‼ CVE-2022-24915 ‼
📖 Read
via "National Vulnerability Database".
The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be interpreted when a legitimate user accesses the web section where the information is displayed. Injection can be done on specific parameters. The injected code is executed when a legitimate user attempts to upload, copy, download, or delete an existing configuration (Administrative Services).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25814 ‼
📖 Read
via "National Vulnerability Database".
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0891 ‼
📖 Read
via "National Vulnerability Database".
A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash, potential information disclosure or any other context-dependent impact📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32006 ‼
📖 Read
via "National Vulnerability Database".
This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. Permission Issues vulnerability in LinkManager web portal of Secomea GateManager allows logged in LinkManager user to access stored SiteManager backup files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24601 ‼
📖 Read
via "National Vulnerability Database".
Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain sensitive information through SQL injection statements.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44215 ‼
📖 Read
via "National Vulnerability Database".
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26311 ‼
📖 Read
via "National Vulnerability Database".
Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26488 ‼
📖 Read
via "National Vulnerability Database".
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41657 ‼
📖 Read
via "National Vulnerability Database".
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20060 ‼
📖 Read
via "National Vulnerability Database".
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26661 ‼
📖 Read
via "National Vulnerability Database".
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25558 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-25549 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3660 ‼
📖 Read
via "National Vulnerability Database".
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35251 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32505 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32435 ‼
📖 Read
via "National Vulnerability Database".
Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3698 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44625 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0433 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40056 ‼
📖 Read
via "National Vulnerability Database".
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.📖 Read
via "National Vulnerability Database".