CVE-2022-40942 Tenda TX3 US_TX3V1.0br_V16.03.13.11 is vulnerable to stack overflow via compare_parentcontrol_time.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. This attack can be accomplished by crafting a malicious
CVE-2022-28853 InDesign versions 16.4.2 and earlier are affected by a out-of-bounds write vulnerability that could lead to arbitrary code execution.
Creative Cloud and subscription users who had installed InDesign versions 16.4.2 or 17.3 are advised to immediately update to the latest version
CVE-2022-37138 The LMS 1.0 is vulnerable to SQL Injection at the login page, which allows attackers to log in as Administrator as username form.
To inject SQL Injection, attacker can send request with SQL statement in the ‘INPUT>’ tag. An attacker can send the following injection request to
CVE-2022-38342 FME Server v2021.2.5, v2022.0.0.2 and older contains a XXE vulnerability which allows attackers to exfiltrate/SSRF data.
An attacker can exploit this vulnerability by sending a specially crafted request to the affected application, causing a denial of service condition for the server
CVE-2022-40323 SysAid Help Desk before 22.1.65 allows XSS in the Password Services module, aka FR# 67241.
This was addressed in 22.1.66.13 and later. Cisco WebEx Teams does not support the use of XSS in any of its components.
Episode
00:00:00
00:00:00