar extension has XSS flaw that allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-41814 BlueSpiceFoundation extension allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVE-2022-42000 BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVE-2022-3895 UI components aren't sanitizing output and are prone to XSS.
CVE-2022-41611 An XSS vulnerability in the BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML.
CVE-2022-3480 An attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending more unauthenticated HTTPS connections from different source IP's.
CVE-2022-25742 Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server.
CVE-2022-25667 The Snapdragon Wired Infrastructure and Networking component handles ICMP requests improperly, which exposes information disclosure.
CVE-2022-25674 Cryptographic issues in WPA/WPA2 group key handshake in Snapdragon Consumer, Industrial, and Voice & Music.
CVE-2022-33237 Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold
CVE-2022-25743: Memory Corruption in Graphics due to Use-After-Free while Importing Graphics Buffer in Various Snapdragon Components
CVE-2022-42053 An AC1200 router was found to have a command injection vulnerability in the setPortMapping function.
CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.
CVE-2022-42058 The Tenda AC1200 router model W15Ev2 V22.214.171.124(1576) had a stack overflow vulnerability.
CVE-2022-41396 An AC 1200 W15Ev2 router was found to have multiple command injection vulnerabilities in the function setIPsecTunnelList.
CVE-2022-42129 An IDOR vulnerability in the Liferay Portal DXP and 7.3-7.4 modules allows remote attackers to view and access form entries.
CVE-2022-42126 The Asset Libraries module in Liferay Portal 7.3.5 through 126.96.36.199, and Liferay DXP 7.3 before update 8 and 7.4 before update 29 doesn't properly check permissions, which allows remote attackers to view asset libraries.
CVE-2022-42111 An XSS vulnerability in Liferay Portal's user notification module allows attackers to inject arbitrary web script or HTML.
CVE-2022-33986 DMA attacks on the SMI handler's parameter buffer could lead to a TOCTOU attack.
CVE-2022-33909 DMA transactions used by the HddPassword software SMI handler could cause SMRAM corruption.
CVE-2022-33983 DMA transactions used for NvmExpressLegacy software could cause SMRAM corruption.
CVE-2022-33906 DMA transactions that are used by FwBlockServiceSmm software SMI handler could cause SMRAM corruption.
CVE-2022-43690 In CMS below 8.5.10, the legacy_salt function was not compared strictly, allowing authentication bypass if used.
CVE-2022-43030 An RCE vulnerability was found in SIYUCMS, a content management system.
CVE-2022-40903 Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 doesn't mitigate failed access attempts, which allows attackers to gain admin privileges.
CVE-2022-40735 The Diffie-Hellman Key Agreement Protocol allows use of long exponents that can be expensive when using short exponents.
CVE-2022-33982 DMA attacks on the Int15ServiceSmm parameter buffer could lead to a TOCTOU attack on the SMI handler and lead to SMRAM corruption.
CVE-2022-43686 In Concrete CMS, the authTypeConcreteCookieMap table can be filled up causing a denial of service.
CVE-2022-43968 Reflected XSS was found in 9.0.0-9.1.2 versions of Concrete CMS below 8.5.10 and between dashboard icons.
CVE-2022-43294 Tasmota was found to have a stack overflow in ClientPortPtr at lib/libesp32/rtsp/CRtspSession.cpp.
CVE-2022-41913 Discourse-calendar adds calendar functionality to the first post of a topic.
CVE-2022-3362 Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().
CVE-2022-37109 Camp Fuller is vulnerable to Incorrect Access Control.
CVE-2022-44389 EyouCMS V1.5.9-UTF8-SP1 was found to have a Cross Site Request Forgery vulnerability in the Edit Admin Profile module.
CVE-2022-34320 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow attackers to decrypt sensitive information.
CVE-2022-44390 An XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43694 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
CVE-2022-34313 IBM CICS TX 11.1 doesn't set the secure attribute on authorization tokens or session cookies. This makes it easier for attackers to get the cookie values or send a http:// link to a user and plant the link.
CVE-2022-43342 An XSS vulnerability in Eramba GRC Software c2.8.1's Add function allows attackers to inject arbitrary web scripts or HTML.
CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.
CVE-2022-3469 The WP Attachments plugin before 5.0.5 has an unsafe setting that could allow high-privilege users to do Stored Cross-site Scripting.
CVE-2022-45183 Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID.
CVE-2022-3979 NagVis up to 1.9.33 is vulnerable to a problem in the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. This could lead to an authentication bypass.
CVE-2022-3978 A vulnerability was found in NodeBB up to 2.5.7, which can be exploited to make remote requests forgery.
CVE-2022-3976 An exploit has been found in MZ Automation 1.4 and classified as critical. This vulnerability affects MMS File Services.
CVE-2022-3974 A critical vulnerability was found in Axiomatic Bento4. The affected function is AP4_StdcFileByteStream::ReadPartial of the mp4info component.
CVE-2022-3975 A vulnerability in NukeViet CMS's Data URL Handler is the function filterAttr. It's affected by the issue.
CVE-2022-3965 An issue was found in ffmpeg's smc_encode_stream function. This vulnerability affects the QuickTime Graphics Video Encoder component.
CVE-2022-3963 An issue was found in gnuboard5, a component of FAQ Key ID Handler. The fm_id argument can be manipulated to perform a cross-site scripting attack.
CVE-2022-45196 An attacker can cause a denial of service by sending a crafted Fabric 2.3 channel tx with the same name.
CVE-2022-45195 The key derivation function in SimpleXMQ before 3.4.0 is not applied to data, which can impact forward secrecy and if there is a compromise of a single private key.
CVE-2022-38651 An attacker can exploit a security filter misconfiguration in VMware Hyperic Server 5.8.6 to bypass authentication requirements.
CVE-2022-41339 In MDM Plus, user privileges can be escalated.
CVE-2022-41905 WebDAV server WSGI is vulnerable to XSS attacks, which has been patched in version 4.1.0.
CVE-2022-45182 Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
CVE-2022-41906 OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc.
CVE-2021-33064 An uncontrolled search path in the software installer for Intel System Studio may allow for privilege escalation.
CVE-2022-26367 Buffer restrictions in Intel XMM 7560 modem software before M2_7560_R_01.2146.00 may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-29515 Memory release in Intel SPS firmware may be exploited to cause denial of service.
CVE-2022-30548 An attacker can control a local search path element to escalate privilege.
CVE-2021-33159 An improper authentication in subsystem may allow privilege escalation.
CVE-2022-27499 The Intel(R) SGX SDK premature release may allow a privileged user to potentially enable information disclosure.
CVE-2021-33164 An improper BIOS access control may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-29486 The Intel Hyperscan library had buffer restrictions that could be abused by an unauthenticated user. This could lead to privilege escalation.
CVE-2022-26508 Inauthentic authentication in the SDP Tool may allow disclosure of information via network access.
CVE-2022-33176 In BIOS firmware for some Intel NUC 11 Performance kits and mini PCs, improper input validation may allow a privileged user to enable escalation of privilege via local access.
CVE-2021-0185 In early Intel Server Board M10JNP Family firmware, improper input validation may allow a privileged user to enable an escalation of privilege.
CVE-2022-40981 Remote Access Server 4.5.0 and earlier is vulnerable to malicious file upload.
CVE-2022-3703 The ETIC Telecom RAS 4.5.0 and earlier is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and privilege escalation.
CVE-2022-42460 An access control vulnerability in the Traffic Manager plugin = 1.4.5 on WordPress allows for XSS.
CVE-2022-43679 OwnCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
CVE-2022-41879 Parse Server is an open source backend that runs on Node.js.
CVE-2022-39392 Wasmtime's pooling allocator has a bug when the allocator is configured to give WebAssembly instances 0 pages of memory.
CVE-2022-39393 Wasmtime is a standalone runtime for WebAssembly
CVE-2021-40226 xpdfreader 4.03 is vulnerable to Buffer Overflow.
CVE-2022-36022 Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM
CVE-2022-45063 In older versions of tmux, there was a font operation vulnerability that allowed command execution. This is no longer the case.
CVE-2022-39038 Agentflow BPM enterprise management system has improper authentication
CVE-2022-39037 Agentflow BPM file download function has a path traversal vulnerability
CVE-2022-38119 - UPSMON Pro Login Function Vulnerability: Insufficient Authentication Exploit
CVE-2022-42786 Multiple W&T Products of the ComServer Series are prone to an XSS attack
CVE-2022-3819: GitLab Improper Authorization in Emoji Reactions Leads to Unauthorized Access to Internal Notes
CVE-2022-3818: Uncontrolled Resource Consumption Puts GitLab Instances at Risk
CVE-2022-3706 - Vulnerability in GitLab CE/EE Allows Unauthorized Users to Take Ownership of Retried Jobs in Upstream Pipelines
CVE-2022-39307 Grafana is an open-source monitoring platform. The password forgotten page sends a POST request to the /api/user/password/sent-reset-email URL.
CVE-2022-3486 An open redirect vulnerability in GitLab EE/CE older than 15.3.5, 15.4.4, and 15.5.2 allows attackers to redirect users to an arbitrary location if they trust the URL.
CVE-2022-39887 An access control vulnerability in MiscPolicy prior to SMR Nov-2022 Release 1 allows a local attacker to configure EDM settings.
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-39881 In-bound SIB12 PDU can be read out of bounds memory in Exynos modems prior to SMR Sep-2022 release.
CVE-2022-39890 In Samsung Billing 188.8.131.52, improper authorization allows attacker to get sensitive information.
CVE-2022-29836 In 2018, a Path Traversal vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. This could allow attackers to abuse certain parameters to access the device's files.
CVE-2022-31685 VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability
CVE-2022-27674 An attacker may be able to bypass bounds checks and crash the Windows kernel, resulting in denial of service.
CVE-2022-44550 The graphics display module has a UAF vulnerability when traversing graphic layers
CVE-2022-44552 The lock screen module has defects introduced in the design process
CVE-2022-31687 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability
CVE-2022-27673 Inadequate access controls in the AMD Link Android app may result in information disclosure.
CVE-2022-44560 The launcher module has an Intent redirection vulnerability
CVE-2022-44561 The preset launcher module has a permission verification vulnerability
CVE-2022-31688 Assist prior to 22.10 contains a Reflected XSS vulnerability.
CVE-2022-25932 InHand Networks InRouter302 V3.5.45 fixes TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete
CVE-2022-43118 An XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43119 An XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML.
CVE-2021-34567 WAGO I/O-Check Service can be abused to send malicious packets and provoke a denial of service and an out-of-bounds read.
CVE-2021-34568 In WAGO I/O-Check Service, an unauthenticated remote attacker can send a packet to cause a denial of service.
CVE-2021-34566 An attacker can send a malicious packet to crash the iocheck process and write memory to DoS WAGO I/O-Check Service.
CVE-2021-34569 In WAGO I/O-Check Service, an attacker can crash the diagnostic tool and write memory.
CVE-2022-43320 FeehiCMS v2.1.1 has a reflected XSS vulnerability via the id parameter.
CVE-2022-39328 Grafana is an open-source platform for monitoring and observability
CVE-2022-41214 An attacker with high privileges can delete a file which is otherwise restricted.
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c
CVE-2021-1050 In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20462 phNxpNciHal has an out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20446: The Android Vulnerability That Allows Unwanted Access to Your Microphone
CVE-2022-26446 Modem 4G RRC has a possible system crash due to improper input validation. This could lead to remote denial of service.
CVE-2022-32618 In typec, there is a possible out-of-bounds write due to an incorrect calculation of buffer size, which could lead to local escalation of privilege, with no additional execution privileges needed.
CVE-2022-33322 Mitsubishi Electric products contain cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform a MITM attack and inject malicious script codes.
CVE-2022-44316 PicoC 3.2.2 had a buffer overflow in the LexGetStringConstant function when called from LexScanGetToken.
CVE-2022-44314 PicoC 3.2.2 had a buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44315 PicoC Version 3.2.2 had a heap buffer overflow in ExpressionAssign when called from ExpressionParseFunctionCall.
CVE-2022-44318 PicoC Version 3.2.2 had a buffer overflow in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44320 PicoC Version 3.2.2 had a buffer overflow in ExpressionCoerceFP in expression.c when called from ExpressionParseFunctionCall.
CVE-2022-43397: Critical Vulnerability in Parasolid Library Leads to Potential Code Execution
CVE-2022-41432 The EyesOfNetwork web interface had a reflected XSS vulnerability.
CVE-2022-41433 The EyesOfNetwork Web Interface v5.3 had a reflected XSS vulnerability.
CVE-2022-41434 The EyesOfNetwork Web Interface v5.3 has an XSS vulnerability.
CVE-2022-43359 Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c had an out-of-bounds read in the function read_image_data.
CVE-2022-3878 A critical vulnerability has been found in Maxon ERP. Manipulation of the argument tb_search leads to sql injection.
CVE-2022-44048 The d8s-urls for python included a backdoor inserted by a third party. This is the democritus-domains package.
CVE-2022-43319 An information disclosure vulnerability in the component vcs/downloadFiles.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
CVE-2022-44795 Object First 184.108.40.2062 has a Web Service flaw that could lead to local information disclosure. The command that creates the support bundle's URL uses an insecure RNG.
CVE-2022-44796 Object First's authorization service has a flow that allows getting access to the Web UI without knowing credentials.
CVE-2022-44797 For older versions of lnd and other Bitcoin-related products, forgets to check witness size.
CVE-2022-44793 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash.
CVE-2022-44792 Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to crash the instance.
CVE-2022-42905 WOLFSSL before 5.5.2 had a potential buffer over-read issue if callback functions were enabled.
CVE-2022-37710 Dental Eaglesoft 21 has AES-256 encryption with key backup/retrieval or DbEncryptKeyPrimary > Encryption Key.
CVE-2022-44544 Ghostscript could potentially be exploited to trigger a remote shell. This is the case if the site is running on Ubuntu and the flag -dSAFER isn't set.
CVE-2022-42707 Mahara 21.04, 21.10, 22.04, and 22.10 has embedded images accessible without a sufficient permission check if certain conditions are met.
CVE-2022-38660 HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability
CVE-2022-41669 An improper verification of cryptographic signature vulnerability exists in the SGIUtility component. This could lead to the execution of malicious code if a malicious DLL is loaded.
CVE-2022-41667 An adversary with local user privileges can load a malicious DLL to execute malicious code. This is a CWE-22 vulnerability.
CVE-2022-42743 deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object
CVE-2022-42746 The 3.0.0 version of the CandidATS API allows an attacker to steal cookies of arbitrary users.
CVE-2022-42749 An attacker in the 'page' of the 'ajax.php' resource can steal cookies of other users.
CVE-2022-43102 Tenda AC23 V16.03.07.45_cn had a stack overflow vulnerability that could be exploited via the timeZone parameter in fromSetSysTime.
CVE-2022-44624 In JetBrains TeamCity before 2022.10, password parameters with special characters could be exposed in the build log.
CVE-2022-43101: Exploring the Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn
CVE-2022-43106: Tenda AC23 Router Stack Overflow Vulnerability in setSchedWifi Function - Exploit Details, Affected Models, and Mitigation Measures
CVE-2022-41435 An open source router's SSH keys vulnerability contains XSS.
CVE-2021-46853 Before 2.25, an attack on LIST or LSUB can cause a denial of service.
CVE-2022-24936 GBL parser out-of-bounds error allows attacker to overwrite flash Sign key and OTA decryption key.
CVE-2022-39353 Xmldom is a standard-based XML DOM parser and serializer module.
CVE-2022-43239 Discovered that the Lide265 v1.0.8 had a heap buffer overflow vulnerability.
CVE-2022-38380 An access control vulnerability in FortiOS 7.2 and earlier may allow a remote read-only user to modify the interface settings via the API.
CVE-2022-26122 FortiGate versions prior to 6.4.274 and FortiClient, FortiMail may have insufficient data authenticity verification, which may allow attackers to bypass the AV engine.
CVE-2022-26730: Memory Corruption Issue in ICC Profile Processing Leads to Arbitrary Code Execution in macOS Ventura 13
CVE-2022-32862: A Deep Dive Into macOS Root Privilege Exploitation and How Improved Data Protection Resolved It
CVE-2022-3602 - Buffer Overflow Vulnerability in X.509 Certificate Verification within OpenSSL
CVE-2022-42312 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42311 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42318 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2020-36605 Inappropriate default permissions allow attackers to run malicious code on the Hitachi AI Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint components.
CVE-2022-40289 The application was vulnerable to Stored XSS and could be used to escalate privileges or compromise accounts.
CVE-2022-39016 Injection in PDFtron allows attackers to takeover user account.
CVE-2022-40294 An application was found to have a CSV injection vulnerability, allowing malicious code to be embedded in exported data.
CVE-2022-39018 PDFtron data in M-Files Hubshare before 220.127.116.11 was accessed by unauthenticated attackers if they know the URL.
CVE-2022-41688 SEI's Device Master versions 00.00.01a and earlier lack proper authentication for user group functions.
CVE-2022-41629 The 00.00.01a versions of the Device Master from DEI allow unauthenticated users to access the endpoint, which could allow an attacker to retrieve any file from the "RunningConfigs" directory.
CVE-2022-31692 An earlier version of Spring Security was vulnerable to authorization rule bypass. END>
CVE-2021-40241 - xfig 3.2.7 Buffer Overflow Vulnerability in `LoadFIG` Function
CVE-2022-3770 An critical vulnerability was found in Yunjing CMS. The file /index/user/upload_img.html can be manipulated to upload files without restrictions. The attack can be initiated remotely.
CVE-2022-40617 The strongSwan revocation plugin can be compromised when an attacker sends a crafted end-entity certificate that contains a CRL/OCSP URL pointing to a controlled server.
CVE-2022-41974: A Deep Dive into Multipath-Tools Privilege Escalation Exploit
CVE-2022-42916: Security Vulnerability in Curl, HSTS Check Bypassed to Use HTTP Instead of HTTPS
CVE-2022-2826 An issue has been discovered in GitLab starting from 10.0 before 12.9.8, 12.10 before 12.10.7, 13.0 before 13.0.1.
CVE-2022-41648 The HEROS 5.08.3 controller is vulnerable to improper authentication, which may allow an attacker to deny service to the production line or steal sensitive data.
CVE-2022-43165 An XSS vulnerability in the Global Variables feature of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-37426 File upload with OpenNebula's core on Linux can be disabled by injection of harmful file content.
CVE-2022-3697 amazon.aws flaw: amazon.aws uses tower_callback parameter from amazon.aws.ec2_instance module when using amazon.aws collection.
CVE-2022-39367 The QTIWorks Engine allows users to upload content packages as ZIP files before version 1.0-beta15.
CVE-2022-2882 An issue has been found in GitLab CE/EE prior to 15.3.4, 15.4.1, and 18.104.22.168.
CVE-2022-3730 A critical vulnerability was found in seccome Ehoney. The manipulated Payload argument leads to sql injection.
CVE-2022-0072 - Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal in Multiple Versions
CVE-2022-42055 - Multiple Command Injection Vulnerabilities in GL.iNet GoodCloud IoT Device Management System
CVE-2022-3725 An OPUS protocol crash in Wireshark 3.6.0 to 3.6.8 allows denial of service.
CVE-2021-45476 Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.
CVE-2022-3705 An issue was found in vim's qf_update_buffer function, which is used for the quickfix autocmd handler. This vulnerability allows for use after free.
CVE-2022-39286 Jupyter Core is a package for core common functionality of Jupyter projects. Jupyter Core contains an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in CWD.
CVE-2022-20933 The vulnerability in Cisco AnyConnect VPN server could cause a DoS on an affected device.
CVE-2022-20954 Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could be vulnerable to path traversal, sensitive data viewing, and write arbitrary files attacks.
CVE-2022-43749 In Synology Presto File Server before 2.1.2-1601, improper privilege management can be bypassed via unspecified vectors.
CVE-2022-33182 Brocade Fabric OS CLI privilege escalation vulnerability could let a local user escalate their privileges to root using 'supportlink' and 'firmwaredownload' commands.
CVE-2022-38181 An Arm product family through 2022. GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.
CVE-2022-27912 An issue was discovered in Joomla! 4.0.0 through 4.2.3
CVE-2022-31468 An attacker can XSS the OX App Suite through 8.2 when a client uses the len or off parameter.
CVE-2022-39322 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js
CVE-2022-33204 Abode Systems Inc. iota All-In-One Security Kit 6.9X and 6.9Z has 2 command injection vulnerabilities. An attacker can execute commands on the system
CVE-2022-39349 The Tasks.org app uses the ShareLinkActivity to handle to-do lists and reminders.
CVE-2022-3391 The Retain Live Chat plugin doesn't sanitise its settings, which could allow high privilege users to perform stored XSS attacks.
CVE-2022-35876 There are 3 format string vulnerabilities in the XCMD testWifiAP functionality of the Abode Systems, Inc. iota All-In-One Security Kit.
CVE-2022-34845 An update vulnerability exists in Robustel R1510's sysupgrade functionality. A specially crafted packet can lead to arbitrary firmware update.
CVE-2022-39836 COVESA dlt-daemon through 2.18.8 has a file parser bug that can be exploited to crash the process.
CVE-2022-39342 OpenFGA is an authorization/permission engine. Versions prior to v0.2.4 are vulnerable to authorization bypass under certain conditions
CVE-2022-35268 Web_server hashFirst vulnerability can lead to denial of service.
CVE-2022-27804 - Uncovering an OS Command Injection Vulnerability in Abode Systems iota All-In-One Security Kit
CVE-2022-43677 In free5GC 3.2.1, an index-out-of-range panic in aper.GetBitString can crash the AMF and NGAP decoders.
CVE-2021-44769 An input validation vulnerability in TLS certificate generation can cause a DoS condition. This is mitigated by a factory reset.
CVE-2021-44467 An access control vulnerability in spx_restservice's KillDupUsr_func function allows an attacker to terminate active sessions of other users. This causes a DoS condition.
CVE-2022-39313 Parse Server is an open source backend that runs on Node.js.
CVE-2021-45925 An attacker can guess legitimate user names registered in the BMC.
CVE-2022-40690 An attacker can inject arbitrary scripts in BookStack versions prior to v22.09.
CVE-2021-42010 Heron versions 0.20.4 incubated with CRLF injection vulnerability.
CVE-2021-26733 The FirstReset_handler_func function in spx_restservice has a broken access control vulnerability that allows an attacker to send reboot commands and cause a DoS.
CVE-2021-26729 Injection and buffer overflow vulnerabilities in the Login_handler_func function of spx_restservice allows attacker to execute arbitrary code with server user privileges.
CVE-2021-26727 Injection flaws in SubNet_handler_func allow attacker to execute code with root privileges.
CVE-2021-26730: Uncovering a Stack-Based Buffer Overflow Vulnerability in Lanner IAC-AST250A Firmware
CVE-2022-39272: Denial of Service Vulnerability in Flux Prior to Version .35.
CVE-2020-5355 Dell Isilon versions 8.2.2 and earlier SSHD process improperly allows TCP and stream forwarding.
CVE-2022-34438 Dell PowerScale OneFS versions 8.2.x-9.4.0 contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to system compromise.
CVE-2022-31239 Dell PowerScale OneFS versions 9.0.0 to 22.214.171.124, 126.96.36.199, and 188.8.131.52 have a sensitive data in log files vulnerability.
CVE-2022-34437 Dell PowerScale OneFS versions 8.2.2-9.3 have an OS command injection vulnerability that a malicious local user can exploit to compromise the system.
CVE-2022-3646 A vulnerability was found in the Linux kernel, which affects the function nilfs_attach_log_writer of BPF component. The manipulation leads to memory leak.
CVE-2022-1059 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3597 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemcpy that can be used to cause a denial of service. Attackers can exploit this vulnerability to cause a DoS.
CVE-2022-3570 In libtiff library 4.4.0, heap buffer overflows could lead to application crash, potential information disclosure.
CVE-2022-3598 Script in LibTIFF 4.4.0 has an out-of-bounds write, allowing attackers to cause a denial-of-service.
CVE-2022-3626 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemset that can be exploited by attackers to cause a denial-of-service.
CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection, which can be used to cause a denial-of-service.
CVE-2022-3627 libTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service.
CVE-2022-42944 Malicious .dwf or .pct file could lead to memory corruption vulnerability by read access violation.
CVE-2022-3639 A DOS vulnerability was discovered in GitLab CE/EE affecting versions 10.8-15.3.
CVE-2022-1066 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-1070 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3642 A vulnerability in the Linux Kernel affects the function rtl8188f_spur_calibration of the Wireless component.
CVE-2022-43400 V2022 R2 has a vulnerability. V22.2a>
CVE-2022-3633 A problem with the function j1939_session_destroy of the IPsec component net/can/j1939/transport.c leads to a memory leak.
CVE-2021-42553 An attacker can exploit a buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics to execute arbitrary code.
CVE-2022-37454 Keccak XKCP SHA3 has an integer overflow and buffer overflow that allows attackers to execute arbitrary code or eliminate cryptographic properties.
CVE-2022-3624 An issue with the IPsec function rlb_arp_xmit was found and is considered problematic. The vulnerability causes a memory leak.
CVE-2022-3629 A vulnerability was found in the IPsec component of Linux Kernel. It's been declared as problematic due to memory leak.
CVE-2022-3630 A vulnerability was found in IPsec that leads to memory leak.
CVE-2022-36958 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-36957 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-39823 An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10
CVE-2022-37453 An issue was discovered in Softing OPC UA C++ SDK before 6.10
CVE-2022-36966 Node Management users had access to all nodes due to an Insufficient control on URL parameter causing IDOR vulnerability in SolarWinds Platform.
CVE-2022-3621 A vulnerability was found in the Linux kernel. It is considered problematic due to the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode. The manipulation leads to a null pointer dereference.
CVE-2022-3623 A vulnerability was found in the Linux Kernel. It is problematic due to a race condition.
CVE-2022-3620 Vulnerability in Exim was found, it's a dmarc_dns_lookup issue. Remote attack is possible.
CVE-2022-3577 An out-of-bounds memory write flaw was found in the Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-2069 The APDFL.dll in Siemens JT2Go V184.108.40.206 and Siemens Teamcenter Visualization V220.127.116.11 contains a heap-based write that wrote past the buffer.
CVE-2022-42233 Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.
CVE-2022-42344 Adobe Commerce versions 2.4.3-p2, 2.3.7-p3, and 2.4.4 are affected by a validation vulnerability.
CVE-2022-42176 Hard-coded admin panel access in PCTechSoft PCSecure V5.0.8.xw using use of Hard-coded Credentials.
CVE-2022-42200 The Exam Reviewer Management System v1.0 is vulnerable to Stored XSS.
CVE-2022-42198 The User List function suffers from insecure file upload in Simple Exam Reviewer Management System v1.0.
CVE-2022-26954 Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow attackers to conduct phishing attacks. The ChangePassword function is affected.
CVE-2021-33231 EasyVista Service Manager 2018.1.181.1 has an XSS vulnerability that allows attackers to run arbitrary code.
CVE-2022-37298 Shinken Monitoring 2.4.3 is vulnerable to Incorrect Access Control.
CVE-2022-37598 Prototype pollution vulnerability in ast.js with the name variable in UglifyJS 3.13.2.
CVE-2022-27624 A memory buffer vulnerability affects OOB Management packet decryption.
CVE-2022-27626 Vulnerability found in session processing of OOB management.
CVE-2022-27625 An issue with memory buffer operations, OOB Management, is found.
CVE-2022-3327 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41743 Before R27 P1 and R26 P1, the ngx_http_hls_module has a vulnerability that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact.
CVE-2022-36795 LTM TCP profile with Auto Receive Window enabled on a virtual server can be vulnerable to undisclosed traffic. This can lead to a vulnerability.
CVE-2022-41780 An directory traversal vulnerability in F5OS-A and F5OS-C before 1.4.0 allows attackers to read arbitrary files.
CVE-2022-41787 DNS Express is enabled on a virtual server with DNS profile and undisclosed DNS queries can be sent to the internal DNS. This might lead to information disclosure. END>
CVE-2022-41770 An authenticated iControl REST user can increase memory consumption.
CVE-2022-41983 Hardware platforms on BIG-IP versions 16.1.x before 18.104.22.168, 15.1.x before 15.1.7, 14.1.x before 22.214.171.124, and 13.1.x can have undisclosed conditions when Intel QAT and AES-GCM/CCM are used.
CVE-2022-41833 An iRule containing the HTTP::collect command can cause TMM to terminate.
CVE-2022-41832 An undisclosed message can cause an increase in memory consumption in BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x when a SIP profile is configured on a virtual server.
CVE-2022-31684 Reactor Netty HTTP Server may log request headers in some cases of invalid HTTP requests. This may reveal valid access tokens to those with access to server logs.
CVE-2022-41806 An undisclosed request can cause an increase in memory resource utilization when BIG-IP AFM Network Address Translation with IPv6/IPv4 translation rules is configured on a virtual server.
CVE-2022-41836 An 'Attack Signature False Positive Mode' on a virtual server can cause the bd process to terminate.
CVE-2022-41694 An SSL key was imported on a BIG-IP or BIG-IQ system, but undisclosed input was used. This could lead to a security vulnerability.
CVE-2022-41691 When a BIG-IP Advanced WAF/ASM security policy is configured, undisclosed requests can cause the bd process to terminate.
CVE-2022-41624 Unclosed traffic can cause an increase in memory resou END> The BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x have undisclosed traffic that can cause an increase in memory resou.
CVE-2022-38107 Sensitive information could be displayed when a detailed technical error message is posted
CVE-2022-41813 Traffic Management Microkernel (TMM) can terminate when a certain input is provided to PEM or AFM module in certain versions of BIG-IP.
CVE-2022-43024 Tenda TX3 US_TX3V1.0 was discovered to have a stack overflow vulnerability with the list parameter.
CVE-2022-43026 Tenda TX3 US_TX3V1.0 br_V16.03.13.11_multi_TDE01 contains a stack overflow via the endIp parameter.
CVE-2022-43027 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to have a stack overflow via the firewallEn parameter.
CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 stack overflow was discovered via the time parameter.
CVE-2013-4253 The deployment script in the unsupported "OpenShift Extras" add-on scripts installs a default public key in the root user's authorized_keys file.
CVE-2013-4281 In Red Hat Openshift 1, the /etc/openshift/server_priv.pem file has weak default permissions, which could allow users with local access to read it.
CVE-2022-1523 An earlier version of Fuji Electric D300win is vulnerable to a write-what-where condition, which could allow an attacker to manipulate the flow of information.
CVE-2022-43016 OpenCATS v0.9.6 had a XSS vulnerability in the callback component.
CVE-2022-23241 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock enabled are vulnerable to an authenticated remote attack which could allow arbitrary modification or deletion of WORM data.
CVE-2022-2805 An otapi-style flaw in ovirt-engine can log passwords in the log file.
CVE-2022-41707 An attacker can access data of any user of the Messenger application.
CVE-2022-43415 The REPO Plugin 1.15.0 and earlier does not properly protect against XXE attacks.
CVE-2022-43416 An earlier version of the Jenkins Katalon Plugin allowed attackers to control agent processes and invoke Katalon.
CVE-2022-43433 Jenkins Screen recorder plugin disables Content Security Policy protection for user-generated content.
CVE-2022-43413 The Jenkins Job Import Plugin 3.5 and earlier doesn't perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43420 The Jenkins Contrast plugin 3.9 and earlier doesn't escape data returned from the service, which leads to a stored XSS vulnerability. Attackers who can access the application's backend are able to exploit the vulnerability.
CVE-2022-43435 Jenkins 360 FireLine Plugin 1.7.2 and earlier disables Content-Security-Policy protection for user-generated content.
CVE-2022-43424 Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers to control agent processes to obtain values of system properties.
CVE-2022-43404 The Jenkins Script Security Plugin has a sandbox bypass vulnerability that allows attackers with permission to define and run sandboxes to attack.
CVE-2022-43411 The Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
CVE-2022-43425 Jenkins' Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of parameters on views, resulting in a stored XSS vulnerabi END>
CVE-2022-43426 Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, which makes it easier for attackers to observe and capture it.
CVE-2022-43427 Compuware Topaz for Total Test Plugin 2.4.8 doesn't perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43405 Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier has a sandbox bypass vulnerability that allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts.
CVE-2022-43406 An untrusted attacker can create and run untrusted Pipelines in Jenkins Pipeline vf3b_454e43966, which is deprecated.
CVE-2022-43402 There is a sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier that allows attackers with permission to define and run sandboxed scripts.
CVE-2022-43431 An earlier Compuware Strobe Measurement Plugin didn't perform permission checks, which allowed attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43403 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts to bypass the restriction.
CVE-2022-43410 Mercurial plugin 1251.va_b_121f184902 and earlier has webhook endpoint that exposes which jobs were triggered or scheduled for polling, which users have no permission to access.
CVE-2022-43421 An error in Tuleap's Git Branch Source Plugin 3.2.4 and earlier lets attackers trigger projects with a specified repository if they don't have permission.
CVE-2022-43428 Compuware Topaz for Total Test Plugin 2.4.8 and earlier allows attackers to execute agent/controller commands and get Java system properties. This could lead to system information disclosure.
CVE-2022-39301 sra-admin has a storage XSS vulnerability.
CVE-2022-23734 An untrusted data deserialization vulnerability was found in GitHub Enterprise Server that could lead to remote code execution.
CVE-2022-43035 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43043 The BD_CheckSFTimeOffset function had a segmentation violation.
CVE-2022-43042 GFD054169B master contains a heap buffer overflow in the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVE-2022-43034 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43032 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43185 An XSS flaw in the Configuration/Holidays module of the Rukovoditel v3.2.1 allows attackers to inject arbitrary web script or HTML.
CVE-2022-43038 Bento4 v1.6.0-639 had a heap overflow in the mp42ts AP4_BitReader::ReadCache() function.
CVE-2022-43040 The gf_isom_box_dump_start_ex function had a heap buffer overflow.
CVE-2022-43037 An issue was discovered in Bento4 1.6.0-639
CVE-2022-43045 Scene Manager dump function had a segmentation violation.
CVE-2022-3607 Injection of special elements into another plane (octoprint/octoprint prior to 1.8.3)
CVE-2022-39260 - Remote Code Execution Vulnerability in Git Shell
CVE-2022-25660 A kernel double free issue in some Snapdragon chipsets. This can lead to a crash or memory corruption.
CVE-2022-25661 Kernel memory corruption due to untrusted pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, and Snapdragon Industrial IOT devices.
CVE-2022-25687 Buffer overflow can lead to video corruption in Snapdragon Auto, Snapdragon Compute, etc. The issue is found in asf parsing.
CVE-2022-25723 Multimedia memory corruption due to callback registration failure.
CVE-2022-25736 Denial of service in WLAN due to out-of-bound read happens in Snapdragon Auto, Snapdragon Compute, etc.
CVE-2022-39253 Git is an open source revision control system. Versions before 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are vulnerable to exposure of sensitive information.
CVE-2022-25749 Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames
CVE-2022-33210 Memory corruption in automotive multimedia due to use of out-of-range pointer offset when parsing command request packet with a very large type value.
CVE-2022-25718 In Snapdragon Auto, Connectivity, and IoT, there is a cryptographic issue.
CVE-2022-25663 An overflow in the device's management frame handling could lead to a denial of service in Snapdragon Compute, Connectivity, and Consumer Electronics Connectivity.
CVE-2022-39233 Tuleap is a free and open source suite for managing software development and collaboration.
CVE-2022-42467 The h2 webconsole module is available in prototype mode with the ability to query the database.
CVE-2016-20017 The D-Link DSL-2750B devices before 1.05 are vulnerable to remote command injection. In 2016-2018, this was exploited in the wild.
CVE-2016-20016 MVPower CCTV DVRs have a web shell that can be accessed via a /shell URI. An attacker can execute arbitrary operating system commands as root.
CVE-2022-35860 AES encryption in the Corsair K63 Wireless 3.1.3 can be sniffed by attackers if they are physically close.
CVE-2022-33077 An access control issue in nopcommerce v4.50.2 allows attackers to modify any customer's address.
CVE-2022-38901 The Liferay Digital Experience Platform 7.3.10 SP3 Document and Media module - file upload functionality allows remote attackers to inject arbitrary JS script or HTML.
CVE-2022-42117 The Frontend Taglib module in Liferay Portal 7.3.2 through 126.96.36.199, and Liferay DXP 7.3 before update 6 and 7.4 before update 17 is vulnerable to XSS. This can be used to perform malicious activities.
CVE-2022-42113 Liferay Portal 188.8.131.52 - 184.108.40.206 has an XSS vulnerability that allows attackers to inject arbitrary scripts or HTML.
CVE-2022-42116 The Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 220.127.116.11, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script.
CVE-2022-21629 Vulnerability in Oracle JD Edwards tools product 18.104.22.168 and earlier.
CVE-2022-21639 Oracle PeopleSoft's PeopleTools product is vulnerable to a PeopleTools component vulnerability. This component is affected by 8.59 and 8.60.
CVE-2022-21634 Oracle Java SE component, LLVM Interpreter, has a vulnerability that affects versions 20.3.7, 21.3.3, and 22.2.0.
CVE-2022-21600 The MySQL Server product of Oracle MySQL is vulnerable to a vulnerability that affects versions 8.0.27 and prior.
CVE-2022-21637 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-39404 The MySQL Installer is vulnerable to CVE-2016-2107. This affects versions 1.6.3 and prior.
CVE-2022-21605 My MySQL Server is vulnerable to a database attack in versions 8.0.28 and earlier.
CVE-2022-39409 Oracle Transportation Management is affected by a vulnerability in versions 6.4.3 and 6.5.1.
CVE-2022-21641 MySql server is vulnerable to a security issue in 8.0.29 and earlier.
CVE-2022-21607 My MySQL Server product is vulnerable to a vulnerability in Oracle MySQL 8.0.28 and earlier.
CVE-2022-21608 My MySQL Server is vulnerable to a security issue in 5.7.39 and 8.0.30.
CVE-2022-21632 MySQL Server has a vulnerability that affects versions 8.0.30 and earlier.
CVE-2022-21601 An Oracle Communications Vulnerability is being reported with versions 22.214.171.124.0-126.96.36.199.0 being affected.
CVE-2022-21638 MySql server is vulnerable to a security issue in 8.0.29 and earlier.
CVE-2022-21604 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-21598 Oracle Siebel CRM's DB Deployment and Configuration product is affected by a vulnerability. Affected versions are 22.8 and prior.
CVE-2022-21602 An issue in the Oracle PeopleSoft Enterprise PeopleTools product 8.58, 8.59, and 8.60 is affected.
CVE-2022-21589 MySQL Server has a vulnerability that affects versions 5.7.39 and 8.0.16.
CVE-2022-39407 Oracle PeopleSoft's Enterprise PeopleTools product is affected by a vulnerability that causes supported versions to be affected.
CVE-2022-39423 Vulnerability in Oracle VirtualBox that affects Prior to 6.1.38 versions.
CVE-2022-39422 Vulnerability in Oracle VirtualBox that affects Prior to 6.1.38 versions.
CVE-2022-21627 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-21625 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21617 MySQL Server has a vulnerability that affects versions 5.7.39 and 8.0.30 and later.
CVE-2022-39403 A vulnerability in the MySQL Shell product of Oracle MySQL is affecting versions 8.0.30 and prior.
CVE-2022-39402 A vulnerability in the MySQL Shell product of Oracle MySQL is affecting versions 8.0.30 and prior.
CVE-2022-3594 An issue was found in Linux Kernel, the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF was vulnerable to logging excessive data.
CVE-2022-3595 The sess_free_buffer function of the CIFS handler can be manipulated to cause a double free.
CVE-2022-33872 In some Telnet components of FortiTester, an improper neutralization of special elements may allow an unauthenticated remap of commands.
CVE-2022-33874 Insecure neutralization of special elements in SSH login components may allow unauthenticated remote attackers to gain remote admin access.
CVE-2022-41541 An attacker can replay an encrypted authentication message and valid authentication token with the AX10v1 V1_211117 device.
CVE-2022-43259 Tenda AC15 V15.03.05.18 had a stack overflow vulnerability in the timeZone parameter of the form_fast_setting_wifi_set function.
CVE-2022-41540 The TP-Link AX10v1 V1_211117 web app client uses hard-coded cryptographic keys to communicate with the router.
CVE-2022-43260 An AC18 V15.03.05.19(6318) was found to have a stack overflow in the fromSetSysTime function.
CVE-2022-29055: Uninitialized Pointer Access Vulnerability in Fortinet FortiOS and FortiProxy Versions
CVE-2020-15853 supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS
CVE-2022-3587 SourceCodester Simple Cold Storage Management System 1.0 has a vulnerability that causes My Account to malfunction.
CVE-2022-3580 An issue has been found in SourceCodester Cashier Queuing System 1.0.1 that affects user creation processing. Manipulation leads to cross site scripting.
CVE-2022-40889 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
CVE-2022-3339 An XSS vulnerability in ePO 5.10 before Update 14 allows an attacker to access the administrator's session of an authenticated ePO admin.
CVE-2022-31037 OroCommerce is an open-source Business to Business Commerce application
CVE-2022-31122 Wire is an encrypted communication and collaboration platform. Versions before 2022-07-12 are subject to Token Recipient Confusion
CVE-2022-39057 The Ravva certificate validation system has insufficient filtering for special parameter of the web page input field.
CVE-2022-39056 RAVA certificate validation system has insufficient validation for user input
CVE-2022-39055 RAVA certificate validation system has inadequate filtering for URL parameter
CVE-2022-22220 An exploit in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved can cause a Denial of Service.
CVE-2022-22233 An unchecked return value to NULL pointer dereference vulnerability in Juniper Network's Routing Protocol Daemon (rpd) allows a locally authenticated attacker with low privileges to cause a DoS.
CVE-2022-22250 In Junos OS and Junos OS Evolved, an attacker can cause a DoS by controlling a resource through its lifetime.
CVE-2022-22237 An attacker can compromise Junos OS confidentiality or integrity by attacking the kernel.
CVE-2022-22242 J-Web has an XSS vulnerability that allows an attacker to run malicious scripts in the victim's session.
CVE-2022-22247 An Ingress TCP segment processing vulnerability in Juniper Networks Junos OS Evolved allows a network-based attacker to send a crafted TCP segment to the device, triggering a kernel panic and Denial of Service.
CVE-2022-22248 An Incorrect Permission Assignment vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands.
CVE-2022-22251 In Juniper Networks Junos OS, software permission issues and passwords in Junos OS are vulnerable to local low-privilege attacks.
CVE-2022-22246 An LFI vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged attacker to execute an untrusted PHP file.
CVE-2022-22243 An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an attacker to add an XPath command, which may lead to other vulnerabilities.
CVE-2022-22240 Allocates resources without limits or throttling, and releases memory after an effective lifetime. Local auth required.
CVE-2022-22239 An attacker with low privileges can escalate their privileges on the device and potentially remote systems of Juniper Networks Junos OS Evolved.
CVE-2022-22238 An attack on the routing protocol daemon (rpd) can cause a Denial of Service.
CVE-2022-22241 An IAV vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data.
CVE-2022-22236 An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway of Juniper Networks Junos OS on SRX and MX allows an unauthenticated, network-based attacker to cause a Denial of Service.
CVE-2022-22249 An attacker can cause a Denial of Service through the PFE of Juniper Networks Junos OS on MX Series.
CVE-2022-22235 An improper check in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause Denial of Service.
CVE-2022-22234 An attacker with low privileges can cause a Denial of Service in the Junos Packet Forwarding Engine.
CVE-2022-22232 A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series can cause a Denial of Service.
CVE-2022-22230 Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Junos OS Evolved can be DoSed with an adjacent unauthenticated attacker.
CVE-2022-22225 An attacker with an established BGP session can cause a Denial of Service in Routing Protocol Daemon of Juniper Networks Junos OS and Junos OS Evolved.
CVE-2022-22219 An attacker in direct control of a BGP client, or via a machine in the middle, can cause Juniper Networks Junos OS and Junos OS Evolved to mishandle EVPN routes.
CVE-2022-22201 The validation of Index, Position, or Offset in Junos Packet Forwarding Engine is vulnerable to Denial of Service.
CVE-2022-22192 The PTX series of Juniper Networks Junos OS is vulnerable to an attack that causes a Denial of Service.
CVE-2022-22228 An attacker can cause an RPD memory leak, which leads to a DoS.
CVE-2022-22227 The Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved has an Improper Check for Unusual or Exceptional Conditions vulnerability that allows a network-based attacker to cause a DoS.
CVE-2022-22211 FPC resources of Juniper Networks Junos OS Evolved on PTX Series can be compromised to cause a Denial of Service.
CVE-2022-22223 QFX10000 Series devices using Juniper Networks Junos OS as transit IP/MPLS PHP nodes with LAG interfaces can have input validation issues.
CVE-2022-3569 ZCS has a local privilege escalation vulnerability in versions 9.0.0 and prior, where the 'zimbra' user can coerce postfix into running arbitrary commands as 'root'.
CVE-2020-8973 TPS200 NG in 2.00 and 1.01 firmware doesn't accept specially constructed requests.
CVE-2020-8976 The ZGR TPS200 NG integrated server on 2.00 firmware and 1.01 hardware allows a remote attacker to perform actions as the victim user.
CVE-2020-8975 TPS200 NG in 2.00 and 1.01 firmware versions allows remote attackers with access to the web application to access sensitive information about the system.
CVE-2020-8974 The firmware upload in ZGR TPS200 NG 2.00 and 1.01 doesn't have restrictions.
CVE-2022-40606 In 4.1.0, XSS in the Operations tab and Debrief plugin is possible via a crafted operation name. This is different than CVE-2022-40605.
CVE-2022-42147 kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
CVE-2022-41431 The component /admin/question/edit in xzs v3.8.0 had an XSS flaw.
CVE-2022-3382 The Robot System Software version 188.8.131.5269 has an error that handles terminated commands.
CVE-2022-3517 A vulnerability was found in the minimatch package
CVE-2022-3565 A critical vulnerability was found in the Linux Kernel function del_timer of the Bluetooth component. Using this issue leads to use after free.
CVE-2022-3566 A vulnerability was found in Linux Kernel TCP Handler which leads to a race condition.
CVE-2022-40055 Brute force attack can escalate privileges in GX Group GPON ONT 2122A T2122-V1.26EXL.
CVE-2022-42029 Chamilo 1.11.16 is vulnerable to authenticated local file inclusion. This can be exploited to copy/move files from anywhere in the file system into the web directory.
CVE-2022-41751 Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing commands in a JPEG filename and using the regeneration option.
CVE-2022-2592 Snippet descriptions in GitLab CE/EE prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 have a lack of length validation which can be abused by attackers to create maliciously large Snippets.
CVE-2022-3288 The branch/tag name confusion in GitLab CE/EE older than 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows attackers to manipulate pages where the default branch would be expected.
CVE-2022-3291 Data in GitLab EE older than 15.2.5, 15.3.4, and 15.4.1 can be leaked via the cache.
CVE-2022-2630 An access control issue in GitLab CE/EE older than 15.2.4 and 15.3.2 that allows disclosure of confidential information via the Incident timeline events.
CVE-2022-2865 An issue with cross-site scripting has been found in GitLab CE/EE prior to 15.3.2, 15.2 to 15.2.4, and 15.1.6.
CVE-2022-2533 An issue was discovered in GitLab before 12.10, 15.2, 15.3, and 15.4.
CVE-2022-3351 Issue in 13.7, 15.3.4, 15.4.1, and earlier versions.
CVE-2022-3331 An issue was found in GitLab EE versions before 15.2.4, 15.3.2, and 14.5 before 15.1.6.
CVE-2022-2908 An attack in Gitlab CE/EE versions starting from 10.7 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1 could result in high CPU usage.
CVE-2022-2931 A DOS vulnerability was discovered in GitLab before 15.1.6, 15.2.4, 15.3.2.
CVE-2022-2428 An attacker can make HTTP requests as a tag in the Jupyter Notebook viewer in GitLab EE/CE before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 is affected.
CVE-2022-3293 Email addresses were leaked in WebHook logs in GitLab EE prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.
CVE-2022-3330 An inaccessible note in Gitlab CE/EE can affect all versions 15.0-15.2.5, 15.3-15.3.4, and 15.4-15.4.1.
CVE-2022-2455 The business logic of handling large repositories in GitLab before 15.1.6, 15.2.4, and 15.3.2 allowed an authenticated and authorized user to access sensitive data.
CVE-2019-14841 An attacker can change their role in the RHDM.
CVE-2020-35539 Wordpress 5.1 has a security flaw that leaks client IP address in X-Forwarded-For header.
CVE-2022-3060 An authenticated attacker can create content in Error Tracking in GitLab CE/EE that could cause a victim to make unintended requests.
CVE-2022-3066 An issue was discovered in GitLab starting from 10.0 before 15.2.5, 15.3 before 15.3.4, 15.4 before 15.4.1.
CVE-2022-42221 The R6400 v184.108.40.206_1.0.1 router has an Incorrect Access Control vulnerability, which is a command injection vulnerability.
CVE-2022-42167 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVE-2022-42237 An SQL injection issue in Merchandise Online Store v.1.0 allows attackers to log in to the admin account.
CVE-2022-41542 devhub 0.102.0 was discovered to contain a broken session control.
CVE-2022-3550 An issue in X.org Server was found, which involves the function _GetCountedString of xkb.c. The manipulation leads to a buffer overflow, which is recommended to fix.
CVE-2022-42165 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVE-2022-3555 X.org libX11 has a vulnerability. Manipulation of the argument dpy leads to memory leak.
CVE-2022-3554 X.org libX11 has a vulnerability that leaks memory.
CVE-2022-3543 A vulnerability in the Linux Kernel was found, which affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c. The vulnerability leads to a memory leak.
CVE-2022-3546 The component Create User Handler has a vulnerability that allows for some unknown functionality to be accessed. This could be used to steal user information.
CVE-2022-3541 A critical Linux Kernel vulnerability has been found, affecting the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free.
CVE-2022-3139 We're Open! plugin before 1.42 has settings that could allow high privilege users to perform Stored Cross-site Scripting attacks.
CVE-2022-3542 An issue with the bnx2x_tpa_stop function of the BPF driver is found in the Linux Kernel. The vulnerability leads to a memory leak.
CVE-2022-39052 An external attacker can send a malicious email that can crash the system.
CVE-2022-3531 A vulnerability was found in Linux Kernel, which is classified as problematic. The manipulation leads to memory leak.
CVE-2022-3533 An issue was found in the Linux Kernel. It is rated as problematic. The function parse_usdt_arg of the file tools/lib/bpf/usdt.c has a memory leak when the argument reg_name is manipulated.
CVE-2022-3534 A critical vulnerability has been found in the Linux Kernel's btf_dump_name_dups function. It can lead to use after free.
CVE-2022-3281 WAGO PFC100/200, Touch Panel 600, CC100 and Edge Controller are prone to a loss of MAC-Address-Filtering after reboot.
CVE-2022-2052 Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords
CVE-2022-42983 Spoofing JWT Tokens allows attackers to bypass login authentication.
CVE-2022-42975 socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding
CVE-2022-3527 a vulnerability in Linux kernel, which affects ipneigh_get function of ip/ipneigh.c component of iproute2. Manipulation leads to memory leak.
CVE-2022-3530 An issue was found in the Linux kernel ip/ipaddress.c function ipaddr_link_get and leads to memory leak.
CVE-2022-3521 A vulnerability has been found in Linux Kernel and is classified as problematic. The kcm_tx_work function of the net/kcm/kcmsock.c component kcm can be manipulated to lead to a race condition.
CVE-2022-3523 The Linux Kernel was found to have a vulnerability. The vulnerability is in mm/memory.c of the Driver Handler component. The vulnerability causes use after free.
CVE-2022-3524 An issue was found in the Linux Kernel IPv6 renewal functionality. A memory leak vulnerability can be triggered by sending a specially crafted packet.
CVE-2022-42969 The py library through 1.11.0 for Python lets attackers conduct a ReDoS attack via a Subversion repository with crafted info data.
CVE-2022-41323 In Django 3.2.x before 3.2.16, 4.0.x before 4.0.8, and 4.1.x before 4.1.2,
CVE-2022-42968 Gitea before 1.17.3 does not sanitize and escape refs in the git backend
CVE-2017-20149 The Mikrotik RouterOS web server can be vulnerable to memory corruption, aka Chimay-Red, if a remote and unauthenticated user sends a crafted HTTP request.
CVE-2022-41436 An issue in TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via the URL http://device_ip/index1.html.
CVE-2022-39311 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-39309 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-38445 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-39310 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-35691 Adobe Acrobat versions 22.002.20212 and earlier are affected by a NULL Pointer Dereference vulnerability.
CVE-2022-42340 Adobe ColdFusion versions Update 14 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read.
CVE-2022-38422 ColdFusion versions Update 14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory vulnerability. This could result in information disclosure.
CVE-2022-38443 Dimension 3.4.5 is vulnerable to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass ASLR.
CVE-2022-38446 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-35698 Adobe Commerce versions 2.4.4-p1 and 2.4.5 are affected by a Stored XSS vulnerability.
CVE-2022-38448 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38447 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38442 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38418 ColdFusion versions Update 14 and earlier are affected by an 'Improper Limitation of a Pathname to a Restricted Directory' vulnerability that could allow arbitrary code execution.
CVE-2022-35712 ColdFusion versions Update 14 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could compromise the user's system.
CVE-2022-38424: Uncovering a Path Traversal Vulnerability in Adobe ColdFusion and How to Protect Your Systems
CVE-2022-38697 In messaging service, there is a missing permission check
CVE-2022-39080 In messaging service, there is a missing permission check
CVE-2022-39105 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39108 In Music service, there is a missing permission check
CVE-2022-39110 In Music service, there is a missing permission check
CVE-2022-39109 In Music service, there is a missing permission check
CVE-2022-39112 In Music service, there is a missing permission check
CVE-2022-41477 A security issue was discovered in WeBid <=1.2.2
CVE-2022-38672 In face detect driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38673 In face detect driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39107 In Soundrecorder service, there is a missing permission check
CVE-2022-38671 In camera driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39111 In Music service, there is a missing permission check
CVE-2022-38679 In music service, there is a missing permission check
CVE-2022-38677 In cell service, there is a missing permission check
CVE-2022-39128 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39126 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39123 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39124 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39120 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38670 In soundrecorder service, there is a missing permission check
CVE-2022-2984 In jpg driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39115 In Music service, there is a missing permission check
CVE-2022-2963 A vulnerability found in jasper
CVE-2022-2850 An attacker can exploit a NULL pointer dereference in the Content Synchronization plugin to cause a denial of service.
CVE-2021-27406 An attacker can take advantage of versions 220.127.116.11 and earlier to send a config command from the local host to force the back-end server to initialize a new openVPN instance.
CVE-2022-42234 There is a file inclusion vulnerability in the template management module in UCMS 1.6
CVE-2022-41307 Malicious PKT file could lead to memory corruption vulnerability by read access violation.
CVE-2022-41306 Malicious PCT file could lead to memory corruption vulnerability by write access violation.
CVE-2022-41302 An OOB vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure.
CVE-2022-41304 An OOB write vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution or information disclosure.
CVE-2022-20397 An out of bounds write in SitRilClient_OnResponse could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-38980 The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol. Successful exploitation may allow attackers to obtain process control permissions.
CVE-2022-38981 The HwAirlink module has an out-of-bounds read vulnerability. Successful exploitation may cause information leakage.
CVE-2022-38977 The HwAirlink module has a heap overflow vulnerability. Successful exploitation may cause out-of-bounds writes, which may lead to modification of sensitive data.
CVE-2022-38985 The facial recognition module has a vulnerability in input validation, which may affect data confidentiality.
CVE-2022-41581 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-39065 An unresponsive TRÅDFRI gateway can make connected lighting controls non-functional.
CVE-2022-41578 The MPTCP module has an out-of-bounds write vulnerability. Successful exploitation may lead to privilege escalation attacks.
CVE-2022-41585 The kernel module has an out-of-bounds read vulnerability. Successful exploitation may cause memory overwriting.
CVE-2022-41582 The security module has configuration defects, which may affect system availability.
CVE-2022-41589 The DFX unwind stack has a vulnerability in interface calling that affects system services and device availability.
CVE-2022-41584 The kernel module has an out-of-bounds read vulnerability. Successful exploitation may cause memory overwriting.
CVE-2022-41580 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-42067 The birth certificate management system version 1.0 has an IDOR vulnerability.
CVE-2021-46840 The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification. Successful exploitation may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-38998 The HISP module has a vulnerability where it doesn't verify data in kernel space and can lead to an out-of-bounds read, affecting data confidentiality.
CVE-2022-41577 The kernel server has a vulnerability of not verifying the length of data transferred in the user space, which may cause an out-of-bounds read and device confidentiality and availability.
CVE-2022-41592 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41603 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41601 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41598 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41593 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41600 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41602 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-42071 The CMS version 1.0 has a XSS vulnerability.
CVE-2022-42464 OpenHarmony 3.1.2 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker.
CVE-2022-42488 OpenHarmony has a permission validation vulnerability in the param service of the startup subsystem.
CVE-2022-42069 A birth certificate management system version 1.0 has a XSS vulnerability.
CVE-2022-2879 Read doesn't limit the maximum size of file headers. This can lead to memory exhaustion or crashes.
CVE-2022-28760 On-Premise Meeting Connector MMR 4.8.20220815 contains an improper access control vulnerability.
CVE-2022-35056 An attacker could exploit a heap buffer overflow in OTFCC commit 617837b to compromise the user's system.
CVE-2022-35049 The commit 617837b of OTFCC was discovered to contain a heap buffer overflow.
CVE-2022-35048 An attacker can overflow a buffer with 0x6B0B2C in OTFCC commit 617837b to crash the application.
CVE-2022-35050 An attacker sent a 0x6b04de heap buffer overflow to commit 617837b in order to gain remote code execution.
CVE-2022-35054 Heap buffer overflow in OTFCC commit 617837b was discovered to be vulnerable.
CVE-2022-35045 An attacker could overflow a heap buffer in otfccdump via /release-x64/otfccdump+0x6b0d63.
CVE-2022-35040 An attacker could overflow a heap buffer with OTFCC-Dump's /release-x64 command.
CVE-2022-35059 An overflow was discovered in OTFCC commit 617837b that was used in an exploit.
CVE-2022-35046 An attacker can overflow a heap buffer in otfccdump+0x6b0466 via /release-x64. END
CVE-2022-35042 An attacker could send a crafted request to /release-x64/otfccdump+0x4adb11 to overflow the heap and execute arbitrary code.
CVE-2022-35055 An attacker can overflow a heap buffer with OTFCC commit 617837b, which is a VRP tool.
CVE-2022-35053 Heap buffer overflow in commit 617837b of otfccdump was discovered.
CVE-2022-35041 The commit 617837b in OTFCC was found to have a heap buffer overflow.
CVE-2022-3439 Allocating resources without limits or throttling in a GitHub repository prior to 2.5.0.
CVE-2022-3503 SourceCodester's Supplier Handler has a vulnerability that is revealed as problematic.
CVE-2022-37602 The key variable in grunt-karma.js is Prototype pollution vulnerability in karma-runner grunt-karma 4.0.1.
CVE-2022-2780 Octopus Server is vulnerable to an NTLM relay attack if a user uses the Git Connectivity test on the VCS project.
CVE-2022-3497 A vulnerability was found in SourceCodester HRMS 1.0. It is problematic. The affected function is unknown.
CVE-2022-39302 Ree6 is a moderation bot. It would allow other server owners to create configurations such as "Better Audit Logging," which contains a channel from another server as a target.
CVE-2022-42720 Local attackers could use refcounting bugs in the mac80211 stack to trigger use-after-free conditions.
CVE-2022-42722 Local attackers could inject WLAN frames into the mac80211 stack to cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.
CVE-2022-42721 A BSS handling bug could be used by local attackers to corrupt a linked list and execute code.
CVE-2022-41674 An issue was discovered in the Linux kernel through 5.19.11
CVE-2022-35135 An attacker can escalate privileges in the Boodskap IoT Platform v4.4.9-02 by sending a crafted request to /api/user/upsert/uuid>.
CVE-2022-39295 Knowage is an open source suite for modern business analytics alternative over big data systems
CVE-2022-39201 Grafana could leak the authentication cookie of users to plugins before versions 8.5.14 and 9.1.8.
CVE-2022-35134 Boodskap IoT Platform v4.4.9-02 contains a cross-site scripting (XSS) vulnerability.
CVE-2022-39278 The Istio service mesh manages traffic, enforces policies, and collects telemetry.
CVE-2022-39229 Grafana old versions let one user block another user's login attempt by registering someone else's email address as a username.
CVE-2022-34021 Multiple XSS vulnerabilities in ResIOT IOT Platform + LoRaWAN Network Server 4.1.1000114 via the form fields.
CVE-2022-35611 CSRF in MQTTRoute v3.3 and below allows attackers to create and remove dashboards.
CVE-2022-42719 An use-after-free in the mac80211 stack could be used by attackers to crash the kernel and execute code.
CVE-2022-39300 SAML is a library based on SAML v2 that can be bypassed by a remote attacker using passport-saml.
CVE-2022-41496 iCMS v7.0.16 had an SSRF attack via the admincp.php url parameter.
CVE-2022-3456 Allocating resources without limits or throttling in a GitHub repository prior to 2.5.0.
CVE-2022-3457 Origin Validation Error in GitHub repository ikus060/rdiffweb prior to 2.5.0a5.
CVE-2022-41483 AnAC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 had a buffer overflow in the 0x4a12cc function.
CVE-2022-41485 An AC1200 US_AC6V2.0RTL_V15.03.06.51_multi_TDE01 with a buffer overflow was discovered.
CVE-2022-42156 The D-Link COVR 1200,1203 v1.08 had a command injection vulnerability via the tomography_ping_number parameter of SetNetworkTomographySettings.
CVE-2022-42159 The D-Link COVR 1200,1202,1203 has a predictable seed in a Pseudo-Random Number Generator.
CVE-2022-42160 D-Link COVR 1200,1202,1203 v1.08 has a command injection vulnerability in SetNTPServerSettings that could be exploited by an attacker.
CVE-2022-39293 Azure RTOS USBX is a high-performance USB host, device, and on-the-go embedded stack that is fully integrated with Azure RTOS ThreadX.
CVE-2022-41484 Tenda AP500 US was found to have a buffer overflow in 0x32384 function.
CVE-2022-3493 A vulnerability was found in SourceCodester HRMS 1.0. This affects some unknown component processing.
CVE-2022-3492 A critical vulnerability was found in SourceCodester HRMS 1.0. The vulnerability affects unknown code of the component Profile Photo Handler.
CVE-2022-41473 An XSS vulnerability was found in RPCMS v3.0.2's Search function.
CVE-2021-20030 GMS is vulnerable to file path manipulation and can be accessed by an unauthenticated attacker.
CVE-2022-3472 A critical vulnerability was found in SourceCodester HRMS system. The file city.php is manipulated by the argument cityedit, leading to sql injection.
CVE-2022-3473 A critical vulnerability has been found in SourceCodester HRMS system. The manipulation of the argument ci leads to sql injection.
CVE-2022-42899 Out-of-bounds read and stack overflow in Bentley MicroStation and MicroStation-based applications could lead to information disclosure and code execution.
CVE-2022-42901 MicroStation and MicroStation-based applications could be affected by out-of-bounds and stack overflow issues when opening crafted XMT files. This could lead to information disclosure and code execution.
CVE-2022-42902 In LavA before 2022.10, there is dynamic code execution in lav_server/lavatable.py.
CVE-2022-42906 Powerline Gitstatus before 1.3.2 has an exploitable configuration that can run arbitrary commands in the project's repository.
CVE-2022-40187 Forescout's Foresight GC3 Launch Monitor 18.104.22.168 ships with a Target Communication Framework (TCF) service enabled.
CVE-2022-39283 FreeRDP is a library that provides a free remote desktop protocol. It might read uninitialized data and decode it as audio/video.
CVE-2018-18446 dotPDN Paint.NET before 4.1.2 allows Deserialization of Untrusted Data (issue 1 of 2).
CVE-2021-36369 An issue was found in Dropbear through 2020.81, which allows an SSH server to change the login process.
CVE-2022-31228 Dell EMC XtremIO versions prior to X2 6.4.0-22 contain a bruteforce vulnerability
CVE-2022-32491 Dell Client BIOS contains a Buffer Overflow vulnerability
CVE-2022-32493 Dell BIOS contains an Stack-Based Buffer Overflow vulnerability
CVE-2022-34390 Dell BIOS contains a use of uninitialized variable vulnerability
CVE-2022-33921 Dell GeoDrive, versions prior to 2.2, contains Multiple DLL Hijacking Vulnerabilities
CVE-2022-37601 The name variable in parseQuery.js in webpack loader-utils 2.0.0 is for prototyping pollution vulnerability.
CVE-2022-41351 In ZCS 8.8.15, at the URL /h/calendar, one can trigger XSS by changing the value of the view and uncheck parameters.
CVE-2022-34391 Dell Client BIOS versions prior to remediated version contain an improper input validation vulnerability.
CVE-2022-42081 An AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 had a stack overflow vulnerability.
CVE-2022-2249 privilege escalation vulnerabilities were found in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges.
CVE-2022-42079 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 was discovered to have a stack overflow.
CVE-2022-42080 Tenda AC1206 US_AC1206V1.0RTL_V15.03.06.23_multi_TD01 has a heap overflow vulnerability.
CVE-2022-42715 An XSS vulnerability is present in REDCap's Alerts & Notifications upload feature prior to 12.04.18.
CVE-2022-40871 Dolibarr ERP & CRM <=15.0.3 is vulnerable to Eval injection
CVE-2022-2720 In Octopus Server affected versions, when a sensitive value is a substring of another value, only part of the sensitive value is masked.
CVE-2022-3458 An unknown vulnerability in SourceCodester Human Resource Management System 1.0 affects the file /employeeview.php of the Image File Handler component.
CVE-2022-37611 Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js.
CVE-2022-40469 iKuai8 v3.6.7 was discovered to contain an authenticated remote code execution (RCE) vulnerability.
CVE-2022-40440 An XSS vulnerability was found in v4.2.2 of the Graph Visualization tool.
CVE-2022-41532 The Open Source SACCO Management System v1.0 had a SQL injection vulnerability where id was used to delete plans.
CVE-2022-41606 HashiCorp Nomad and Nomad Enterprise up to 1.2.12 and 1.3.5 can crash client agents with invalid S3 or GCS URLs.
CVE-2022-37617 Pollution vulnerability in thlorenz browserify-shim 3.8.15 via k variable in resolve-shims.js.
CVE-2022-41404 An issue in the fetch() method in org.ini4j before v0.5.4 allows attackers to cause a DoS.
CVE-2022-42717 An issue was found in Hashicorp Packer 2.3.1 before the recommended sudoers configuration for Vagrant on Linux.
CVE-2022-41384 The d8s-domains package had a backdoor in the democritus-urls package.
CVE-2022-41385 The d8s-html package had a backdoor, the democritus-urls package.
CVE-2022-41382 The d8s-json package had a backdoor--the democritus-file-system package.
CVE-2022-41383 The d8s-archives package had a backdoor from a third party, democritus-file-system.
CVE-2022-42042 d8s-networking had a backdoor added by a third party. The backdoor is democritus-hashes.
CVE-2022-42038 The d8s-ip-addresses package has a backdoor: democritus-csv.
CVE-2022-42041 d8s file system package had a backdoor from a third party, democritus-hashes.
CVE-2022-42036 The d8s-urls package contains a backdoor. The democritus-csv package is the backdoor.
CVE-2022-42039 The d8s-lists package had a backdoor from a third party. The democritus-dicts package is a backdoor.
CVE-2022-42043 d8s-xml had a backdoor from democritus-html.
CVE-2022-42044 The d8s-asns package had a backdoor from a third party, democritus-html.
CVE-2022-41387 The d8s-pdfs package had a backdoor in the democritus-urls package.
CVE-2022-41386 The d8s-utility package had a backdoor, the democritus-urls package.
CVE-2022-41380 d8s-yaml has a backdoor. It is democritus-file-system.
CVE-2022-41381 The d8s-utility package has a backdoor from a third party. The backdoor is democritus-file-system.
CVE-2022-31682 VMware Aria Operations contains an arbitrary file read vulnerability
CVE-2022-35226 SAP Data Services Management allows an attacker to copy data from a request and echo it into the application's response, leading to a XSS vulnerability.
CVE-2022-35296 The SAP BusinessObjects Version Management System can expose sensitive information to a high-privileged user who isn't explicitly authorized to see it.
CVE-2022-41183 The memory management of the victim's computer is poor, which makes it possible for the application to crash and become temporally unresponsive.
CVE-2022-41181 Memory management in PDF files can cause 3D Visual Enterprise Author to crash.
CVE-2022-41186 Computer Graphics Metafile files sent by malicious attackers can be exploited to trigger a Remote Code Execution.
CVE-2022-39804 Due to memory management issues, victims of SolidWorks Part files from untrusted sources can be compromised with RCE.
CVE-2022-39802 SAP MES version 15.1, 15.2, 15.3 has an exploitable file path parameter vulnerability. The attacker can manipulate the file path to access arbitrary files on the server.
CVE-2022-41187 Memory management issues can lead to RCE when a victim opens a file containing a malicious ObjTranslator.exe.
CVE-2022-39808 It's possible that a victim opening a Wavefront Object file from untrusted sources could be exploited via Remote Code Execution.
CVE-2022-39806 An attacker can send a SAP 3D Visual Enterprise Author file that can be opened by the victim and execute remote code.
CVE-2022-41172 Memory management issues in AutoCAD can lead to RCE when a victim opens a file from untrusted sources.
CVE-2022-41177 Memory management issues in Iges Part and Assembly files can lead to RCE.
CVE-2022-41179 Memory management problems can lead to RCE when a victim opens a file from an untrusted source.
CVE-2022-41170 memory management can lead to RCE on CATIA4 Part .model files opened from untrusted sources.
CVE-2022-41180 Memory management issues in SAP can cause a victim to open a .pdf file from an untrusted source, which can lead to a RCE.
CVE-2022-39013 Under certain conditions an authenticated attacker can get access to OS credentials
CVE-2022-41204 An attacker can change the content of an SAP Commerce version 1905, 2005, 2105, 2011, 2205, login page, by injecting code that redirects submissions from the affected login form to their own server.
CVE-2022-41176 Due to memory mismanagement, Enhanced Metafile files received from untrusted sources can crash the application and tempora END>
CVE-2022-41173 Memory management issues in AutoCAD can lead to application crash.
CVE-2022-41198 SketchUp files can be memory-compromised and RCE can be triggered when victims open them.
CVE-2022-41196 Memory management issues can cause a VRML Worlds file to be opened by a victim and result in a Remote Code Execution.
CVE-2022-39803 Memory management issues in ACIS Part and Assembly files make it possible for a victim to be exploited and executed remote code.
CVE-2022-39807 The victim's lack of memory management can cause the application to crash when they open a SolidWorks Drawing file from an untrusted source.
CVE-2022-41193 Memory management issues in EPS files can lead to RCE in SAP 3D Visual Enterprise Viewer - version 9.
CVE-2022-20418 In the pickStartSeq of AAVCA assembler, there is a possible out of bounds read. This could lead to remote information disclosure with no additional execution privileges needed.
CVE-2020-14129 A logic vulnerability exists in a Xiaomi product
CVE-2022-20438 Messaging has unauthorized broadcast, which can cause Local Deny of Service.
CVE-2022-20439 Messaging has an unauthorized provider, which could cause Local Deny of Service.
CVE-2020-14131 The Xiaomi Security Center thanks ADLab for their help and welcome more security experts to join the Mi Security Center to make sure safety is maintained.
CVE-2021-0951 DevmemIntHeapAcquire could have an overflow that could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20430 There is an missing authorization issue in the system service
CVE-2022-20394 In IMEService.java, there is a check for permissions when another app shows an IME. This can be used to determine when another app is showing an IME.
CVE-2022-20415 There is a logic error in the code of StatusBarNotificationActivityStarter that starts activity from background.
CVE-2022-20412 fdt_next_tag could have an out of bounds read due to a bounds check error. This could lead to privilege escalation with System execution privileges needed.
CVE-2022-20416 AudioTransportsToHal in HidlUtils.cpp has a possible out of bounds write due to a bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20409 in io_identity_cow of io_uring.c, there is a possible way to corrupt memory and get local escalation of privilege with System execution privileges.
CVE-2022-20413 In Threads.cpp, there is a logic error that could lead to local information disclosure with user execution privileges.
CVE-2022-20431 There is an missing authorization issue in the system service
CVE-2022-20425 ZenModeHelper could have a performance degradation due to resource exhaustion. This could lead to local denial of service with User execution privileges needed.
CVE-2022-20434 There is an missing authorization issue in the system service
CVE-2022-20435 There is a Unauthorized service in the system service, may cause the system reboot
CVE-2022-20433 There is an missing authorization issue in the system service
CVE-2022-35829 Service Fabric Explorer Spoofing Vulnerability.
CVE-2022-37997 Windows Graphics Component Elevation of Privilege Vulnerability
CVE-2022-33634 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-41034 Visual Studio Code Remote Code Execution Vulnerability.
CVE-2022-38000 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-38016 Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability.
CVE-2022-38038 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-38036 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability.
CVE-2022-37990 Windows Kernel Elevation of Privilege Vulnerability
CVE-2022-37973 Windows Local Session Manager (LSM) Denial of Service Vulnerability
CVE-2022-24504 Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-42238 An issue in VOPE 1.0 allows access to the admin dashboard.
CVE-2022-3453 An issue was found in SourceCodester Book Store Management System 1.0. This affects unknown processing of the file /transcation.php.
CVE-2022-41376 UI v4.4.0 to v4.5.0 contains an XSS vulnerability.
CVE-2022-34430 Dell Hybrid Client below 1.8 version contains a Zip Bomb Vulnerability in UI
CVE-2022-34427 Dell Container Storage Modules 1.2 contains an OS Command Injection in goiscsi and gobrick libraries
CVE-2022-34432 Dell Hybrid Client below 1.8 version contains a gedit vulnerability
CVE-2022-34434 The Dell Cloud Mobility for Postgres database has an Improper Access Control vulnerability.
CVE-2022-34431 Dell Hybrid Client below 1.8 version contains a guest user profile corruption vulnerability
CVE-2022-38388 An IBM Navigator Mobile app could allow a local user to get sensitive information due to improper access control.
CVE-2022-3358 OpenSSL custom cipher can be created with the EVP_CIPHER_meth_new() function and function calls.
CVE-2022-33749 XAPI can hit its file-limit unauthenticated client.
CVE-2022-33746 The P2M pool backing second level address translation for guests may be of significant size, thus freeing may take more time than is reasonable.
CVE-2022-33748 An error handling path was added that neglected to pay attention to locking requirements.
CVE-2022-41851 Vulnerabilities have been identified in JTTK, Simcenter Femap V2022.1, V2022.2.
CVE-2022-40631 Vulnerability in SCALANCE X200-4P IRT, SCALANCE X201-3P IRT, SCALANCE X201-3P IRT PRO, SCALANCE X202-2IRT, and SCALANCE X202-2P IRT.
CVE-2022-40227 A vulnerability has been identified in SIMATIC HMI Comfort Panels (incl
CVE-2022-40226 V3.10 has a vulnerability.
CVE-2022-40176 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-37864 Vulnerability in Solid Edge. Application contains an out of bounds write past the heap-based buffer while parsing DWG files.
CVE-2022-36361 An exploit could be used to crash a device.
CVE-2022-36363 An offset value can be defined in TCP packets when calling a method, which is not properly validated in LOGO! 8 BM affected devices.
CVE-2022-40147 V1.5.1 of Industrial Edge Management doesn't validate server certificates when initiating a TLS connection.
CVE-2022-38371 An arbitrary file download vulnerability has been found in Nucleus NET, Nucleus ReadyStart V3, Nucleus Source Code.
CVE-2022-36362 Vulnerability in LOGO! 8 BM (All versions) that doesn't validate certain interactions.
CVE-2022-36360 Vulnerability in LOGO! 8 BM (incl. SIPLUS variants) firmware updates checks authenticity.
CVE-2022-31766 Vulnerabilities have been found in RUGGEDCOM RM1224 LTE(4G) EU, RUGGEDCOM RM1224 LTE(4G) NAM, SCALANCE M804PB, and SCALA END>
CVE-2022-40177 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-31765 Affected devices do not properly authorize the change password function of the web interface
CVE-2022-40182 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-40181 Desigo PXM30-1, PXM30.E, PXM40-1, PXM40.E, PXM50-1 have multiple vulnerabilities.
CVE-2022-38465 Vulnerability in SIMATIC Drive Controller family (All versions V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), and SIMATIC ET 200SP Open Controller CPU 1515SP PC2.
CVE-2022-35289 A write-what-where condition in hermes caused by an integer overflow allows attackers to execute arbitrary code.
CVE-2022-32234 An out of bounds write in hermes handling large arrays allows attackers to execute arbitrary code.
CVE-2021-35226 An entity in NPM is misconfigured and is exposing the password field to SWIS.
CVE-2022-3433 The aeson library is not safe to use to consume untrusted JSON input
CVE-2022-34402 Dell Wyse ThinOS 2205 contains a Regular Expression Denial of Service Vulnerability in UI
CVE-2022-39288 Fastify is a low overhead Node.js framework. Malicious use of the Content-Type header can be used to deny service.
CVE-2022-34425 Dell Enterprise SONiC OS, 4.0.0, 4.0.1, contain a cryptographic key vulnerability in SSH
CVE-2022-41746 An attacker with access to the console on an affected installation could escalate privileges and modify agent groupings.
CVE-2022-41748 The Trend Micro Apex One DLP module has a registry permissions vulnerability that could allow local attackers with administrative credentials to bypass anti-tampering mechanisms.
CVE-2022-2823 The MetaSlider WordPress plugin before 3.27.9 is vulnerable to Stored Cross-site Scripting attacks, which could be possible by admin users.
CVE-2022-20915 An IPv6 vulnerability in 6VPE with ZBFW could cause a DoS attack.
CVE-2022-20870 An vulnerability in egress MPLS packet processing of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload.
CVE-2022-20830 An unauthenticated, remote attacker could access the GUI of Cisco SD-AVC.
CVE-2022-20920 The vulnerability in SSH could allow an attacker to cause an affected device to reload.
CVE-2022-20864 ROMMON has a vulnerability that could allow an attacker to recover the configuration or reset the enable password.
CVE-2022-20944 Vulnerability in Cisco IOS XE Software image verification could allow unauthenticated, physical attacker to execute unsigned code at system boot time.
CVE-2022-40257 An HTML injection vulnerability exists in CERT/CC VINCE software prior to 1.50.4
CVE-2021-44171 In previous versions, special elements used in the os command could be manipulated to subvert the os command. This issue was fixed in the latest releases.
CVE-2022-26121 Vulnerability in FortiAnalyzer and FortiManager GUI 7.0.0 - 7.0.3, 6.4.0 - 6.4.8, 6.2.0 - 6.2.9, 6.0.0 - 6.0.11, 5.6.0 - 5.6.11 may allow an unauthenticated and remote attack.
CVE-2022-42725 The Warpinator through 1.2.14 allows access outside of an intended directory by using symbolic links.
CVE-2022-42011 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42012 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42010 D-Bus before 1.12.24, 1.13.x and 1.14.4, and 1.15.x before 1.15.2 has an issue.
CVE-2022-42703 The mm/rmap.c in the Linux kernel before 5.19.7 has a use-after-free related to leaf anon_vma double reuse.
CVE-2022-3435 An issue has been found in the Linux Kernel's IPV4 handler that involves an out-of-bounds read.
CVE-2022-39281 Fat Free CRM's older versions had an authenticated user's remote Denial of Service attack via bucket access.
CVE-2022-41442 Cross-site scripting vulnerability in the setting controller in Uploader v2.6.3.
CVE-2022-31680 The vCenter Server has an unsafe deserialization vulnerability in the PSC.
CVE-2022-31681 VMware ESXi contains a null-pointer deference vulnerability
CVE-2022-39290 Zoneminder is a free, open source Closed-circuit television software application. In affected versions, users can bypass CSRF keys by modifying the request.
CVE-2022-39285 The file parameter is vulnerable to a XSS vulnerability by backing out of the current "tr" and "td" brackets.
CVE-2022-41574 An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows attackers to prevent backups from happening and send emails with arbitrary text content to the configured installation-administrator contact address.
CVE-2022-3275 Injecting malicious code in the puppetlabs-apt module before version 9.0.0 is possible if the actor is able to provide unsanitized input.
CVE-2022-3276 In earlier versions of the puppetlabs-mysql module, injection attacks are possible if malicious actors provide unsanitized input.
CVE-2022-26452 In ISP, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges.
CVE-2022-36634 An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to create admin users.
CVE-2022-32589 Wi-Fi driver has a hidden bug that could lead to DoS with no user interaction needed.
CVE-2022-32592 dvfs in cpu could write out of bounds, which could lead to local escalation of privilege with System privileges needed. User interaction is not needed for exploitation.
CVE-2022-26473 In vdec fmt, there is a use after free due to improper locking. This could lead to local escalation of privileges with System execution privileges.
CVE-2022-37896 An exploit could allow a remote attacker to conduct a XSS attack on users of the interface.
CVE-2022-37894 An DoS vulnerability exists in Aruba's handling of certain SSID strings.
CVE-2022-37895 An DoS vulnerability exists in Aruba's handling of certain SSID strings.
CVE-2022-41377 The App v1.0 was found to have a SQL injection vulnerability via the id parameter.
CVE-2022-42075 Wedding Planner v1.0 is vulnerable to has arbitrary code execution.
CVE-2022-41414 The default in Liferay Portal v7.0.0 through v7.4.2 is insecure, allowing attackers to enumerate usernames, site names, and pages.
CVE-2021-40165 Malicious TIFF, PICT, TGA, or RLC files may be used to write beyond the allocated buffer.
CVE-2022-37892 An vulnerability in Aruba InstantOS and ArubaOS 10 could allow an unauthenticated attacker to conduct a XSS attack.
CVE-2021-40162 Malicious TIF, PICT, TGA, or RLC files in the Autodesk Image Processing component may be read beyond allocated boundaries.
CVE-2022-37890 Buffer overflows in the Aruba InstantOS and ArubaOS 10 web management interface.
CVE-2021-40163 An attack can exploit DLL memory corruption to execute arbitrary code.
CVE-2022-37889 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-37891 Buffer overflows in the Aruba InstantOS and ArubaOS 10 web management interface.
CVE-2021-40166 Malicious Png files may be used to attempt to free an already freed object.
CVE-2022-37886 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2022-37885 Vulnerabilities in Aruba AP management protocols could lead to code execution. The PAPI UDP port is used for the attack.
CVE-2020-15855 Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
CVE-2022-36772 In IBM InfoSphere Information Server 11.7, users with admin/privileged access could access sensitive information.
CVE-2022-22493 IBM WebSphere Automation for Cloud Pak is vulnerable to cross-site request forgery due to improper cookie attribute setting.
CVE-2022-30613 IBM QRadar SIEM 7.4 and 7.5 could leak sensitive information via a local service to a privileged user.
CVE-2022-41291 IBM InfoSphere Information Server 11.7 doesn't invalidate sessions after logout which could allow an authenticated user to impersonate another user.
CVE-2022-22480 IBM QRadar SIEM 7.4 and 7.5 data node rebalancing doesn't work correctly with encrypted hosts, which could lead to information disclosure.
CVE-2022-39868 In GedSamsungAccount.kt SmartThings prior to version 22.214.171.124, attackers can access sensitive information via implicit broadcast.
CVE-2022-39870 An improper access control vulnerability in the cloud Notification Manager of SmartThings v126.96.36.199 allows attackers to access sensitive information.
CVE-2022-39867 In SmartThings 188.8.131.52, attackers can access sensitive information via a SHOW_PERSISTENT_BANNER broadcast.
CVE-2022-39851 The CocktailBarService has an improper access control vulnerability that allows a local attacker to bind a service that requires the BIND_REMOTEVIEWS permission.
CVE-2022-39865 In prior versions of SmartThings, attackers can access sensitive information via implicit broadcasts.
CVE-2022-39875 Samsung Account has an improper component protection vulnerability that allows attackers to logout.
CVE-2022-39859 UPHelper library before 3.0.12 has an implicit intent hijacking vulnerability. An attacker can access sensitive information.
CVE-2022-39852 The heap-based overflow in libagifencoder.quram in SMR Oct-2022 Release 1 allows attacker to execute code.
CVE-2022-39848 In AT_Distributor prior to SMR Oct-2022 Release 1, exposure of sensitive information allows local attacker to access SerialNo.
CVE-2022-39849 Knox VPN policy service had improper access control, which allowed unauthorized read of configuration data.
CVE-2022-39854 IOMMU before SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
CVE-2022-39877 An access control vulnerability in Group Sharing prior to version 184.108.40.206 allows attackers to identify the device.
CVE-2022-39873 In Samsung Internet prior to version 220.127.116.11, improper authorization vulnerability allows attackers to add bookmarks in secret mode.
CVE-2022-39850 In mom_container_policy service, improper access control allows unauthorized read of configuration data.
CVE-2022-39856 - Exploiting Improper Access Control in the IMSService Application Prior to SMR Oct-2022 Release 1 To Obtain Call Information by Local Attackers
CVE-2022-3423 Denial of Service in GitHub repository nocodb/nocodb prior to 0.92.0.
CVE-2022-3422 Account Takeover :: when see the info i can see the hash pass i can creaked it
CVE-2022-40872 An SQL injection issue was found in Sourcecodester Simple E-Learning System 1.0. in /vcs/classRoom.php?classCode=.