CVE-2022-35415 An input validation in NI SysConfigMgr prior to 22.5 may allow a privileged user to enable escalation of privilege via local access.
When configuring a task sequence to install Windows, an administrator may inadvertently allow local access to an application that is installed from a local source.
CVE-2022-36074 The affected versions of the affected package are vulnerable to Information Exposure, which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise.
It is critical that the Nextcloud server is maintained and kept up to date with the latest security fixes. Also, make sure the server is
CVE-2022-40642 Ansys SpaceClaim 2022 R1 is vulnerable to remote attackers executing arbitrary code.
Intrusion Prevention Systems (IPS) that are enabled for remote connections or that are monitoring the traffic to and from the system may block the attacker
CVE-2022-38860 The MPlayer Project is vulnerable to a Divide By Zero flaw in function demux_open_avi of libmpdemux/demux_avi.c which affects mencoder.
When demux_open_avi() is called from mencoder, it will cause an access violation if an invalid file is passed. This can be exploited by
CVE-2022-29649 Qsmart Next v4.1.2 was discovered to contain a cross-site scripting (XSS) vulnerability.
When users receive a maliciously crafted request, XSS can occur in the following ways:
In the above example, the user’s session information is transmitted
Episode
00:00:00
00:00:00