‼ CVE-2021-3558 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20058 ‼
📖 Read
via "National Vulnerability Database".
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160485.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34338 ‼
📖 Read
via "National Vulnerability Database".
Ming 0.4.8 has an out-of-bounds buffer overwrite issue in the function getName() in decompiler.c file that causes a direct segmentation fault and leads to denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-42857 ‼
📖 Read
via "National Vulnerability Database".
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) AgentDaServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/da/pcf" API. The affected endpoint does not have any validation of the user's input that allows a malicious payload to be injected.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21170 ‼
📖 Read
via "National Vulnerability Database".
Improper check for certificate revocation in i-FILTER Ver.10.45R01 and earlier, i-FILTER Ver.9.50R10 and earlier, i-FILTER Browser & Cloud MultiAgent for Windows Ver.4.93R04 and earlier, and D-SPA (Ver.3 / Ver.4) using i-FILTER allows a remote unauthenticated attacker to conduct a man-in-the-middle attack and eavesdrop on an encrypted communication.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-43969 ‼
📖 Read
via "National Vulnerability Database".
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection with Out-of-Band Interaction (DNS) and Blind Time-Based SQL Injections. Exploitation can be used to disclose all data within the database (up to and including the administrative accounts' login IDs and passwords) via the login.jsp uname parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20059 ‼
📖 Read
via "National Vulnerability Database".
In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06160781.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24995 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX3 v16.03.12.10_CN was discovered to contain a stack overflow in the function fromSetSysTime. This vulnerability allows attackers to cause a Denial of Service (DoS) via the time parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24606 ‼
📖 Read
via "National Vulnerability Database".
Luocms v2.0 is affected by SQL Injection in /admin/news/sort_ok.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40052 ‼
📖 Read
via "National Vulnerability Database".
There is an incorrect buffer size calculation vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25244 ‼
📖 Read
via "National Vulnerability Database".
Vault Enterprise clusters using the tokenization transform feature can expose the tokenization key through the tokenization key configuration endpoint to authorized operators with `read` permissions on this endpoint. Fixed in Vault Enterprise 1.9.4, 1.8.9 and 1.7.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26102 ‼
📖 Read
via "National Vulnerability Database".
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701, 702, 731, allows an authenticated attacker, to access content on the start screen of any transaction that is available with in the same SAP system even if he/she isn't authorized for that transaction. A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36517 ‼
📖 Read
via "National Vulnerability Database".
An information leak in Nabu Casa Home Assistant Operating System and Home Assistant Supervised 2022.03 allows a DNS operator to gain knowledge about internal network resources via the hardcoded DNS resolver configuration.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24915 ‼
📖 Read
via "National Vulnerability Database".
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25814 ‼
📖 Read
via "National Vulnerability Database".
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0891 ‼
📖 Read
via "National Vulnerability Database".
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32006 ‼
📖 Read
via "National Vulnerability Database".
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24601 ‼
📖 Read
via "National Vulnerability Database".
Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44215 ‼
📖 Read
via "National Vulnerability Database".
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26311 ‼
📖 Read
via "National Vulnerability Database".
Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26488 ‼
📖 Read
via "National Vulnerability Database".
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.📖 Read
via "National Vulnerability Database".