CVE-2024-46791: Fixing Deadlock in Linux Kernel's MCP251x Open Function
CVE-2024-46795 - Linux Kernel Vulnerability Resolved: Unset the binding mark of a reused connection in ksmbd
CVE-2024-6685 - GitLab Group Runners Information Disclosure Vulnerability Affecting Multiple Versions
CVE-2024-46691: Linux Kernel USB Type-C Vulnerability Resolved
CVE-2023-46809: Node.js Versions Vulnerable to Marvin Attack via Unpatched OpenSSL and PKCS #1 v1.5 Padding in RSA Decryption
CVE-2024-44995 - Linux Kernel Vulnerability in net: hns3 Fixed, Avoiding Deadlock When Configuring TC During Reset
CVE-2024-44989 - Resolving Vulnerability in Linux Kernel Bonding: Fix xfrm Real_dev Null pointer Dereference
CVE-2024-45000: Linux Kernel fs/netfs/fscache_cookie NULL Pointer Dereference Vulnerability Resolved
CVE-2024-44981 - Resolving 'subtraction overflow' error in shift_and_mask() function of Linux kernel workqueue
CVE-2024-6119 - Certificate Name Check Denial of Service Vulnerability in Applications
CVE-2024-44946: Resolving a Linux Kernel Vulnerability with kcm_sendmsg() Serialization
CVE-2024-41879: Critical Out-of-bounds Write Vulnerability in Acrobat Reader Versions 127..2651.105 and Earlier, Potentially Resulting in Arbitrary Code Execution
CVE-2024-44935 - Linux kernel vulnerability resolved: sctp null-ptr-deref in reuseport_add_sock()
CVE-2024-43907: Fixing Null Pointer Dereference in Linux Kernel drm/amdgpu/pm
CVE-2024-44933: Linux Kernel Security Patch Addresses Memory Out-of-Bounds Vulnerability in bnxt_en Module
CVE-2024-43905 - Linux Kernel Security Patch: Resolving a Vulnerability in drm/amd/pm Module for Vega10_hwmgr
CVE-2024-7305: Unveiling the Out-of-Bounds Write Vulnerability in Autodesk AutoCAD due to Maliciously Crafted DWF File
CVE-2024-7592: Unraveling the Low Severity CPython http.cookies' Module Vulnerability and Its Exploit
CVE-2024-42269 - Linux Kernel Vulnerability Fixed in netfilter:iptables, Preventing Null Pointer Dereference in ip6table_nat_table_init()
CVE-2024-42270 - Linux Kernel netfilter iptables Null Pointer Dereference Vulnerability Fixed
CVE-2024-42268 - Linux Kernel Vulnerability Resolved: net/mlx5 Missing Lock on Sync Reset Reload
CVE-2023-52889 - Linux Kernel AppArmor NULL Pointer Dereference Vulnerability Resolved
CVE-2024-6384 - MongoDB Enterprise Vulnerability: Underprivileged Users Downloading "Hot" Backup Files
CVE-2024-42479 - The Critical Vulnerability in llama.cpp, Explained, and Fixed in b3561
CVE-2024-7610 - GitLab CE/EE Denial of Service (DoS) Vulnerability via Elasticsearch Result Parsing
CVE-2024-42245: Linux Kernel Vulnerability Involving Sched/Fair Reverted to Prevent System Lockups
CVE-2024-42243 Linux Kernel Vulnerability: mm/filemap: Make MAX_PAGECACHE_ORDER Acceptable to XArray
CVE-2024-7264: Exploring the Vulnerability in libcurl's ASN1 Parser Code and its Impact on Applications
CVE-2024-42231: Linux Kernel Btrfs Zone Mode Vulnerability Resolved
CVE-2024-42226 - Preventing Potential Failure in the Linux Kernel's USB XHCI Handle_tx_event() for Transfer Events Without TRB
CVE-2024-42223: Linux Kernel Media DVB-Frontends TDA10048 Integer Overflow Fix
CVE-2024-42083: Fixing Kernel Panic in the Linux Kernel due to Multi-Buffer Handling in ionic_run_xdp()
CVE-2024-42080: Resolving RDMA/restrack Vulnerability in the Linux Kernel to Prevent Invalid Address Access
CVE-2024-40897: Stack-based Buffer Overflow Vulnerability in ORC Versions Prior to .4.39
CVE-2024-6327: Exploring the Insecure Deserialization Vulnerability in In Progress Telerik Report Server and Remote Code Execution
CVE-2024-41836: NULL Pointer Dereference Vulnerability in InDesign Desktop - Explained with Exploit Details and Remediations
CVE-2024-41010: Linux Kernel Vulnerability in bpf Resolved - Fix for Too Early Release of tcx_entry
CVE-2024-6595: Critical vulnerability in GitLab allows NPM package conflict, patch now available
CVE-2022-48840: Linux Kernel iavf Hang during Reboot/Shutdown Fixed
CVE-2022-48842: Linux Kernel ice Vulnerability Fixed - Race Condition during Interface Enslave
CVE-2022-48841 - Linux Kernel NULL Pointer Dereference Vulnerability Resolution in ice_update_vsi_tx_ring_stats()
CVE-2022-48828 - Linux Kernel NFSd ia_size Underflow Vulnerability Analysis and Fix
CVE-2024-23794: Privilege Escalation Vulnerability in OTRS Inline Editing Functionality
CVE-2024-40960 - Linux Kernel IPv6 NULL Dereference Vulnerability Resolved
CVE-2024-31317 - Local Privilege Escalation in ZygoteProcess.java due to WRITE_SECURE_SETTINGS & Unsafe Deserialization
CVE-2024-3651: Quadratic Complexity Vulnerability in kjd/idna Library idna.encode() Function
CVE-2024-39477: Linux Kernel Vulnerability Resolved - mm/hugetlb: Do Not Call vma_add_reservation Upon ENOMEM
CVE-2024-39474 - Linux Kernel Vulnerability in vmalloc Fixed (mm/vmalloc)
CVE-2024-39473 - ASoC: SOF: ipc4-topology: Fixing Input Format Query of Process Modules without Base Extension in the Linux Kernel
CVE-2024-39483: KVM: SVM: Resolved Vulnerability Warns on vNMI + NMI Window if NMIs are Outright Masked
CVE-2024-39484: Linux Kernel Vulnerability Resolved in MMC Driver
CVE-2024-29510 - Memory corruption and SAFER sandbox bypass in Artifex Ghostscript prior to 10.03.1 via format string injection with uniprint device
CVE-2024-6323 - Unauthorized Access to Private Repository Content via Global Search in GitLab EE
CVE-2024-38629: Fixing Linux Kernel Vulnerability in dmaengine: idxd Module By Avoiding Unnecessary Destruction of file_ida
CVE-2024-36978 - Linux Kernel Vulnerability in net: sched: sch_multiq: Resolved through OOB Write Fix in multiq_tune()
CVE-2024-37891 - Unintended Exposure of Proxy-Authorization Header in urllib3 for Python
CVE-2024-32896 - Exploiting a Logic Error to Bypass Security Measures and Achieve Local Escalation of Privilege
CVE-2024-5688: Garbage Collection Timing leads to Use-After-Free Exploit in Firefox and Thunderbird
CVE-2024-22298 - Missing Authorization Vulnerability in TMS Amelia ameliabooking version 1..98
CVE-2024-32503 - Critical UAF Vulnerability Discovered in Samsung Mobile and Wearable Processors: Exynos 850, Exynos 108, Exynos 210, Exynos 128, Exynos 138, Exynos 133, Exynos W920, Exynos W930
CVE-2024-33655: Exploring the "DNSBomb" Issue in DNS Protocol and Guidelines to Prevent Traffic Amplification
CVE-2024-35428 - ZKTeco ZKBio CVSecurity 6.1.1 Vulnerable to Directory Traversal via BaseMediaFile, Leading to DoS Conditions
CVE-2024-36938: Mitigation of NULL Pointer Dereference Vulnerability in Linux Kernel's sk_psock_skb_ingress_enqueue
CVE-2024-36925 - Linux Kernel Vulnerability Resolved: SWIOTLB Initialisation for Restricted Pool when SWIOTLB_DYNAMIC=y
CVE-2024-36926: Resolving LPAR Panics During Boot Up with a Frozen PE in the Linux Kernel
CVE-2024-36904 - Linux Kernel Use-After-Free Vulnerability in tcp_twsk_unique()
CVE-2024-35333: Uncovering a Stack-Buffer-Overflow Vulnerability in html2xhtml 1.3's read_charset_decl Function
CVE-2024-35311: Yubico YubiKey 5, Security Key, YubiKey Bio, and YubiKey 5 FIPS Incorrect Access Control Vulnerability
CVE-2024-34161 - NGINX HTTP/3 QUIC Module Memory Leak Vulnerability - How to Detect and Mitigate It
CVE-2024-36426 - TARGIT Decision Suite Securing Session Token Vulnerability in Versions Prior to Autumn 2023 Update
CVE-2024-22588: Kwik Commit 745fd4e2 Fails to Discard Unused Encryption Keys – A Crucial Security Weakness
CVE-2021-47549 - Resolving sata_fsl UAF Vulnerability in Linux Kernel
CVE-2024-31843 - Command Injection Vulnerability in Italtel Embrace 1.6.4 and Exploit Details
CVE-2024-5143: Exploiting Device Administrative Privileges to Reveal Sensitive SMTP Server Credentials
CVE-2024-4978: Justice AV Solutions Viewer Setup 8.3.7.250-1 Vulnerability to Malicious Binary Execution and Authenticode Signature Exploitation
CVE-2024-29851 - Veeam Backup Enterprise Manager: High-privileged User's Theft of NTLM Hash of Enterprise Manager Service Account
CVE-2024-29852: Unauthorized Access to Backup Session Logs in Veeam Backup Enterprise Manager
CVE-2021-47449: Resolving Linux Kernel Vulnerability in Ice Tx Timestamp Tracking Flush
CVE-2024-34274: Deserialization of Untrusted Data Vulnerability Found in OpenBD 20210306203917-6cbe797
CVE-2023-52773: Fixing Linux Kernel Vulnerability - NULL Pointer Dereference in AMDGPU DM I2C XFER
CVE-2023-52752: Linux Kernel SMB Client Use-After-Free Vulnerability Fixed
CVE-2024-36004: Linux Kernel Vulnerability in i40e Workqueue Flags Resolved
CVE-2024-35982 - Resolving the batman-adv Infinite Loop Vulnerability in Linux Kernel
CVE-2024-36053 - Vulnerability in Mintupload Package (Service-Name Mishandling) Leading to Command Injection Exploits in Linux Mint
CVE-2024-35944 - Linux Kernel Vulnerability Resolved: VMCI Fix for memcpy() Run-Time Warning in dg_dispatch_as_host()
CVE-2024-35855: Linux Kernel Vulnerability Resolved in mlxsw Spectrum ACL TCAM Activity Update
CVE-2024-35844 - Linux Kernel Vulnerability in f2fs: Compress - Reserve_cblocks Counting Error When Out of Space Fixed
CVE-2023-45733 - An In-Depth Look into a Race Condition Vulnerability in Intel(R) Processors: A Partial Information Disclosure Threat
CVE-2024-3727 Vulnerability: A Comprehensive Guide on GitHub Repository Exploit and Addressing the Security Flaw in Containers Image Library
CVE-2024-35204: Veritas System Recovery Vulnerability - Incorrect Permissions Allow for Low-Privilege User Attacks
CVE-2024-29157: Exploring a Heap Buffer Overflow Vulnerability in HDF5 and How to Exploit It
CVE-2024-27401 - Addressing Linux Kernel Vulnerability in the Firewire Nosy: Ensuring Safe Packet Content Fetching with User_length
CVE-2024-27397 - Netfilter nf_tables Vulnerability Resolved Using Timestamp to Check Set Element Timeout in Linux Kernel
CVE-2024-4436: Incomplete Fix for etcd Package in Red Hat OpenStack Platform - How to Identify and Mitigate the Vulnerability
CVE-2024-33601: NSCD Netgroup Cache Memory Allocation Failure leading to Denial of Service
CVE-2024-34069: Werkzeug Debugger's Security Vulnerability Allows Code Execution on Developer's Machine
CVE-2023-44429: GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability - Critical Impact and Potential Exploit Paths
CVE-2023-49606 - Use-After-Free Vulnerability in Tinyproxy: Exploit Analysis and Mitigation
CVE-2024-27080: Linux Kernel Vulnerability in btrfs Fixed: Delalloc Ranges Detection Race Issue
CVE-2024-27389 - Linux Kernel Vulnerability: Resolving 'pstore: inode: Only d_invalidate() is needed'
CVE-2024-27079: Linux Kernel IOMMU/vt-d Vulnerability Fixed - NULL Domain on Device Release
CVE-2024-27392: Fixing Double-Free Vulnerability in Linux Kernel's NVMe Host
CVE-2024-27051: Understanding the Linux Kernel Patch "cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value"
CVE-2024-27063: Resolving Linux Kernel Vulnerability in leds: trigger: netdev
CVE-2024-27043 - Critical Use-After-Free Vulnerability Resolved in Linux Kernel Media Subsystem
CVE-2024-27038: Linux Kernel Vulnerability Resolved - clk: Fix clk_core_get NULL Dereference
CVE-2024-27030: Resolved Vulnerability in Linux Kernel with Separate Handlers for OcteonTX2-AF Interrupts
CVE-2024-27034: Resolved f2fs Kernel Vulnerability in Linux - Protecting Data Integrity in Compressed Clusters
CVE-2024-27031: Linux Kernel NFS Vulnerability Fixed - Deadlock Issue Resolved in nfs_netfs_issue_read() xarray Locking
CVE-2024-27048: Addressing the Linux Kernel Vulnerability in the brcm80211 Driver (Wi-Fi)
CVE-2024-27035: F2FS Compression Vulnerability in Linux Kernel Fixed by Ensuring Persistence of Compressed Blocks During Checkpoint
CVE-2024-27029: Getting to Know the Fixed Linux Kernel Vulnerability - drm/amdgpu: fix mmhub client id out-of-bounds access
CVE-2024-27027: Linux Kernel DPLL Vulnerability Resolved - dpll: fix dpll_xa_ref_*_del() for Multiple Registrations
CVE-2024-27014 - Preventing deadlock in Linux kernel while disabling aRFS (Address Resolution Features)
CVE-2024-27021: Resolving Linux r8169 driver's LED-related deadlock on module removal
CVE-2024-27013 - Limit Printing Rate in Linux Kernel Tun Device to Mitigate Soft Lockup Vulnerability
CVE-2024-27012 - Linux Kernel Vulnerability Resolved: Netfilter-nf_tables-Restore Set Elements When Delete Set Fails
CVE-2024-27004: Linux Kernel Vulnerability in clk Resolved
CVE-2024-27002: Linux Kernel Vulnerability in Mediatek Clock Controller Probing Resolved
CVE-2024-26995 - Critical Off-By-One Vulnerability in the Linux Kernel USB Type-C Power Delivery Manager Resolved
CVE-2024-26989: Linux kernel arm64 hibernate vulnerability - Fix level 3 translation fault in swsusp_save()
CVE-2024-26992 – Linux Kernel Adaptive PEBS Vulnerability Fixed; Full Breakdown and Analysis
CVE-2024-26981 - An overview of nilfs2 OOB Vulnerability Fix in Linux Kernel
CVE-2024-26984 - Linux Kernel Vulnerability in Nouveau Fixed: Race Condition Around Pointer Stores
CVE-2024-26978: Linux Kernel Vulnerability Resolved in Serial MAX310x Driver to Prevent NULL Pointer Dereference
CVE-2024-26974: Resolving Race Condition Vulnerability in Linux Kernel's Crypto: QAT during AER Recovery
CVE-2024-26969: Linux Kernel Vulnerability in clk: qcom: gcc-ipq8074 Frequency Table Arrays Fixed
CVE-2024-26970: Linux Kernel Vulnerability Resolved in clk: qcom: gcc-ipq6018 Frequency Table Arrays
CVE-2024-26971: Linux Kernel Vulnerability Fixed in clk: qcom: gcc-ipq5018 Frequency Table Arrays
CVE-2024-26966: Fixing the Vulnerability in Linux Kernel's Frequency Table Arrays
CVE-2024-26961: Linux Kernel mac802154 LLSEC Key Resources Release Vulnerability
CVE-2024-26958: Linux Kernel NFS Vulnerability - Fixing UAF in Direct Writes
CVE-2024-26955 - Linux Kernel Vulnerability Resolved: nilfs2 Prevents Kernel Bug at submit_bh_wbc()
CVE-2024-26956 - Fixing Linux Kernel Vulnerability in nilfs2: Detecting DAT Corruption in btree and Direct Mappings
CVE-2024-26951: Linux Kernel Vulnerability in WireGuard Netlink Resolved
CVE-2024-26953 - Linux Kernel 'net: esp' Vulnerability Fix: Bad Handling of Pages from page_pool
CVE-2024-26950: WireGuard Netlink Vulnerability Resolved in Linux Kernel with Improved Performance and Security
CVE-2024-26947: ARM Flushing Page Tables Vulnerability in Linux Kernel
CVE-2024-26946: Linux Kernel Vulnerability in Kprobes/x86 Resolved - Preventing Kernel Panic, and Ensuring System Stability
CVE-2024-26949 - A Detailed Look at the Linux Kernel Vulnerability Fix, 'drm/amdgpu/pm: Fix NULL pointer dereference when get power limit'
CVE-2024-26939: Linux kernel DRM/i915 VMA Fix UAF on destroy against retire race vulnerability
CVE-2024-26940 - Linux Kernel drm/vmwgfx Vulnerability Resolved with Debugfs TTM_RESOURCE_MANAGER Entry Condition
CVE-2024-26941: Linux Kernel DRM/DP Vulnerability Fixed - Divide By Zero Regression on DP MST Unplug with Nouveau
CVE-2024-26931: Linux Kernel Vulnerability - SCSI Command Flush on Cable Pull Fixed
CVE-2024-26929 - Linux Kernel Vulnerability Resolved: SCSI qla2xxx Double Free of fcport
CVE-2024-33899 - RARLAB WinRAR Security Vulnerability on Linux and UNIX Platforms
CVE-2024-26926: Offset Alignment Check Added to binder_get_object() in Linux Kernel to Prevent Data Leakage
Linux Kernel Vulnerability CVE-2024-26924: Avoiding Crashes with netfilter's nft_set_pipapo
CVE-2024-26922 - A Comprehensive Look at the Linux Kernel Vulnerability Resolution in drm/amdgpu and How to Analyze the Code Snippets
CVE-2024-2961: A Deep Dive into the Potential Buffer Overflow in Glibc's iconv() Function
CVE-2024-26891: Linux kernel vulnerability due to ATS Invalidation request when device is disconnected
CVE-2024-26892 - Resolving Use-After-Free Vulnerability in Linux Kernel's wifi mt76 Module
CVE-2024-26898 - Resolving Use-After-Free Vulnerability (CVE-2023-627) in the Linux Kernel AoE Driver
CVE-2024-26862 - Data Race Vulnerability in Linux Kernel Packet Handling Resolved
CVE-2024-26865: Linux Kernel Vulnerability Fixed in rds_tcp Module
CVE-2024-26870: Linux kernel vulnerability in NFSv4.2 resolved - Fixing the nfs4_listxattr kernel BUG
CVE-2024-26877: Linux Kernel Crypto Xilinx Vulnerability Resolved with BH Disabled
CVE-2024-26876: Linux Kernel Vulnerability Patched: drm/bridge: adv7511: fixes crash on irq during probe
CVE-2024-26879: Resolved Vulnerability in the Linux Kernel - Missing Clocks in axg_clk_regmaps
CVE-2023-52644: Linux Kernel Vulnerability in DMA Tx Path Resolved When QoS is Disabled
CVE-2024-26859 - Resolving Linux Kernel Vulnerability in net/bnx2x: Preventing Access to a Freed Page in Page_Pool and Fixing Race Condition during EEH Error Handling
CVE-2024-2243 - Critical Vulnerability in CSMock Allowing Unauthorized Access to Confidential Snyk Authentication Tokens and Arbitrary Command Execution on OSH Workers
CVE-2024-3093 - A Deep Dive into Understanding and Exploiting the Vulnerability of a ROT-13 Implementation
CVE-2024-29740 - Exploiting a Local Privilege Escalation Vulnerability in tmu_set_table of tmu.c
CVE-2024-26809 - Linux Kernel netfilter Vulnerability: nft_set_pipapo Double Release Fixed
CVE-2024-26656 - Linux Kernel drm/amdgpu Vulnerability Resolved: Fixing Use-After-Free Bug
CVE-2024-26654 - Fixing a Use-After-Free Bug in the Linux Kernel's ALSA Subsystem with Proper Cleanup Reordering
CVE-2024-30203 - Untrusted Inline MIME Contents in Emacs Gnus before 29.3: Exploiting the Vulnerability
CVE-2024-29943: Out-of-Bounds Read/Write Exploit on a JavaScript Object in Firefox < 124..1
CVE-2023-52620: Addressing Netfilter Vulnerability - nf_tables Timeout for Anonymous Sets in Linux Kernel
CVE-2024-2614 - Memory Safety Bugs in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8: A Deep Dive into the Vulnerability and How to Exploit It
CVE-2024-2609: Permission Prompt Input Delay Vulnerability in Firefox, Firefox ESR, and Thunderbird, Leading to Clickjacking Exploits
CVE-2024-26617 - Linux Kernel Vulnerability Resolved: Task MMU Notification Mechanism Moved Inside MM Lock
CVE-2024-26611: Linux kernel vulnerability resolved in xsk with fix for usage of multi-buffer BPF helpers for ZC XDP
CVE-2024-26616 - Avoiding Use-After-Free in Btrfs Scrub When Chunk Length Is Not 64K Aligned
CVE-2024-26613 - Understanding the Rejected Vulnerability and Why It Matters
CVE-2024-26615: Linux Kernel Vulnerability Resolved - net/smc: Fix Illegal rmb_desc Access in SMC-D Connection Dump
CVE-2024-26620: Linux Kernel S390/VFIO-AP Vulnerability Resolved with Complete AP Matrix Filtering
CVE-2024-26608: Linux Kernel ksmbd_nl_policy Global Out-Of-Bounds Read Fixed with Placeholder
CVE-2023-52498 - Resolving Deadlocks in Linux Kernel: PM Sleep
CVE-2023-52493 - Linux Kernel Vulnerability Resolved: Bus MHI Host Drops Chan Lock Before Queuing Buffers
CVE-2023-52486: Linux Kernel Vulnerability Resolved in drm_mode_page_flip_ioctl()
CVE-2023-52487: A Deep Look into the Resolved Linux Kernel Vulnerability - net/mlx5e Peer Flow Lists Handling
CVE-2023-52496: Understanding the Rejected Vulnerability and Its Implications
CVE-2024-26624: Unravelling the Mystery of the Withdrawn Vulnerability
CVE-2024-26625: Linux Kernel Vulnerability - LLC Socket Use-After-Free Fixed
CVE-2023-52603: Linux Kernel Vulnerability Resolved - UBSAN Array-Index-Out-Of-Bounds in dtSplitRoot
CVE-2023-52583: Resolving Vulnerability in Linux Kernel - Ceph: Fix Deadlock or Deadcode of Misusing dget()
CVE-2021-47079 - Resolved Vulnerability in the Linux Kernel: Fixing a NULL Pointer Dereference in the Platform/x86 Ideapad-Laptop
CVE-2021-47072: Linux Kernel Vulnerability Resolved in Btrfs - Removed Dentries Still Existing After Log is Synced
CVE-2021-47081: Linux Kernel Vulnerability - habanalabs/gaudi: Fixing Potential Use-After-Free in gaudi_memset_device_memory
CVE-2021-47069: Linux Kernel Vulnerability Resolved in ipc/mqueue, msg, sem - Avoiding Reliance on an Expired Stack Reference
CVE-2023-52497: EROFS-Inplace LZ4 Decompression Issue Fixed in Linux kernel
CVE-2021-47068 - Linux Kernel net/nfc Vulnerability Resolved: How to Address the Use-after-free Issue in llcp_sock_bind/connect
CVE-2021-47055 - Linux Kernel mtd Vulnerability: Require Write Permissions for Locking and Badblock ioctls
CVE-2021-47060 - Resolving Linux Kernel Vulnerability: KVM Stops Looking for Coalesced MMIO Zones If Bus Destroyed
CVE-2021-46959: Resolving Use-After-Free Vulnerability in Linux Kernel (spi)
CVE-2023-52476: Linux Kernel Vulnerability - Resolving 'perf/x86/lbr: Filter vsyscall addresses'
"CVE-2024-25262: Critical Heap Buffer Overflow Found in Texlive-Bin: Exploit Details, Fixes, and Prevention Measures"
CVE-2024-26559: Uncovering Sensitive Information Through uverif v.2. Vulnerability
CVE-2021-47047: Linux Kernel Vulnerability Fixed in SPI Controller
CVE-2021-47049: Linux Kernel Vulnerability Resolved – Use After Free in __vmbus_open()
CVE-2021-47043 - Linux Kernel's Media Venus Core Resource Leaks and Fixes involving 'venus_probe()'
CVE-2021-47051 - Fixing PM Reference Leak in the Linux Kernel (spi: fsl-lpspi)
CVE-2021-47040: Official Resolution of Linux Kernel Vulnerability in io_uring
CVE-2021-47025: Linux Kernel Vulnerability Resolved in IOMMU/Mediatek
CVE-2021-47033: Unraveling the mt76: mt7615 Vulnerability in the Linux Kernel and its Fix
CVE-2021-47019 - mt76: mt7921: Fixing Possible Invalid Register Access in the Linux Kernel
CVE-2021-47032: A Fix for the Linux Kernel Vulnerability in mt76: mt7915 that Leaks DMA Mapping Entries
CVE-2021-46998 - Linux Kernel Ethernet Vulnerability Fixed: Use After Free Bug in Ethernet Driver Resolved
CVE-2021-47003 - Linux Kernel Vulnerability: Fixing Null Dereference in dmaengine: idxd
CVE-2021-46999 - Resolving Panic Vulnerability in Linux Kernel SCTP Module
CVE-2021-47006 - Resolved Linux Kernel Vulnerability in ARM Hardware Breakpoint Handler
CVE-2021-46987: Fixing Deadlock in Linux Kernel when Cloning Inline Extents and Using Qgroups
CVE-2021-46989: Linux Kernel HFS+ Vulnerability - Preventing Corruption in Shrinking Truncate
CVE-2021-46978: Understanding the Linux Kernel Vulnerability and Its Resolution in KVM Nested Virtualization
CVE-2021-46992: Resolving Vulnerability in Linux Kernel Netfilter nftables
CVE-2021-46995: Linux Kernel Vulnerability Resolved in can: mcp251xfd: mcp251xfd_probe(): Fixing an Error Pointer Dereference in Probe
CVE-2020-36785 - Addressing the Linux Kernel Vulnerability: Use After Free Exploit in AtomISP Alloc_CSS_STAT_BUFs()
CVE-2021-46964 - Linux Kernel Vulnerability: SCSI "qla2xxx" Driver Crashes
CVE-2021-46961 - Linux Kernel Vulnerability: Handling Spurious Interrupts Fixed in irqchip/gic-v3
CVE-2021-46956 - Critical Memory Leak Issue Fixed in the Linux Kernel’s virtiofs: virtio_fs_probe()
CVE-2024-25398 - Srelay v.4.8p3 Denial of Service Vulnerability
CVE-2024-25711: Diffoscope Directory Traversal Vulnerability via Embedded Filenames in GPG Files
CVE-2024-27356 - Critical File Download Vulnerability Found in GL-iNet Devices: What You Need to Know
CVE-2024-22543: Privilege Escalation Vulnerability Impacting Linksys Router E170 1..04 (build 3)
CVE-2019-25161 - Understanding the Rejected Vulnerability and Its Implications
CVE-2024-27456 - Critical Permission Flaw in rack-cors 2..1 Could Allow Unauthorized Access
CVE-2024-27447: Understanding the Vulnerability and Exploit in Pretix before 2024.1.1
CVE-2022-34357 - Denial of service vulnerability in IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12..
CVE-2024-21502 - Fastecdsa Package Vulnerability (Use of Uninitialized Variable) in Versions Prior to 2.3.2
CVE-2024-25730: Hitron CODA Modems Vulnerable to Insufficient PSK Entropy Exposing Millions of Devices
CVE-2021-33162 - Local Privilege Escalation in Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability Firmware
CVE-2021-33153: In-Depth Analysis of a Vulnerable JavaScript Library and its Exploitation
CVE-2021-33146: Information Disclosure via Network Access in Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability Firmware
CVE-2021-33143: Discovering the Vulnerability, Analyzing the Exploit, and Understanding the Solution
CVE-2021-33151: Understanding the Vulnerability, Exploring its Exploits, and Discussing its Mitigations
CVE-2021-33158 - Privilege Escalation via Local Access in Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability Firmware
CVE-2021-33112: Uncovering the Security Flaw, Its Exploit, and the Importance of Patching Your Vulnerabilities
CVE-2021-33072: A Deep Dive into the Critical Vulnerability and Exploit Details
CVE-2021-33121 - Unveiling the Intricacies of a Significant Vulnerability and How Exploiters Might Take Advantage
CVE-2024-25748 - Critical Stack-Based Buffer Overflow Vulnerability in Tenda AC9 AC9 v3.
CVE-2022-25377: Appwrite ACME-challenge Directory Traversal Vulnerability
CVE-2024-25385: Analyzing the Vulnerability in flvmeta v1.2.2 That Allows Attackers to Cause a Denial of Service Attack
CVE-2024-25851 - Explained: Netis WF278 v2.1.40144 Command Injection Vulnerability via config_sequence
CVE-2024-23127 - Heap-based Overflow Vulnerability in Autodesk Applications Using ODXSW_DLL.dll and libodxdll.dll
CVE-2024-25251 - Agro-School Management System 1. Incorrect Access Control Vulnerability
CVE-2023-49100 - Trusted Firmware-A (TF-A) Out-of-Bounds Read in SDEI Service and Its Implications
CVE-2023-52442 - Linux kernel ksmbd vulnerability (session id and tree id validation in compound request)
CVE-2023-42877 - Understanding the Vulnerability, Patch Details and Exploit Mitigation
CVE-2023-42860 - Permissions Issue Allowing Unauthorized File System Modification on macOS
CVE-2023-42835 - macOS Sonoma 14.1 Addresses Logic Issue Allowing Unauthorized Access to User Data
CVE-2023-52437 - A Deep Dive into the Withdrawn Vulnerability
CVE-2022-45320: Liferay Portal Vulnerability Allows Remote Authenticated Users to Gain Ownership of Wiki Pages
CVE-2023-52362: Critical Permission Management Vulnerability Found in Lock Screen Modules
CVE-2023-52387: Breaking Down the Resource Reuse Vulnerability in the GPU Module Affecting Service Confidentiality
CVE-2023-52097: Bypassing Foreground Service Restrictions in the NMS Module - Service Confidentiality At Risk!
CVE-2024-0020: Potential Information Disclosure via Confused Deputy in Android NotificationSoundPreference
CVE-2024-0041: Race Condition Vulnerability in removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, Leading to Local Escalation of Privilege
CVE-2024-0032: Exploiting Improper Input Validation in queryChildDocuments of FileSystemProvider.java for Directory Access and Local Privilege Escalation
CVE-2024-0034: Background Launch Process Controller Bug and BAL Bypass Exploit
CVE-2023-40113 - A Deep Dive into Cross-User Message Data Access Vulnerability and How to Mitigate It
CVE-2023-40115: Memory Corruption Vulnerability in readLogs of StatsService.cpp - Analysis, Exploits, and Prevention
CVE-2023-45286: Race Condition in Go-Resty Library Discloses HTTP Request Bodies Across Requests
CVE-2023-39325 - Mitigating Malicious HTTP/2 Client Attacks via Server Resource Consumption Limitation
CVE-2023-36922 - Unauthorized Command Injection in SAP NetWeaver ABAP (IS-OIL) due to Programming Error
CVE-2021-38561 The index calculation of golang.org/x/text before 0.3.7 is mishandled, causing an out-of-bounds read in BCP 47 tag parsing.
CVE-2021-44856 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
CVE-2022-41767 An issue was found in MediaWiki before 1.35.8, 1.36.x, 1.37.x, and 1.38.x before 1.38.3.
CVE-2022-37706 Enlightenment before 0.25.4 is setuid root and has a system library function that mishandles pathnames that begin with /dev.
CVE-2022-42898 MIT Kerberos 5 has an integer overflow that may lead to remote code execution on 32-bit platforms.
CVE-2022-45197 Slixmpp before 1.8.3 lacks SSL Certificate hostname validation, which allows an attacker to pose as any server.
CVE-2022-42931 The password was saved by the Form Manager, not the password manager.
CVE-2022-42932 Memory safety bugs were found in Thunderbird 102.3.
CVE-2022-36319 Overflow and transform can interfere with each other, resulting in unpredictable mouse behavior.
CVE-2022-22754 An extension could have auto-updated itself and bypassed the prompt which grants it requested permissions.
CVE-2022-29918 Mozillla developers reported memory safety bugs in Firefox 99.
CVE-2022-36317 An overly long URL can cause a Denial of Service. This only applies to Firefox for Android.
CVE-2022-42930 If two Workers initialize CacheStorage, a data race could happen in ThirdPartyUtil
CVE-2022-2226 An OpenPGP digital signature includes the date when the signature was created. When displaying an email with a digital signature, the email's date will be shown.
CVE-2022-22738 An application could access out of bounds memory and cause a heap buffer overflow. This could be exploited to crash the application.
CVE-2022-22741 Resizing a popup while requesting fullscreen access would make it impossible to leave fullscreen mode.
CVE-2022-22744 The "Copy as curl" feature in DevTools isn't properly escaped for PowerShell. This could lead to command injection in a powershell prompt. This bug affects only Thunderbird for Windows.
CVE-2022-29911 An improper implementation of code>allow-top-navigation-by-user-activation/code> could lead to script execution without code>allow-scripts/code> being present.
CVE-2022-22748 Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program or handling an external URL protocol.
CVE-2022-29909 Documents in deeply-nested cross-origin browsing contexts could have gained the top-level origin's permissions, bypassing the prompt and possibly inheriting the permissions.
CVE-2022-45421 Mozilla developers Andrew McCreight and Gabriele Svelto found memory safety bugs in Thunderbird 102.4.
CVE-2022-34472 If a PAC URL is set and the server hosting the PAC is not reachable, OCSP requests will be blocked, resulting in incorrect error pages.
CVE-2022-45404 An attacker can go fullscreen through popups and code>window.print()/code> calls. This can lead to user confusion or spoofing attacks.
CVE-2022-1529 An attacker could have sent a message to the parent process and used the contents to double-index into a JavaScript object, leading to attacker-controlled JavaScript executing in the privileged parent process.
CVE-2022-38477 Firefox 103 and ESR 102.1 have memory safety bugs.
CVE-2022-36320 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-28282 Using a link rel="localization"> could lead to a use-after-free and potential exploitable crash.
CVE-2022-2505 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-34482 An attacker could trick a user to drag and drop an image to a filesystem to get an executable filename, which could contain malicious code.
CVE-2022-34478 The ms-msdt, search, and search-ms protocols bring content from browsers to Microsoft applications, avoiding the browser.
CVE-2022-42929 A browser may shut down if a site calls code>window.print()/code>, which may persist beyond browser restart.
CVE-2022-2200 An attacker can corrupt an object prototype to set undesired attributes, which can lead to privileged code execution.
CVE-2022-34480 An allocated pointer would be freed if one allocation fails.
CVE-2022-3034 An code>iframe/code> was specified in an HTML email, but Thunderbird didn't load the document.
CVE-2022-3033 An HTML email containing a code>meta/code> tag with the code>http-equiv="refresh"> attribute can be used to launch a DNS request and refresh the page. This can be used to launch a phishing attack.
CVE-2022-3032 An code>iframe/code> element with a code>srcdoc/code> attribute could use remote objects inside the nested document, which were not blocked.
CVE-2022-31736 A malicious website could have learned the size of a cross-origin resource.
CVE-2022-36318 When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-31740 WASM code could cause a register allocation problem and exploitable crash on arm64.
CVE-2022-1802 An attacker could have corrupted the methods of an Array object to achieve execution of attacker-controlled code in a privileged context
CVE-2022-42928 An annotation missing in some allocated types could have lead to memory corruption and a crash.
CVE-2022-34479 A malicious website that shows a popup could take over the address bar and spoof users.
CVE-2022-42927 A same-origin policy violation could have allowed theft of cross-origin URL entries, leaking the result of a redirect.
CVE-2022-38472 XSLT error handling can be abused to associate attacker-controlled content with another origin. This could be used to fool the user into submitting data intended for the spoofed origin.
CVE-2022-38474 A website with microphone access could record audio without notification.
CVE-2022-0566 An attacker can write 1 byte outside of Thunderbird's bounds to exploit this vulnerability.
CVE-2022-28287 Text selection could cause text selection caching to behave incorrectly, causing a crash.
CVE-2022-3775 Grub2's font code doesn't validate if the glyph's width and height is in bitmap size.
CVE-2022-20691 The Cisco ATA 190 Series Adaptive Telephone Adapter has a vulnerability that could be exploited to cause a DoS condition.
CVE-2022-20687 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20689 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20686 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20690 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-33186 Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, and earlier versions have a vulnerability that could allow a remote unauthenticated attacker to execute commands on the switch that could disable the switch or modify Zoning.
CVE-2022-41622 BIG-IP and BIG-IQ are vulnerable to CSRF attacks through iControl SOAP.
CVE-2022-35256: Exploring the Vulnerability in Node v18.7.'s llhttp Parser and its Impact on HTTP Request Smuggling
CVE-2022-35260 - Curl Buffer Overflow in `.netrc` File Parsing Could Lead to Denial-of-Service
CVE-2022-4252 SourceCodester Canteen Management System has a vulnerability that is classified as problematic. The manipulation leads to cross site scripting.
CVE-2022-36431 An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code.
CVE-2022-44294 The Sanitization Management System v1.0 is vulnerable to SQL Injection.
CVE-2022-36136 The latest version of the ChurchCRM XSS vulnerabilities allow attackers to store XSS.
CVE-2022-36137 CRM version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS.
CVE-2022-41912 The crewjam/saml go library before version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9.
CVE-2022-39332 Nextcloud desktop sync client with desktop client application, attacker can inject HTML.
CVE-2022-41158 Vulnerable code can be created with cookie values as file paths.
CVE-2022-40282 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection
CVE-2022-45884 An issue was discovered in the Linux kernel through 6.0.9
CVE-2022-29825 An attacker can access sensitive information using an hard-coded password vulnerability in Mitsubishi Electric GX Works3 versions.
CVE-2022-44255 An overflow in the pre-authentication function of the TOTOLINK LR350 V9.3.5u.6369_B20220309 has been found.
CVE-2020-23591 An attacker can upload files through the " /mgm_dev_upgrade.asp " to delete all files for Denial of Service.
CVE-2022-44201 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44806 D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
CVE-2022-44187 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.
CVE-2022-2513 IEDs are stored in a cleartext form in Hitachi Energy's ConnPack, PCM600 versions below.
CVE-2022-41937 The XWiki Platform is a generic wiki platform that offers runtime services for applications built on it. The application allows anyone with view access to modify any page.
CVE-2022-41223 The Director database component of MiVoice Connect through 19.3 could be vulnerable to a code-injection attack.
CVE-2022-38097: Use-After-Free Vulnerability in Foxit Software's PDF Reader JavaScript Engine Puts Millions of Users at Risk
CVE-2022-45016 The XSS vulnerability in the WBCE CMS Search Settings module allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-4066 An issue was found in the function onion_response_flush of the file src/onion/response.c of the component Log Handler.
CVE-2022-4065 The cbeust testing tool has a critical vulnerability. The file testng-core/src/main/java/org/testng/JarFileUtils.java of the XML File Parser component has a vulnerability.
CVE-2022-31606 The NVIDIA GPU Display Driver has a vulnerability in the DxgkDdiEscape kernel mode handler that can allow an attacker with user capabilities to crash the system.
CVE-2022-31608 The NVIDIA GPU Display Driver has a vulnerability in D-Bus that a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, or escalation of privilege.
CVE-2022-42698 Unauth
CVE-2021-22141 An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16
CVE-2021-37936 Kibana wasn't sanitizing document fields containing HTML, which allowed attackers to write arbitrary HTML.
CVE-2022-45163 An information disclosure vulnerability exists on NXP devices configured in SDP mode i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, and i.M.
CVE-2021-33621 cgi gem before 0.1.0.2, 0.2.x, and 0.3.x allows HTTP response splitting.
CVE-2022-41888 TensorFlow is an open source platform for machine learning. When using GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that is not checked >
CVE-2022-41885 TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor, it overflows and is patched in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce.
CVE-2022-41884 TensorFlow is an open source machine learning platform that can raise an error if a numpy array has a shape of one element with the others summing up to a large number.
CVE-2022-41880 TensorFlow is an open source machine learning platform. When the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max, a heap oob read occurs.
CVE-2022-41908 TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 string will fail check in tf.raw_ops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645.
CVE-2022-41901 TensorFlow is an open source platform for machine learning. An input matrix with rank 0 will fail in "SparseMatrixNNZ"
CVE-2022-41781 Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
CVE-2022-24038 Infraskope Security Event Manager has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed.
CVE-2022-24939 An invalid packet can cause a stack overflow in the ZNet stack.
CVE-2021-36905 Multiple Auth
CVE-2022-20428 An out of bounds write could lead to local escalation of privilege with System execution privileges.
CVE-2022-45066 Auth
CVE-2022-20427 There is a possible way to corrupt memory and gain System execution privileges in (TBD) of (TBD).
CVE-2022-39178 Webvendome's internal server IP is disclosed in a GET request.
CVE-2022-43457 SQL Injection in Delta Electronics DIAEnergie v1.9.02.001
CVE-2022-43332 An XSS vulnerability in Wondercms v3.3.4 allows attackers to inject arbitrary web script or HTML.
CVE-2022-44577 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-43096 Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
CVE-2021-31608 Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CVE-2022-42903 Zoho SupportCenter Plus allows low-privileged users to view the organization users list.
CVE-2022-43142 The add-fee.php component has an XSS vulnerability that can execute arbitrary web scripts, HTML files, or other dangerous content.
CVE-2022-41920 Lancet is a library for go that contains useful utility functions. An issue was found with zip fileutil, which is fixed in version 2.1.10 and 1.3.4.
CVE-2022-43140 The cn.keking.web.controller.OnlinePreviewController has a SSRF vulnerability.
CVE-2022-40751 UCD 6.2.7.0 through 7.2.3.1 may have a bug that allows an admin with "Manage Security" permissions to get files back.
CVE-2022-42893 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-42892 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-42954 Keyfactor EJBCA before 7.10.0 allows XSS.
CVE-2022-42982 NtripCaster 2.0.39 allows querying information over UDP without authentication. The NTRIP sourcetable is typically tens of kBs and can be requested with a packet of 30 bytes.
CVE-2022-42985 The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform XSS attacks.
CVE-2022-40881 SolarWinds IoT Device Management contains a command injection vulnerability.
CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.
CVE-2022-43781 An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system.
CVE-2022-42960 EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 has DOM XSS due to improper validation of message events to accessibility.js
CVE-2022-44005 BACKCLICK Professional 5.9.63 has a vulnerability that can reveal subscribers' e-mail addresses if the newsletter sign-up functionality uses consecutive IDs.
CVE-2022-44002 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-43999 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44007 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-39318 FreeRDP is a library for remote desktop protocol and clients, but affected versions don't have input validation. A malicious server can trick a client to crash with a division by zero.
CVE-2022-39319 - Critical Vulnerability in FreeRDP Library's `urbdrc` Channel and How to Mitigate
CVE-2022-41877 FreeRDP is a library for remote desktop protocol, affected versions have input length validation in `drive` channel missing.
CVE-2022-39320 FreeRDP is a library for remote desktop protocol and clients. An affected version may attempt integer addition on too narrow types and allocate a buffer too small holding the data written.
CVE-2022-39383 KubeVela is an application delivery platform. Users using the VelaUX API could be affected by this vulnerability.
CVE-2022-44069 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVE-2022-43262 The Human Resource Management System v1.0 had a SQL injection vulnerability in the password parameter.
CVE-2022-43264 - Directory Traversal and Arbitrary File Download Vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2
CVE-2022-4018 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41917 OpenSearch is a community-driven open source fork of Elasticsearch and Kibana that allows users to specify a local file.
CVE-2022-3920 Consul and Consul Enterprise 1.13.0 to 1.13.3 do not filter out nodes and services that are used for the UI.
CVE-2022-41918 OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana
CVE-2022-29276 AhciBusDxe has SMI vulnerabilities, which lead to SMRAM corruption. This was discovered by Insyde during security review.
CVE-2022-4006 A vulnerability in WBCE CMS is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler.
CVE-2022-30768 Stored XSS flaw in ZoneMinder 1.36.12 allows Admin users to execute arbitrary HTML or JavaScript when they logout.
CVE-2022-38201 Esri Portal for ArcGIS Quick Capture Web Designer has an unvalidated redirect vulnerability.
CVE-2022-30771 The initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions.
CVE-2022-38385 The IBM Cloud Pak for Security 1.10.0.0 through 1.10.2.0 could be exploited by an authenticated user to obtain sensitive information or perform unauthorized actions.
CVE-2022-42785 Multiple W&T products of the ComServer Series are prone to an authentication bypass
CVE-2022-20943 Multiple vulnerabilities in the SMB2 processor of the Snort detection engine could allow an unauthenticated, remote attacker to bypass the configured policies or cause a DoS.
CVE-2022-20949 The management web server of Cisco Firepower Threat Defense could be exploited by an authenticated, remote attacker with high privileges.
CVE-2022-29275 Untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering and lead to escalation of privileges. This issue was discovered by Insyde during security review.
CVE-2022-20940 An vulnerability in Cisco Firepower Threat Defense could allow an attacker to gain access to sensitive information.
CVE-2022-20839 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20935 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20941 The web-based management interface of Cisco Firepower could be vulnerable to an unauthenticated, remote attacker who could access sensitive information.
CVE-2022-27895 Foundry was vulnerable to log files being captured due to an issue in earlier versions.
CVE-2022-45387 The Jenkins BART Plugin 1.0.3 and earlier does not escape the content of build logs before rendering it on the UI, resulting in a XSS vulnerability.
CVE-2022-45391 Jenkins NS-ND Integration Performance Plugin 4.8.0.143 and earlier disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
CVE-2022-45382 Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds, resulting in a stored XSS vulnerabi l. This can be exploited by attackers who can edit build display name.
CVE-2022-45399 An permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45390 An error in the Jenkins loader.io plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-45394 An attacker with Item/Read permission can delete build logs.
CVE-2022-45380 Jenkins JUnit Plugin converted HTTP(S) URLs to clickable links which were unsafe, resulting in a XSS vulnerability that is exploitable by attackers with Item/Configure permission.
CVE-2022-42001 BlueSpiceBookshelf extension allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-3958 BlueSpiceUserSidebar extension has XSS flaw that allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-41814 BlueSpiceFoundation extension allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVE-2022-42000 BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVE-2022-3895 UI components aren't sanitizing output and are prone to XSS.
CVE-2022-41611 An XSS vulnerability in the BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML.
CVE-2022-3480 An attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending more unauthenticated HTTPS connections from different source IP's.
CVE-2022-25742 Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server.
CVE-2022-25667 The Snapdragon Wired Infrastructure and Networking component handles ICMP requests improperly, which exposes information disclosure.
CVE-2022-25674 Cryptographic issues in WPA/WPA2 group key handshake in Snapdragon Consumer, Industrial, and Voice & Music.
CVE-2022-33237 Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold
CVE-2022-25743: Memory Corruption in Graphics due to Use-After-Free while Importing Graphics Buffer in Various Snapdragon Components
CVE-2022-42053 An AC1200 router was found to have a command injection vulnerability in the setPortMapping function.
CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.
CVE-2022-42058 The Tenda AC1200 router model W15Ev2 V15.11.0.10(1576) had a stack overflow vulnerability.
CVE-2022-40844 An issue with Tenda's W15Ev2 AC1200 router's applications' filtering tab allows an attacker to execute JavaScript code via the URL.
CVE-2022-41396 An AC 1200 W15Ev2 router was found to have multiple command injection vulnerabilities in the function setIPsecTunnelList.
CVE-2022-42129 An IDOR vulnerability in the Liferay Portal DXP and 7.3-7.4 modules allows remote attackers to view and access form entries.
CVE-2022-42126 The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8 and 7.4 before update 29 doesn't properly check permissions, which allows remote attackers to view asset libraries.
CVE-2022-42111 An XSS vulnerability in Liferay Portal's user notification module allows attackers to inject arbitrary web script or HTML.
CVE-2022-33986 DMA attacks on the SMI handler's parameter buffer could lead to a TOCTOU attack.
CVE-2022-33909 DMA transactions used by the HddPassword software SMI handler could cause SMRAM corruption.
CVE-2022-33983 DMA transactions used for NvmExpressLegacy software could cause SMRAM corruption.
CVE-2022-33906 DMA transactions that are used by FwBlockServiceSmm software SMI handler could cause SMRAM corruption.
CVE-2022-43690 In CMS below 8.5.10, the legacy_salt function was not compared strictly, allowing authentication bypass if used.
CVE-2022-43030 An RCE vulnerability was found in SIYUCMS, a content management system.
CVE-2022-40903 Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 doesn't mitigate failed access attempts, which allows attackers to gain admin privileges.
CVE-2022-40735 The Diffie-Hellman Key Agreement Protocol allows use of long exponents that can be expensive when using short exponents.
CVE-2022-33982 DMA attacks on the Int15ServiceSmm parameter buffer could lead to a TOCTOU attack on the SMI handler and lead to SMRAM corruption.
CVE-2022-43686 In Concrete CMS, the authTypeConcreteCookieMap table can be filled up causing a denial of service.
CVE-2022-43968 Reflected XSS was found in 9.0.0-9.1.2 versions of Concrete CMS below 8.5.10 and between dashboard icons.
CVE-2022-43294 Tasmota was found to have a stack overflow in ClientPortPtr at lib/libesp32/rtsp/CRtspSession.cpp.
CVE-2022-41913 Discourse-calendar adds calendar functionality to the first post of a topic.
CVE-2022-3362 Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().
CVE-2022-37109 Camp Fuller is vulnerable to Incorrect Access Control.
CVE-2022-44389 EyouCMS V1.5.9-UTF8-SP1 was found to have a Cross Site Request Forgery vulnerability in the Edit Admin Profile module.
CVE-2022-34320 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow attackers to decrypt sensitive information.
CVE-2022-44390 An XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43694 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
CVE-2022-34313 IBM CICS TX 11.1 doesn't set the secure attribute on authorization tokens or session cookies. This makes it easier for attackers to get the cookie values or send a http:// link to a user and plant the link.
CVE-2022-43342 An XSS vulnerability in Eramba GRC Software c2.8.1's Add function allows attackers to inject arbitrary web scripts or HTML.
CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.
CVE-2022-3469 The WP Attachments plugin before 5.0.5 has an unsafe setting that could allow high-privilege users to do Stored Cross-site Scripting.
CVE-2022-45183 Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID.
CVE-2022-3979 NagVis up to 1.9.33 is vulnerable to a problem in the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. This could lead to an authentication bypass.
CVE-2022-3978 A vulnerability was found in NodeBB up to 2.5.7, which can be exploited to make remote requests forgery.
CVE-2022-3976 An exploit has been found in MZ Automation 1.4 and classified as critical. This vulnerability affects MMS File Services.
CVE-2022-3974 A critical vulnerability was found in Axiomatic Bento4. The affected function is AP4_StdcFileByteStream::ReadPartial of the mp4info component.
CVE-2022-3975 A vulnerability in NukeViet CMS's Data URL Handler is the function filterAttr. It's affected by the issue.
CVE-2022-3965 An issue was found in ffmpeg's smc_encode_stream function. This vulnerability affects the QuickTime Graphics Video Encoder component.
CVE-2022-3963 An issue was found in gnuboard5, a component of FAQ Key ID Handler. The fm_id argument can be manipulated to perform a cross-site scripting attack.
CVE-2022-45196 An attacker can cause a denial of service by sending a crafted Fabric 2.3 channel tx with the same name.
CVE-2022-45195 The key derivation function in SimpleXMQ before 3.4.0 is not applied to data, which can impact forward secrecy and if there is a compromise of a single private key.
CVE-2022-38651 An attacker can exploit a security filter misconfiguration in VMware Hyperic Server 5.8.6 to bypass authentication requirements.
CVE-2022-41339 In MDM Plus, user privileges can be escalated.
CVE-2022-41905 WebDAV server WSGI is vulnerable to XSS attacks, which has been patched in version 4.1.0.
CVE-2022-45182 Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
CVE-2022-41906 OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc.
CVE-2021-33064 An uncontrolled search path in the software installer for Intel System Studio may allow for privilege escalation.
CVE-2022-26367 Buffer restrictions in Intel XMM 7560 modem software before M2_7560_R_01.2146.00 may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-29515 Memory release in Intel SPS firmware may be exploited to cause denial of service.
CVE-2022-30548 An attacker can control a local search path element to escalate privilege.
CVE-2021-33159 An improper authentication in subsystem may allow privilege escalation.
CVE-2022-27499 The Intel(R) SGX SDK premature release may allow a privileged user to potentially enable information disclosure.
CVE-2021-33164 An improper BIOS access control may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-29486 The Intel Hyperscan library had buffer restrictions that could be abused by an unauthenticated user. This could lead to privilege escalation.
CVE-2022-26508 Inauthentic authentication in the SDP Tool may allow disclosure of information via network access.
CVE-2022-33176 In BIOS firmware for some Intel NUC 11 Performance kits and mini PCs, improper input validation may allow a privileged user to enable escalation of privilege via local access.
CVE-2021-0185 In early Intel Server Board M10JNP Family firmware, improper input validation may allow a privileged user to enable an escalation of privilege.
CVE-2022-40981 Remote Access Server 4.5.0 and earlier is vulnerable to malicious file upload.
CVE-2022-3703 The ETIC Telecom RAS 4.5.0 and earlier is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and privilege escalation.
CVE-2022-42460 An access control vulnerability in the Traffic Manager plugin = 1.4.5 on WordPress allows for XSS.
CVE-2022-43679 OwnCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
CVE-2022-41879 Parse Server is an open source backend that runs on Node.js.
CVE-2022-39392 Wasmtime's pooling allocator has a bug when the allocator is configured to give WebAssembly instances 0 pages of memory.
CVE-2022-39393 Wasmtime is a standalone runtime for WebAssembly
CVE-2021-40226 xpdfreader 4.03 is vulnerable to Buffer Overflow.
CVE-2022-36022 Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM
CVE-2022-45063 In older versions of tmux, there was a font operation vulnerability that allowed command execution. This is no longer the case.
CVE-2022-39038 Agentflow BPM enterprise management system has improper authentication
CVE-2022-39037 Agentflow BPM file download function has a path traversal vulnerability
CVE-2022-38119 - UPSMON Pro Login Function Vulnerability: Insufficient Authentication Exploit
CVE-2022-42786 Multiple W&T Products of the ComServer Series are prone to an XSS attack
CVE-2022-3819: GitLab Improper Authorization in Emoji Reactions Leads to Unauthorized Access to Internal Notes
CVE-2022-3818: Uncontrolled Resource Consumption Puts GitLab Instances at Risk
CVE-2022-3706 - Vulnerability in GitLab CE/EE Allows Unauthorized Users to Take Ownership of Retried Jobs in Upstream Pipelines
CVE-2022-39307 Grafana is an open-source monitoring platform. The password forgotten page sends a POST request to the /api/user/password/sent-reset-email URL.
CVE-2022-3486 An open redirect vulnerability in GitLab EE/CE older than 15.3.5, 15.4.4, and 15.5.2 allows attackers to redirect users to an arbitrary location if they trust the URL.
CVE-2022-39887 An access control vulnerability in MiscPolicy prior to SMR Nov-2022 Release 1 allows a local attacker to configure EDM settings.
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-39881 In-bound SIB12 PDU can be read out of bounds memory in Exynos modems prior to SMR Sep-2022 release.
CVE-2022-39890 In Samsung Billing 5.0.56.0, improper authorization allows attacker to get sensitive information.
CVE-2022-29836 In 2018, a Path Traversal vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. This could allow attackers to abuse certain parameters to access the device's files.
CVE-2022-31685 VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability
CVE-2022-27674 An attacker may be able to bypass bounds checks and crash the Windows kernel, resulting in denial of service.
CVE-2022-44550 The graphics display module has a UAF vulnerability when traversing graphic layers
CVE-2022-44552 The lock screen module has defects introduced in the design process
CVE-2022-31687 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability
CVE-2022-27673 Inadequate access controls in the AMD Link Android app may result in information disclosure.
CVE-2022-44560 The launcher module has an Intent redirection vulnerability
CVE-2022-44561 The preset launcher module has a permission verification vulnerability
CVE-2022-31688 Assist prior to 22.10 contains a Reflected XSS vulnerability.
CVE-2022-25932 InHand Networks InRouter302 V3.5.45 fixes TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete
CVE-2022-43118 An XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43119 An XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML.
CVE-2021-34567 WAGO I/O-Check Service can be abused to send malicious packets and provoke a denial of service and an out-of-bounds read.
CVE-2021-34568 In WAGO I/O-Check Service, an unauthenticated remote attacker can send a packet to cause a denial of service.
CVE-2021-34566 An attacker can send a malicious packet to crash the iocheck process and write memory to DoS WAGO I/O-Check Service.
CVE-2021-34569 In WAGO I/O-Check Service, an attacker can crash the diagnostic tool and write memory.
CVE-2022-43320 FeehiCMS v2.1.1 has a reflected XSS vulnerability via the id parameter.
CVE-2022-39328 Grafana is an open-source platform for monitoring and observability
CVE-2022-41214 An attacker with high privileges can delete a file which is otherwise restricted.
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c
CVE-2021-1050 In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20462 phNxpNciHal has an out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20446: The Android Vulnerability That Allows Unwanted Access to Your Microphone
CVE-2022-26446 Modem 4G RRC has a possible system crash due to improper input validation. This could lead to remote denial of service.
CVE-2022-32618 In typec, there is a possible out-of-bounds write due to an incorrect calculation of buffer size, which could lead to local escalation of privilege, with no additional execution privileges needed.
CVE-2022-33322 Mitsubishi Electric products contain cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform a MITM attack and inject malicious script codes.
CVE-2022-44316 PicoC 3.2.2 had a buffer overflow in the LexGetStringConstant function when called from LexScanGetToken.
CVE-2022-44314 PicoC 3.2.2 had a buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44315 PicoC Version 3.2.2 had a heap buffer overflow in ExpressionAssign when called from ExpressionParseFunctionCall.
CVE-2022-44318 PicoC Version 3.2.2 had a buffer overflow in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44320 PicoC Version 3.2.2 had a buffer overflow in ExpressionCoerceFP in expression.c when called from ExpressionParseFunctionCall.
CVE-2022-43397: Critical Vulnerability in Parasolid Library Leads to Potential Code Execution
CVE-2022-41432 The EyesOfNetwork web interface had a reflected XSS vulnerability.
CVE-2022-41433 The EyesOfNetwork Web Interface v5.3 had a reflected XSS vulnerability.
CVE-2022-41434 The EyesOfNetwork Web Interface v5.3 has an XSS vulnerability.
CVE-2022-43359 Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c had an out-of-bounds read in the function read_image_data.
CVE-2022-3878 A critical vulnerability has been found in Maxon ERP. Manipulation of the argument tb_search leads to sql injection.
CVE-2022-44048 The d8s-urls for python included a backdoor inserted by a third party. This is the democritus-domains package.
CVE-2022-43319 An information disclosure vulnerability in the component vcs/downloadFiles.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
CVE-2022-44050
CVE-2022-44795 Object First 1.0.7.712 has a Web Service flaw that could lead to local information disclosure. The command that creates the support bundle's URL uses an insecure RNG.
CVE-2022-44796 Object First's authorization service has a flow that allows getting access to the Web UI without knowing credentials.
CVE-2022-44797 For older versions of lnd and other Bitcoin-related products, forgets to check witness size.
CVE-2022-44793 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash.
CVE-2022-44792 Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to crash the instance.
CVE-2022-42905 WOLFSSL before 5.5.2 had a potential buffer over-read issue if callback functions were enabled.
CVE-2022-37710 Dental Eaglesoft 21 has AES-256 encryption with key backup/retrieval or DbEncryptKeyPrimary > Encryption Key.
CVE-2022-44544 Ghostscript could potentially be exploited to trigger a remote shell. This is the case if the site is running on Ubuntu and the flag -dSAFER isn't set.
CVE-2022-42707 Mahara 21.04, 21.10, 22.04, and 22.10 has embedded images accessible without a sufficient permission check if certain conditions are met.
CVE-2022-38660 HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability
CVE-2022-41669 An improper verification of cryptographic signature vulnerability exists in the SGIUtility component. This could lead to the execution of malicious code if a malicious DLL is loaded.
CVE-2022-41667 An adversary with local user privileges can load a malicious DLL to execute malicious code. This is a CWE-22 vulnerability.
CVE-2022-42743 deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object
CVE-2022-42746 The 3.0.0 version of the CandidATS API allows an attacker to steal cookies of arbitrary users.
CVE-2022-42749 An attacker in the 'page' of the 'ajax.php' resource can steal cookies of other users.
CVE-2022-43102 Tenda AC23 V16.03.07.45_cn had a stack overflow vulnerability that could be exploited via the timeZone parameter in fromSetSysTime.
CVE-2022-44624 In JetBrains TeamCity before 2022.10, password parameters with special characters could be exposed in the build log.
CVE-2022-43101: Exploring the Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn
CVE-2022-43106: Tenda AC23 Router Stack Overflow Vulnerability in setSchedWifi Function - Exploit Details, Affected Models, and Mitigation Measures
CVE-2022-41435 An open source router's SSH keys vulnerability contains XSS.
CVE-2021-46853 Before 2.25, an attack on LIST or LSUB can cause a denial of service.
CVE-2022-24936 GBL parser out-of-bounds error allows attacker to overwrite flash Sign key and OTA decryption key.
CVE-2022-39353 Xmldom is a standard-based XML DOM parser and serializer module.
CVE-2022-43239 Discovered that the Lide265 v1.0.8 had a heap buffer overflow vulnerability.
CVE-2022-38380 An access control vulnerability in FortiOS 7.2 and earlier may allow a remote read-only user to modify the interface settings via the API.
CVE-2022-26122 FortiGate versions prior to 6.4.274 and FortiClient, FortiMail may have insufficient data authenticity verification, which may allow attackers to bypass the AV engine.
CVE-2022-26730: Memory Corruption Issue in ICC Profile Processing Leads to Arbitrary Code Execution in macOS Ventura 13
CVE-2022-32862: A Deep Dive Into macOS Root Privilege Exploitation and How Improved Data Protection Resolved It
CVE-2022-3602 - Buffer Overflow Vulnerability in X.509 Certificate Verification within OpenSSL
CVE-2022-42312 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42311 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42318 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2020-36605 Inappropriate default permissions allow attackers to run malicious code on the Hitachi AI Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint components.
CVE-2022-40289 The application was vulnerable to Stored XSS and could be used to escalate privileges or compromise accounts.
CVE-2022-39016 Injection in PDFtron allows attackers to takeover user account.
CVE-2022-40294 An application was found to have a CSV injection vulnerability, allowing malicious code to be embedded in exported data.
CVE-2022-39018 PDFtron data in M-Files Hubshare before 3.3.11.3 was accessed by unauthenticated attackers if they know the URL.
CVE-2022-41688 SEI's Device Master versions 00.00.01a and earlier lack proper authentication for user group functions.
CVE-2022-41629 The 00.00.01a versions of the Device Master from DEI allow unauthenticated users to access the endpoint, which could allow an attacker to retrieve any file from the "RunningConfigs" directory.
CVE-2022-31692 An earlier version of Spring Security was vulnerable to authorization rule bypass. END>
CVE-2021-40241 - xfig 3.2.7 Buffer Overflow Vulnerability in `LoadFIG` Function
CVE-2022-3770 An critical vulnerability was found in Yunjing CMS. The file /index/user/upload_img.html can be manipulated to upload files without restrictions. The attack can be initiated remotely.
CVE-2022-40617 The strongSwan revocation plugin can be compromised when an attacker sends a crafted end-entity certificate that contains a CRL/OCSP URL pointing to a controlled server.
CVE-2022-41974: A Deep Dive into Multipath-Tools Privilege Escalation Exploit
CVE-2022-42916: Security Vulnerability in Curl, HSTS Check Bypassed to Use HTTP Instead of HTTPS
CVE-2022-2826 An issue has been discovered in GitLab starting from 10.0 before 12.9.8, 12.10 before 12.10.7, 13.0 before 13.0.1.
CVE-2022-41648 The HEROS 5.08.3 controller is vulnerable to improper authentication, which may allow an attacker to deny service to the production line or steal sensitive data.
CVE-2022-43165 An XSS vulnerability in the Global Variables feature of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-37426 File upload with OpenNebula's core on Linux can be disabled by injection of harmful file content.
CVE-2022-3697 amazon.aws flaw: amazon.aws uses tower_callback parameter from amazon.aws.ec2_instance module when using amazon.aws collection.
CVE-2022-39367 The QTIWorks Engine allows users to upload content packages as ZIP files before version 1.0-beta15.
CVE-2022-2882 An issue has been found in GitLab CE/EE prior to 15.3.4, 15.4.1, and 12.6.5.1.
CVE-2022-3730 A critical vulnerability was found in seccome Ehoney. The manipulated Payload argument leads to sql injection.
CVE-2022-0072 - Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal in Multiple Versions
CVE-2022-42055 - Multiple Command Injection Vulnerabilities in GL.iNet GoodCloud IoT Device Management System
CVE-2022-3725 An OPUS protocol crash in Wireshark 3.6.0 to 3.6.8 allows denial of service.
CVE-2022-40184 JavaScript code in the video jet multi 4000 web interface is not being filtered properly, allowing an attacker with admin credentials to store code and execute it for all admins.
CVE-2021-45476 Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.
CVE-2022-3705 An issue was found in vim's qf_update_buffer function, which is used for the quickfix autocmd handler. This vulnerability allows for use after free.
CVE-2022-39286 Jupyter Core is a package for core common functionality of Jupyter projects. Jupyter Core contains an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in CWD.
CVE-2022-20933 The vulnerability in Cisco AnyConnect VPN server could cause a DoS on an affected device.
CVE-2022-20954 Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could be vulnerable to path traversal, sensitive data viewing, and write arbitrary files attacks.
CVE-2022-43749 In Synology Presto File Server before 2.1.2-1601, improper privilege management can be bypassed via unspecified vectors.
CVE-2022-33182 Brocade Fabric OS CLI privilege escalation vulnerability could let a local user escalate their privileges to root using 'supportlink' and 'firmwaredownload' commands.
CVE-2022-38181 An Arm product family through 2022. GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.
CVE-2022-27912 An issue was discovered in Joomla! 4.0.0 through 4.2.3
CVE-2022-31468 An attacker can XSS the OX App Suite through 8.2 when a client uses the len or off parameter.
CVE-2022-39322 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js
CVE-2022-33204 Abode Systems Inc. iota All-In-One Security Kit 6.9X and 6.9Z has 2 command injection vulnerabilities. An attacker can execute commands on the system
CVE-2022-39349 The Tasks.org app uses the ShareLinkActivity to handle to-do lists and reminders.
CVE-2022-3391 The Retain Live Chat plugin doesn't sanitise its settings, which could allow high privilege users to perform stored XSS attacks.
CVE-2022-35876 There are 3 format string vulnerabilities in the XCMD testWifiAP functionality of the Abode Systems, Inc. iota All-In-One Security Kit.
CVE-2022-34845 An update vulnerability exists in Robustel R1510's sysupgrade functionality. A specially crafted packet can lead to arbitrary firmware update.
CVE-2022-39836 COVESA dlt-daemon through 2.18.8 has a file parser bug that can be exploited to crash the process.
CVE-2022-39342 OpenFGA is an authorization/permission engine. Versions prior to v0.2.4 are vulnerable to authorization bypass under certain conditions
CVE-2022-35268 Web_server hashFirst vulnerability can lead to denial of service.
CVE-2022-27804 - Uncovering an OS Command Injection Vulnerability in Abode Systems iota All-In-One Security Kit
CVE-2022-43677 In free5GC 3.2.1, an index-out-of-range panic in aper.GetBitString can crash the AMF and NGAP decoders.
CVE-2021-44769 An input validation vulnerability in TLS certificate generation can cause a DoS condition. This is mitigated by a factory reset.
CVE-2021-44467 An access control vulnerability in spx_restservice's KillDupUsr_func function allows an attacker to terminate active sessions of other users. This causes a DoS condition.
CVE-2022-39313 Parse Server is an open source backend that runs on Node.js.
CVE-2021-45925 An attacker can guess legitimate user names registered in the BMC.
CVE-2022-40690 An attacker can inject arbitrary scripts in BookStack versions prior to v22.09.
CVE-2021-42010 Heron versions 0.20.4 incubated with CRLF injection vulnerability.
CVE-2021-26733 The FirstReset_handler_func function in spx_restservice has a broken access control vulnerability that allows an attacker to send reboot commands and cause a DoS.
CVE-2021-26729 Injection and buffer overflow vulnerabilities in the Login_handler_func function of spx_restservice allows attacker to execute arbitrary code with server user privileges.
CVE-2021-26727 Injection flaws in SubNet_handler_func allow attacker to execute code with root privileges.
CVE-2021-26730: Uncovering a Stack-Based Buffer Overflow Vulnerability in Lanner IAC-AST250A Firmware
CVE-2022-39272: Denial of Service Vulnerability in Flux Prior to Version .35.
CVE-2020-5355 Dell Isilon versions 8.2.2 and earlier SSHD process improperly allows TCP and stream forwarding.
CVE-2022-34438 Dell PowerScale OneFS versions 8.2.x-9.4.0 contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to system compromise.
CVE-2022-31239 Dell PowerScale OneFS versions 9.0.0 to 9.1.0.19, 9.2.1.12, and 9.3.0.6 have a sensitive data in log files vulnerability.
CVE-2022-34437 Dell PowerScale OneFS versions 8.2.2-9.3 have an OS command injection vulnerability that a malicious local user can exploit to compromise the system.
CVE-2022-3646 A vulnerability was found in the Linux kernel, which affects the function nilfs_attach_log_writer of BPF component. The manipulation leads to memory leak.
CVE-2022-1059 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3597 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemcpy that can be used to cause a denial of service. Attackers can exploit this vulnerability to cause a DoS.
CVE-2022-3570 In libtiff library 4.4.0, heap buffer overflows could lead to application crash, potential information disclosure.
CVE-2022-3598 Script in LibTIFF 4.4.0 has an out-of-bounds write, allowing attackers to cause a denial-of-service.
CVE-2022-3626 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemset that can be exploited by attackers to cause a denial-of-service.
CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection, which can be used to cause a denial-of-service.
CVE-2022-3627 libTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service.
CVE-2022-42944 Malicious .dwf or .pct file could lead to memory corruption vulnerability by read access violation.
CVE-2022-3639 A DOS vulnerability was discovered in GitLab CE/EE affecting versions 10.8-15.3.
CVE-2022-1066 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-1070 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3642 A vulnerability in the Linux Kernel affects the function rtl8188f_spur_calibration of the Wireless component.
CVE-2022-43400 V2022 R2 has a vulnerability. V22.2a>
CVE-2022-3633 A problem with the function j1939_session_destroy of the IPsec component net/can/j1939/transport.c leads to a memory leak.
CVE-2021-42553 An attacker can exploit a buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics to execute arbitrary code.
CVE-2022-37454 Keccak XKCP SHA3 has an integer overflow and buffer overflow that allows attackers to execute arbitrary code or eliminate cryptographic properties.
CVE-2022-3624 An issue with the IPsec function rlb_arp_xmit was found and is considered problematic. The vulnerability causes a memory leak.
CVE-2022-3629 A vulnerability was found in the IPsec component of Linux Kernel. It's been declared as problematic due to memory leak.
CVE-2022-3630 A vulnerability was found in IPsec that leads to memory leak.
CVE-2022-36958 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-36957 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-39823 An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10
CVE-2022-37453 An issue was discovered in Softing OPC UA C++ SDK before 6.10
CVE-2022-36966 Node Management users had access to all nodes due to an Insufficient control on URL parameter causing IDOR vulnerability in SolarWinds Platform.
CVE-2022-3621 A vulnerability was found in the Linux kernel. It is considered problematic due to the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode. The manipulation leads to a null pointer dereference.
CVE-2022-3623 A vulnerability was found in the Linux Kernel. It is problematic due to a race condition.
CVE-2022-3620 Vulnerability in Exim was found, it's a dmarc_dns_lookup issue. Remote attack is possible.
CVE-2022-3577 An out-of-bounds memory write flaw was found in the Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-2069 The APDFL.dll in Siemens JT2Go V13.3.0.5 and Siemens Teamcenter Visualization V14.0.0.2 contains a heap-based write that wrote past the buffer.
CVE-2022-42233 Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.
CVE-2022-42344 Adobe Commerce versions 2.4.3-p2, 2.3.7-p3, and 2.4.4 are affected by a validation vulnerability.
CVE-2022-42176 Hard-coded admin panel access in PCTechSoft PCSecure V5.0.8.xw using use of Hard-coded Credentials.
CVE-2022-42200 The Exam Reviewer Management System v1.0 is vulnerable to Stored XSS.
CVE-2022-42198 The User List function suffers from insecure file upload in Simple Exam Reviewer Management System v1.0.
CVE-2022-26954 Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow attackers to conduct phishing attacks. The ChangePassword function is affected.
CVE-2021-33231 EasyVista Service Manager 2018.1.181.1 has an XSS vulnerability that allows attackers to run arbitrary code.
CVE-2022-37298 Shinken Monitoring 2.4.3 is vulnerable to Incorrect Access Control.
CVE-2022-37598 Prototype pollution vulnerability in ast.js with the name variable in UglifyJS 3.13.2.
CVE-2022-27624 A memory buffer vulnerability affects OOB Management packet decryption.
CVE-2022-27626 Vulnerability found in session processing of OOB management.
CVE-2022-27625 An issue with memory buffer operations, OOB Management, is found.
CVE-2022-3327 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41743 Before R27 P1 and R26 P1, the ngx_http_hls_module has a vulnerability that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact.
CVE-2022-36795 LTM TCP profile with Auto Receive Window enabled on a virtual server can be vulnerable to undisclosed traffic. This can lead to a vulnerability.
CVE-2022-41780 An directory traversal vulnerability in F5OS-A and F5OS-C before 1.4.0 allows attackers to read arbitrary files.
CVE-2022-41787 DNS Express is enabled on a virtual server with DNS profile and undisclosed DNS queries can be sent to the internal DNS. This might lead to information disclosure. END>
CVE-2022-41770 An authenticated iControl REST user can increase memory consumption.
CVE-2022-41983 Hardware platforms on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and 13.1.x can have undisclosed conditions when Intel QAT and AES-GCM/CCM are used.
CVE-2022-41833 An iRule containing the HTTP::collect command can cause TMM to terminate.
CVE-2022-41832 An undisclosed message can cause an increase in memory consumption in BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x when a SIP profile is configured on a virtual server.
CVE-2022-31684 Reactor Netty HTTP Server may log request headers in some cases of invalid HTTP requests. This may reveal valid access tokens to those with access to server logs.
CVE-2022-41806 An undisclosed request can cause an increase in memory resource utilization when BIG-IP AFM Network Address Translation with IPv6/IPv4 translation rules is configured on a virtual server.
CVE-2022-41836 An 'Attack Signature False Positive Mode' on a virtual server can cause the bd process to terminate.
CVE-2022-41694 An SSL key was imported on a BIG-IP or BIG-IQ system, but undisclosed input was used. This could lead to a security vulnerability.
CVE-2022-41691 When a BIG-IP Advanced WAF/ASM security policy is configured, undisclosed requests can cause the bd process to terminate.
CVE-2022-41624 Unclosed traffic can cause an increase in memory resou END> The BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x have undisclosed traffic that can cause an increase in memory resou.
CVE-2022-38107 Sensitive information could be displayed when a detailed technical error message is posted
CVE-2022-41813 Traffic Management Microkernel (TMM) can terminate when a certain input is provided to PEM or AFM module in certain versions of BIG-IP.
CVE-2022-43024 Tenda TX3 US_TX3V1.0 was discovered to have a stack overflow vulnerability with the list parameter.
CVE-2022-43026 Tenda TX3 US_TX3V1.0 br_V16.03.13.11_multi_TDE01 contains a stack overflow via the endIp parameter.
CVE-2022-43027 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to have a stack overflow via the firewallEn parameter.
CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 stack overflow was discovered via the time parameter.
CVE-2013-4253 The deployment script in the unsupported "OpenShift Extras" add-on scripts installs a default public key in the root user's authorized_keys file.
CVE-2013-4281 In Red Hat Openshift 1, the /etc/openshift/server_priv.pem file has weak default permissions, which could allow users with local access to read it.
CVE-2022-1523 An earlier version of Fuji Electric D300win is vulnerable to a write-what-where condition, which could allow an attacker to manipulate the flow of information.
CVE-2022-43016 OpenCATS v0.9.6 had a XSS vulnerability in the callback component.
CVE-2022-23241 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock enabled are vulnerable to an authenticated remote attack which could allow arbitrary modification or deletion of WORM data.
CVE-2022-2805 An otapi-style flaw in ovirt-engine can log passwords in the log file.
CVE-2022-41707 An attacker can access data of any user of the Messenger application.
CVE-2022-43415 The REPO Plugin 1.15.0 and earlier does not properly protect against XXE attacks.
CVE-2022-43416 An earlier version of the Jenkins Katalon Plugin allowed attackers to control agent processes and invoke Katalon.
CVE-2022-43433 Jenkins Screen recorder plugin disables Content Security Policy protection for user-generated content.
CVE-2022-43413 The Jenkins Job Import Plugin 3.5 and earlier doesn't perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43420 The Jenkins Contrast plugin 3.9 and earlier doesn't escape data returned from the service, which leads to a stored XSS vulnerability. Attackers who can access the application's backend are able to exploit the vulnerability.
CVE-2022-43435 Jenkins 360 FireLine Plugin 1.7.2 and earlier disables Content-Security-Policy protection for user-generated content.
CVE-2022-43424 Compuware Xpediter Code Coverage Plugin 1.0.7 and earlier allows attackers to control agent processes to obtain values of system properties.
CVE-2022-43404 The Jenkins Script Security Plugin has a sandbox bypass vulnerability that allows attackers with permission to define and run sandboxes to attack.
CVE-2022-43411 The Jenkins GitLab Plugin 1.5.35 and earlier uses a non-constant time comparison function, potentially allowing attackers to use statistical methods to obtain a valid webhook token.
CVE-2022-43425 Jenkins' Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of parameters on views, resulting in a stored XSS vulnerabi END>
CVE-2022-43426 Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, which makes it easier for attackers to observe and capture it.
CVE-2022-43427 Compuware Topaz for Total Test Plugin 2.4.8 doesn't perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43405 Jenkins Pipeline: Groovy Libraries Plugin 612.v84da_9c54906d and earlier has a sandbox bypass vulnerability that allows attackers with permission to define untrusted Pipeline libraries and to define and run sandboxed scripts.
CVE-2022-43406 An untrusted attacker can create and run untrusted Pipelines in Jenkins Pipeline vf3b_454e43966, which is deprecated.
CVE-2022-43402 There is a sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin 2802.v5ea_628154b_c2 and earlier that allows attackers with permission to define and run sandboxed scripts.
CVE-2022-43431 An earlier Compuware Strobe Measurement Plugin didn't perform permission checks, which allowed attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-43403 A sandbox bypass vulnerability in Jenkins Script Security Plugin 1183.v774b_0b_0a_a_451 and earlier allows attackers with permission to define and run sandboxed scripts to bypass the restriction.
CVE-2022-43410 Mercurial plugin 1251.va_b_121f184902 and earlier has webhook endpoint that exposes which jobs were triggered or scheduled for polling, which users have no permission to access.
CVE-2022-43421 An error in Tuleap's Git Branch Source Plugin 3.2.4 and earlier lets attackers trigger projects with a specified repository if they don't have permission.
CVE-2022-43428 Compuware Topaz for Total Test Plugin 2.4.8 and earlier allows attackers to execute agent/controller commands and get Java system properties. This could lead to system information disclosure.
CVE-2022-39301 sra-admin has a storage XSS vulnerability.
CVE-2022-23734 An untrusted data deserialization vulnerability was found in GitHub Enterprise Server that could lead to remote code execution.
CVE-2022-43035 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43043 The BD_CheckSFTimeOffset function had a segmentation violation.
CVE-2022-43042 GFD054169B master contains a heap buffer overflow in the function FixSDTPInTRAF at isomedia/isom_intern.c.
CVE-2022-43034 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43032 An issue was discovered in Bento4 v1.6.0-639
CVE-2022-43185 An XSS flaw in the Configuration/Holidays module of the Rukovoditel v3.2.1 allows attackers to inject arbitrary web script or HTML.
CVE-2022-43038 Bento4 v1.6.0-639 had a heap overflow in the mp42ts AP4_BitReader::ReadCache() function.
CVE-2022-43040 The gf_isom_box_dump_start_ex function had a heap buffer overflow.
CVE-2022-43037 An issue was discovered in Bento4 1.6.0-639
CVE-2022-43045 Scene Manager dump function had a segmentation violation.
CVE-2022-3607 Injection of special elements into another plane (octoprint/octoprint prior to 1.8.3)
CVE-2022-39260 - Remote Code Execution Vulnerability in Git Shell
CVE-2022-25660 A kernel double free issue in some Snapdragon chipsets. This can lead to a crash or memory corruption.
CVE-2022-25661 Kernel memory corruption due to untrusted pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, and Snapdragon Industrial IOT devices.
CVE-2022-25687 Buffer overflow can lead to video corruption in Snapdragon Auto, Snapdragon Compute, etc. The issue is found in asf parsing.
CVE-2022-25723 Multimedia memory corruption due to callback registration failure.
CVE-2022-25736 Denial of service in WLAN due to out-of-bound read happens in Snapdragon Auto, Snapdragon Compute, etc.
CVE-2022-39253 Git is an open source revision control system. Versions before 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are vulnerable to exposure of sensitive information.
CVE-2022-25749 Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames
CVE-2022-33210 Memory corruption in automotive multimedia due to use of out-of-range pointer offset when parsing command request packet with a very large type value.
CVE-2022-25718 In Snapdragon Auto, Connectivity, and IoT, there is a cryptographic issue.
CVE-2022-25663 An overflow in the device's management frame handling could lead to a denial of service in Snapdragon Compute, Connectivity, and Consumer Electronics Connectivity.
CVE-2022-39233 Tuleap is a free and open source suite for managing software development and collaboration.
CVE-2022-42467 The h2 webconsole module is available in prototype mode with the ability to query the database.
CVE-2016-20017 The D-Link DSL-2750B devices before 1.05 are vulnerable to remote command injection. In 2016-2018, this was exploited in the wild.
CVE-2016-20016 MVPower CCTV DVRs have a web shell that can be accessed via a /shell URI. An attacker can execute arbitrary operating system commands as root.
CVE-2022-35860 AES encryption in the Corsair K63 Wireless 3.1.3 can be sniffed by attackers if they are physically close.
CVE-2022-33077 An access control issue in nopcommerce v4.50.2 allows attackers to modify any customer's address.
CVE-2022-38901 The Liferay Digital Experience Platform 7.3.10 SP3 Document and Media module - file upload functionality allows remote attackers to inject arbitrary JS script or HTML.
CVE-2022-42117 The Frontend Taglib module in Liferay Portal 7.3.2 through 7.4.3.16, and Liferay DXP 7.3 before update 6 and 7.4 before update 17 is vulnerable to XSS. This can be used to perform malicious activities.
CVE-2022-42113 Liferay Portal 7.4.3.30 - 7.4.3.36 has an XSS vulnerability that allows attackers to inject arbitrary scripts or HTML.
CVE-2022-42116 The Frontend Editor module's integration with CKEditor in Liferay Portal 7.3.2 through 7.4.3.14, and Liferay DXP 7.3 before update 6, and 7.4 before update 15 allows remote attackers to inject arbitrary web script.
CVE-2022-21629 Vulnerability in Oracle JD Edwards tools product 9.2.6.4 and earlier.
CVE-2022-21639 Oracle PeopleSoft's PeopleTools product is vulnerable to a PeopleTools component vulnerability. This component is affected by 8.59 and 8.60.
CVE-2022-21634 Oracle Java SE component, LLVM Interpreter, has a vulnerability that affects versions 20.3.7, 21.3.3, and 22.2.0.
CVE-2022-21600 The MySQL Server product of Oracle MySQL is vulnerable to a vulnerability that affects versions 8.0.27 and prior.
CVE-2022-21637 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-39404 The MySQL Installer is vulnerable to CVE-2016-2107. This affects versions 1.6.3 and prior.
CVE-2022-21605 My MySQL Server is vulnerable to a database attack in versions 8.0.28 and earlier.
CVE-2022-39409 Oracle Transportation Management is affected by a vulnerability in versions 6.4.3 and 6.5.1.
CVE-2022-21641 MySql server is vulnerable to a security issue in 8.0.29 and earlier.
CVE-2022-21607 My MySQL Server product is vulnerable to a vulnerability in Oracle MySQL 8.0.28 and earlier.
CVE-2022-21608 My MySQL Server is vulnerable to a security issue in 5.7.39 and 8.0.30.
CVE-2022-21632 MySQL Server has a vulnerability that affects versions 8.0.30 and earlier.
CVE-2022-21601 An Oracle Communications Vulnerability is being reported with versions 12.0.0.4.0-12.0.0.7.0 being affected.
CVE-2022-21638 MySql server is vulnerable to a security issue in 8.0.29 and earlier.
CVE-2022-21604 My MySQL Server is affected by a vulnerability in InnoDB. Versions affected are 8.0.30 and earlier.
CVE-2022-21598 Oracle Siebel CRM's DB Deployment and Configuration product is affected by a vulnerability. Affected versions are 22.8 and prior.
CVE-2022-21602 An issue in the Oracle PeopleSoft Enterprise PeopleTools product 8.58, 8.59, and 8.60 is affected.
CVE-2022-21597
CVE-2022-21589 MySQL Server has a vulnerability that affects versions 5.7.39 and 8.0.16.
CVE-2022-39407 Oracle PeopleSoft's Enterprise PeopleTools product is affected by a vulnerability that causes supported versions to be affected.
CVE-2022-39423 Vulnerability in Oracle VirtualBox that affects Prior to 6.1.38 versions.
CVE-2022-39422 Vulnerability in Oracle VirtualBox that affects Prior to 6.1.38 versions.
CVE-2022-21627 Vulnerability in Oracle VirtualBox that affects prior to 6.1.40 versions.
CVE-2022-21625 An issue was found in the MySQL Server product of Oracle MySQL. The affected versions are 8.0.30 and prior.
CVE-2022-21617 MySQL Server has a vulnerability that affects versions 5.7.39 and 8.0.30 and later.
CVE-2022-39403 A vulnerability in the MySQL Shell product of Oracle MySQL is affecting versions 8.0.30 and prior.
CVE-2022-39402 A vulnerability in the MySQL Shell product of Oracle MySQL is affecting versions 8.0.30 and prior.
CVE-2022-3594 An issue was found in Linux Kernel, the function intr_callback of the file drivers/net/usb/r8152.c of the component BPF was vulnerable to logging excessive data.
CVE-2022-3595 The sess_free_buffer function of the CIFS handler can be manipulated to cause a double free.
CVE-2022-33872 In some Telnet components of FortiTester, an improper neutralization of special elements may allow an unauthenticated remap of commands.
CVE-2022-33874 Insecure neutralization of special elements in SSH login components may allow unauthenticated remote attackers to gain remote admin access.
CVE-2022-41541 An attacker can replay an encrypted authentication message and valid authentication token with the AX10v1 V1_211117 device.
CVE-2022-43259 Tenda AC15 V15.03.05.18 had a stack overflow vulnerability in the timeZone parameter of the form_fast_setting_wifi_set function.
CVE-2022-41540 The TP-Link AX10v1 V1_211117 web app client uses hard-coded cryptographic keys to communicate with the router.
CVE-2022-43260 An AC18 V15.03.05.19(6318) was found to have a stack overflow in the fromSetSysTime function.
CVE-2022-29055: Uninitialized Pointer Access Vulnerability in Fortinet FortiOS and FortiProxy Versions
CVE-2020-15853 supybot-fedora implements the command 'refresh', that refreshes the cache of all users from FAS
CVE-2022-3587 SourceCodester Simple Cold Storage Management System 1.0 has a vulnerability that causes My Account to malfunction.
CVE-2022-3580 An issue has been found in SourceCodester Cashier Queuing System 1.0.1 that affects user creation processing. Manipulation leads to cross site scripting.
CVE-2022-40889 Phpok 6.1 has a deserialization vulnerability via framework/phpok_call.php.
CVE-2022-3339 An XSS vulnerability in ePO 5.10 before Update 14 allows an attacker to access the administrator's session of an authenticated ePO admin.
CVE-2022-31037 OroCommerce is an open-source Business to Business Commerce application
CVE-2022-31122 Wire is an encrypted communication and collaboration platform. Versions before 2022-07-12 are subject to Token Recipient Confusion
CVE-2022-39057 The Ravva certificate validation system has insufficient filtering for special parameter of the web page input field.
CVE-2022-39056 RAVA certificate validation system has insufficient validation for user input
CVE-2022-39055 RAVA certificate validation system has inadequate filtering for URL parameter
CVE-2022-22220 An exploit in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved can cause a Denial of Service.
CVE-2022-22233 An unchecked return value to NULL pointer dereference vulnerability in Juniper Network's Routing Protocol Daemon (rpd) allows a locally authenticated attacker with low privileges to cause a DoS.
CVE-2022-22250 In Junos OS and Junos OS Evolved, an attacker can cause a DoS by controlling a resource through its lifetime.
CVE-2022-22237 An attacker can compromise Junos OS confidentiality or integrity by attacking the kernel.
CVE-2022-22242 J-Web has an XSS vulnerability that allows an attacker to run malicious scripts in the victim's session.
CVE-2022-22247 An Ingress TCP segment processing vulnerability in Juniper Networks Junos OS Evolved allows a network-based attacker to send a crafted TCP segment to the device, triggering a kernel panic and Denial of Service.
CVE-2022-22248 An Incorrect Permission Assignment vulnerability in Juniper Networks Junos OS Evolved allows a low-privileged local user to modify the contents of a configuration file which could cause another user to execute arbitrary commands.
CVE-2022-22251 In Juniper Networks Junos OS, software permission issues and passwords in Junos OS are vulnerable to local low-privilege attacks.
CVE-2022-22246 An LFI vulnerability in the J-Web component of Juniper Networks Junos OS may allow a low-privileged attacker to execute an untrusted PHP file.
CVE-2022-22243 An XPath Injection vulnerability in the J-Web component of Juniper Networks Junos OS allows an attacker to add an XPath command, which may lead to other vulnerabilities.
CVE-2022-22240 Allocates resources without limits or throttling, and releases memory after an effective lifetime. Local auth required.
CVE-2022-22239 An attacker with low privileges can escalate their privileges on the device and potentially remote systems of Juniper Networks Junos OS Evolved.
CVE-2022-22238 An attack on the routing protocol daemon (rpd) can cause a Denial of Service.
CVE-2022-22241 An IAV vulnerability in the J-Web component of Juniper Networks Junos OS may allow an unauthenticated attacker to access data.
CVE-2022-22236 An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway of Juniper Networks Junos OS on SRX and MX allows an unauthenticated, network-based attacker to cause a Denial of Service.
CVE-2022-22249 An attacker can cause a Denial of Service through the PFE of Juniper Networks Junos OS on MX Series.
CVE-2022-22235 An improper check in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause Denial of Service.
CVE-2022-22234 An attacker with low privileges can cause a Denial of Service in the Junos Packet Forwarding Engine.
CVE-2022-22232 A NULL Pointer Dereference vulnerability in the Packet Forwarding Engine of Juniper Networks Junos OS on SRX Series can cause a Denial of Service.
CVE-2022-22230 Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Junos OS Evolved can be DoSed with an adjacent unauthenticated attacker.
CVE-2022-22225 An attacker with an established BGP session can cause a Denial of Service in Routing Protocol Daemon of Juniper Networks Junos OS and Junos OS Evolved.
CVE-2022-22224
CVE-2022-22219 An attacker in direct control of a BGP client, or via a machine in the middle, can cause Juniper Networks Junos OS and Junos OS Evolved to mishandle EVPN routes.
CVE-2022-22201 The validation of Index, Position, or Offset in Junos Packet Forwarding Engine is vulnerable to Denial of Service.
CVE-2022-22192 The PTX series of Juniper Networks Junos OS is vulnerable to an attack that causes a Denial of Service.
CVE-2022-22228 An attacker can cause an RPD memory leak, which leads to a DoS.
CVE-2022-22227 The Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved has an Improper Check for Unusual or Exceptional Conditions vulnerability that allows a network-based attacker to cause a DoS.
CVE-2022-22211 FPC resources of Juniper Networks Junos OS Evolved on PTX Series can be compromised to cause a Denial of Service.
CVE-2022-22223 QFX10000 Series devices using Juniper Networks Junos OS as transit IP/MPLS PHP nodes with LAG interfaces can have input validation issues.
CVE-2022-3569 ZCS has a local privilege escalation vulnerability in versions 9.0.0 and prior, where the 'zimbra' user can coerce postfix into running arbitrary commands as 'root'.
CVE-2020-8973 TPS200 NG in 2.00 and 1.01 firmware doesn't accept specially constructed requests.
CVE-2020-8976 The ZGR TPS200 NG integrated server on 2.00 firmware and 1.01 hardware allows a remote attacker to perform actions as the victim user.
CVE-2020-8975 TPS200 NG in 2.00 and 1.01 firmware versions allows remote attackers with access to the web application to access sensitive information about the system.
CVE-2020-8974 The firmware upload in ZGR TPS200 NG 2.00 and 1.01 doesn't have restrictions.
CVE-2022-40606 In 4.1.0, XSS in the Operations tab and Debrief plugin is possible via a crafted operation name. This is different than CVE-2022-40605.
CVE-2022-42147 kkFileView 4.0 is vulnerable to Cross Site Scripting (XSS) via controller\ Filecontroller.java.
CVE-2022-41431 The component /admin/question/edit in xzs v3.8.0 had an XSS flaw.
CVE-2022-3382 The Robot System Software version 3.3.21.9869 has an error that handles terminated commands.
CVE-2022-3517 A vulnerability was found in the minimatch package
CVE-2022-3565 A critical vulnerability was found in the Linux Kernel function del_timer of the Bluetooth component. Using this issue leads to use after free.
CVE-2022-3566 A vulnerability was found in Linux Kernel TCP Handler which leads to a race condition.
CVE-2022-32176 V2.5.1-v2.5.3b are vulnerable to Unrestricted File Upload that leads to execution of javascript code through the "Compress Upload" functionality.
CVE-2022-40055 Brute force attack can escalate privileges in GX Group GPON ONT 2122A T2122-V1.26EXL.
CVE-2022-42029 Chamilo 1.11.16 is vulnerable to authenticated local file inclusion. This can be exploited to copy/move files from anywhere in the file system into the web directory.
CVE-2022-41751 Jhead 3.06.0.1 allows attackers to execute arbitrary OS commands by placing commands in a JPEG filename and using the regeneration option.
CVE-2022-2592 Snippet descriptions in GitLab CE/EE prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 have a lack of length validation which can be abused by attackers to create maliciously large Snippets.
CVE-2022-3288 The branch/tag name confusion in GitLab CE/EE older than 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows attackers to manipulate pages where the default branch would be expected.
CVE-2022-3291 Data in GitLab EE older than 15.2.5, 15.3.4, and 15.4.1 can be leaked via the cache.
CVE-2022-2630 An access control issue in GitLab CE/EE older than 15.2.4 and 15.3.2 that allows disclosure of confidential information via the Incident timeline events.
CVE-2022-2865 An issue with cross-site scripting has been found in GitLab CE/EE prior to 15.3.2, 15.2 to 15.2.4, and 15.1.6.
CVE-2022-2533 An issue was discovered in GitLab before 12.10, 15.2, 15.3, and 15.4.
CVE-2022-3351 Issue in 13.7, 15.3.4, 15.4.1, and earlier versions.
CVE-2022-3331 An issue was found in GitLab EE versions before 15.2.4, 15.3.2, and 14.5 before 15.1.6.
CVE-2022-2908 An attack in Gitlab CE/EE versions starting from 10.7 before 15.1.5, 15.2 before 15.2.3, and 15.3 before 15.3.1 could result in high CPU usage.
CVE-2022-2931 A DOS vulnerability was discovered in GitLab before 15.1.6, 15.2.4, 15.3.2.
CVE-2022-2428 An attacker can make HTTP requests as a tag in the Jupyter Notebook viewer in GitLab EE/CE before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 is affected.
CVE-2022-3293 Email addresses were leaked in WebHook logs in GitLab EE prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.
CVE-2022-3330 An inaccessible note in Gitlab CE/EE can affect all versions 15.0-15.2.5, 15.3-15.3.4, and 15.4-15.4.1.
CVE-2022-2455 The business logic of handling large repositories in GitLab before 15.1.6, 15.2.4, and 15.3.2 allowed an authenticated and authorized user to access sensitive data.
CVE-2019-14841 An attacker can change their role in the RHDM.
CVE-2020-35539 Wordpress 5.1 has a security flaw that leaks client IP address in X-Forwarded-For header.
CVE-2022-3060 An authenticated attacker can create content in Error Tracking in GitLab CE/EE that could cause a victim to make unintended requests.
CVE-2022-3066 An issue was discovered in GitLab starting from 10.0 before 15.2.5, 15.3 before 15.3.4, 15.4 before 15.4.1.
CVE-2022-42221 The R6400 v1.1.0.114_1.0.1 router has an Incorrect Access Control vulnerability, which is a command injection vulnerability.
CVE-2022-42167 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetFirewallCfg.
CVE-2022-42237 An SQL injection issue in Merchandise Online Store v.1.0 allows attackers to log in to the admin account.
CVE-2022-41542 devhub 0.102.0 was discovered to contain a broken session control.
CVE-2022-3550 An issue in X.org Server was found, which involves the function _GetCountedString of xkb.c. The manipulation leads to a buffer overflow, which is recommended to fix.
CVE-2022-42165 Tenda AC10 V15.03.06.23 contains a Stack overflow vulnerability via /goform/formSetDeviceName.
CVE-2022-3555 X.org libX11 has a vulnerability. Manipulation of the argument dpy leads to memory leak.
CVE-2022-3554 X.org libX11 has a vulnerability that leaks memory.
CVE-2022-3543 A vulnerability in the Linux Kernel was found, which affects the function unix_sock_destructor/unix_release_sock of the file net/unix/af_unix.c. The vulnerability leads to a memory leak.
CVE-2022-3546 The component Create User Handler has a vulnerability that allows for some unknown functionality to be accessed. This could be used to steal user information.
CVE-2022-3541 A critical Linux Kernel vulnerability has been found, affecting the function spl2sw_nvmem_get_mac_address of the file drivers/net/ethernet/sunplus/spl2sw_driver.c of the component BPF. The manipulation leads to use after free.
CVE-2022-3139 We're Open! plugin before 1.42 has settings that could allow high privilege users to perform Stored Cross-site Scripting attacks.
CVE-2022-3542 An issue with the bnx2x_tpa_stop function of the BPF driver is found in the Linux Kernel. The vulnerability leads to a memory leak.
CVE-2022-39052 An external attacker can send a malicious email that can crash the system.
CVE-2022-3531 A vulnerability was found in Linux Kernel, which is classified as problematic. The manipulation leads to memory leak.
CVE-2022-3533 An issue was found in the Linux Kernel. It is rated as problematic. The function parse_usdt_arg of the file tools/lib/bpf/usdt.c has a memory leak when the argument reg_name is manipulated.
CVE-2022-3534 A critical vulnerability has been found in the Linux Kernel's btf_dump_name_dups function. It can lead to use after free.
CVE-2022-3281 WAGO PFC100/200, Touch Panel 600, CC100 and Edge Controller are prone to a loss of MAC-Address-Filtering after reboot.
CVE-2022-2052 Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords
CVE-2022-42983 Spoofing JWT Tokens allows attackers to bypass login authentication.
CVE-2022-42975 socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding
CVE-2022-3527 a vulnerability in Linux kernel, which affects ipneigh_get function of ip/ipneigh.c component of iproute2. Manipulation leads to memory leak.
CVE-2022-3530 An issue was found in the Linux kernel ip/ipaddress.c function ipaddr_link_get and leads to memory leak.
CVE-2022-3521 A vulnerability has been found in Linux Kernel and is classified as problematic. The kcm_tx_work function of the net/kcm/kcmsock.c component kcm can be manipulated to lead to a race condition.
CVE-2022-3523 The Linux Kernel was found to have a vulnerability. The vulnerability is in mm/memory.c of the Driver Handler component. The vulnerability causes use after free.
CVE-2022-3524 An issue was found in the Linux Kernel IPv6 renewal functionality. A memory leak vulnerability can be triggered by sending a specially crafted packet.
CVE-2022-42969 The py library through 1.11.0 for Python lets attackers conduct a ReDoS attack via a Subversion repository with crafted info data.
CVE-2022-41323 In Django 3.2.x before 3.2.16, 4.0.x before 4.0.8, and 4.1.x before 4.1.2,
CVE-2022-42968 Gitea before 1.17.3 does not sanitize and escape refs in the git backend
CVE-2017-20149 The Mikrotik RouterOS web server can be vulnerable to memory corruption, aka Chimay-Red, if a remote and unauthenticated user sends a crafted HTTP request.
CVE-2022-41436 An issue in TP50 OXH1.50 allows unauthenticated attackers to access the administrative panel via the URL http://device_ip/index1.html.
CVE-2022-39311 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-39309 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-38445 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-39310 GoCD automates the build-test-release cycle for continuous delivery of your product.
CVE-2022-35691 Adobe Acrobat versions 22.002.20212 and earlier are affected by a NULL Pointer Dereference vulnerability.
CVE-2022-42340 Adobe ColdFusion versions Update 14 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read.
CVE-2022-38422 ColdFusion versions Update 14 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory vulnerability. This could result in information disclosure.
CVE-2022-38443 Dimension 3.4.5 is vulnerable to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could exploit this vulnerability to bypass ASLR.
CVE-2022-38446 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-35698 Adobe Commerce versions 2.4.4-p1 and 2.4.5 are affected by a Stored XSS vulnerability.
CVE-2022-38448 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38447 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38442 Adobe Dimension versions 3.4.5 is vulnerable to a Use After Free vulnerability that could result in arbitrary code execution in the user's context.
CVE-2022-38418 ColdFusion versions Update 14 and earlier are affected by an 'Improper Limitation of a Pathname to a Restricted Directory' vulnerability that could allow arbitrary code execution.
CVE-2022-35712 ColdFusion versions Update 14 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could compromise the user's system.
CVE-2022-38424: Uncovering a Path Traversal Vulnerability in Adobe ColdFusion and How to Protect Your Systems
CVE-2022-38697 In messaging service, there is a missing permission check
CVE-2022-39080 In messaging service, there is a missing permission check
CVE-2022-39105 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39108 In Music service, there is a missing permission check
CVE-2022-39110 In Music service, there is a missing permission check
CVE-2022-39109 In Music service, there is a missing permission check
CVE-2022-39112 In Music service, there is a missing permission check
CVE-2022-41477 A security issue was discovered in WeBid <=1.2.2
CVE-2022-38672 In face detect driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38673 In face detect driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39107 In Soundrecorder service, there is a missing permission check
CVE-2022-38671 In camera driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39111 In Music service, there is a missing permission check
CVE-2022-38679 In music service, there is a missing permission check
CVE-2022-38677 In cell service, there is a missing permission check
CVE-2022-39128 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39126 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39123 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39124 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39120 In sensor driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-38670 In soundrecorder service, there is a missing permission check
CVE-2022-2984 In jpg driver, there is a possible out of bounds write due to a missing bounds check
CVE-2022-39115 In Music service, there is a missing permission check
CVE-2022-2963 A vulnerability found in jasper
CVE-2022-2850 An attacker can exploit a NULL pointer dereference in the Content Synchronization plugin to cause a denial of service.
CVE-2021-27406 An attacker can take advantage of versions 1.4.1.0 and earlier to send a config command from the local host to force the back-end server to initialize a new openVPN instance.
CVE-2022-42234 There is a file inclusion vulnerability in the template management module in UCMS 1.6
CVE-2022-41307 Malicious PKT file could lead to memory corruption vulnerability by read access violation.
CVE-2022-41306 Malicious PCT file could lead to memory corruption vulnerability by write access violation.
CVE-2022-41302 An OOB vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure.
CVE-2022-41304 An OOB write vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution or information disclosure.
CVE-2022-20397 An out of bounds write in SitRilClient_OnResponse could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-38980 The HwAirlink module has a heap overflow vulnerability in processing data packets of the proprietary protocol. Successful exploitation may allow attackers to obtain process control permissions.
CVE-2022-38981 The HwAirlink module has an out-of-bounds read vulnerability. Successful exploitation may cause information leakage.
CVE-2022-38977 The HwAirlink module has a heap overflow vulnerability. Successful exploitation may cause out-of-bounds writes, which may lead to modification of sensitive data.
CVE-2022-38985 The facial recognition module has a vulnerability in input validation, which may affect data confidentiality.
CVE-2022-41581 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-39065 An unresponsive TRÅDFRI gateway can make connected lighting controls non-functional.
CVE-2022-41578 The MPTCP module has an out-of-bounds write vulnerability. Successful exploitation may lead to privilege escalation attacks.
CVE-2022-41585 The kernel module has an out-of-bounds read vulnerability. Successful exploitation may cause memory overwriting.
CVE-2022-41582 The security module has configuration defects, which may affect system availability.
CVE-2022-41589 The DFX unwind stack has a vulnerability in interface calling that affects system services and device availability.
CVE-2022-41584 The kernel module has an out-of-bounds read vulnerability. Successful exploitation may cause memory overwriting.
CVE-2022-41580 The HW_KEYMASTER module has a vulnerability of not verifying data read. Successful exploitation may cause malicious construction of data and out-of-bounds access.
CVE-2022-42067 The birth certificate management system version 1.0 has an IDOR vulnerability.
CVE-2021-46840 The HW_KEYMASTER module has an out-of-bounds access vulnerability in parameter set verification. Successful exploitation may cause malicious construction of data, which results in out-of-bounds access.
CVE-2022-38998 The HISP module has a vulnerability where it doesn't verify data in kernel space and can lead to an out-of-bounds read, affecting data confidentiality.
CVE-2022-41577 The kernel server has a vulnerability of not verifying the length of data transferred in the user space, which may cause an out-of-bounds read and device confidentiality and availability.
CVE-2022-41592 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41603 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41601 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41598 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41593 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41600 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-41602 The phones have the fingerprint vulnerability. Successful exploitation may affect the fingerprint service.
CVE-2022-42071 The CMS version 1.0 has a XSS vulnerability.
CVE-2022-42464 OpenHarmony 3.1.2 and prior versions have a Kernel memory pool override vulnerability in /dev/mmz_userdev device driver. The impact depends on the privileges of the attacker.
CVE-2022-42488 OpenHarmony has a permission validation vulnerability in the param service of the startup subsystem.
CVE-2022-42069 A birth certificate management system version 1.0 has a XSS vulnerability.
CVE-2022-2879 Read doesn't limit the maximum size of file headers. This can lead to memory exhaustion or crashes.
CVE-2022-28760 On-Premise Meeting Connector MMR 4.8.20220815 contains an improper access control vulnerability.
CVE-2022-35056 An attacker could exploit a heap buffer overflow in OTFCC commit 617837b to compromise the user's system.
CVE-2022-35049 The commit 617837b of OTFCC was discovered to contain a heap buffer overflow.
CVE-2022-35048 An attacker can overflow a buffer with 0x6B0B2C in OTFCC commit 617837b to crash the application.
CVE-2022-35050 An attacker sent a 0x6b04de heap buffer overflow to commit 617837b in order to gain remote code execution.
CVE-2022-35054 Heap buffer overflow in OTFCC commit 617837b was discovered to be vulnerable.
CVE-2022-35045 An attacker could overflow a heap buffer in otfccdump via /release-x64/otfccdump+0x6b0d63.
CVE-2022-35040 An attacker could overflow a heap buffer with OTFCC-Dump's /release-x64 command.
CVE-2022-35059 An overflow was discovered in OTFCC commit 617837b that was used in an exploit.
Notag posts