‼ CVE-2021-44215 ‼
📖 Read
via "National Vulnerability Database".
Northern.tech CFEngine Enterprise 3.15.4 before 3.15.5 has Insecure Permissions that may allow unauthorized local users to have an unspecified impact.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26311 ‼
📖 Read
via "National Vulnerability Database".
Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26488 ‼
📖 Read
via "National Vulnerability Database".
In Python before 3.10.3 on Windows, local users can gain privileges because the search path is inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users and enabled PATH entries. A non-administrative user can trigger a repair that incorrectly adds user-writable paths into PATH, enabling search-path hijacking of other users and system services. This affects Python (CPython) through 3.7.12, 3.8.x through 3.8.12, 3.9.x through 3.9.10, and 3.10.x through 3.10.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-41657 ‼
📖 Read
via "National Vulnerability Database".
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20060 ‼
📖 Read
via "National Vulnerability Database".
In preloader (usb), there is a possible permission bypass due to a missing proper image authentication. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06160806; Issue ID: ALPS06137462.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26661 ‼
📖 Read
via "National Vulnerability Database".
An XXE issue was discovered in Tryton Application Platform (Server) 5.x through 5.0.45, 6.x through 6.0.15, and 6.1.x and 6.2.x through 6.2.5, and Tryton Application Platform (Command Line Client (proteus)) 5.x through 5.0.11, 6.x through 6.0.4, and 6.1.x and 6.2.x through 6.2.1. An authenticated user can make the server parse a crafted XML SEPA file to access arbitrary files on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25558 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetProvince. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ProvinceCode parameter.📖 Read
via "National Vulnerability Database".
❤1
‼ CVE-2022-25549 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX1806 v1.0.0.1 was discovered to contain a stack overflow in the function formSetSysToolDDNS. This vulnerability allows attackers to cause a Denial of Service (DoS) via the ddnsEn parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3660 ‼
📖 Read
via "National Vulnerability Database".
Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website, inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35251 ‼
📖 Read
via "National Vulnerability Database".
Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details about the Web Help Desk installation.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32505 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32435 ‼
📖 Read
via "National Vulnerability Database".
Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3698 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44625 ‼
📖 Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0433 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40056 ‼
📖 Read
via "National Vulnerability Database".
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25830 ‼
📖 Read
via "National Vulnerability Database".
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log📖 Read
via "National Vulnerability Database".
‼ CVE-2021-28488 ‼
📖 Read
via "National Vulnerability Database".
Ericsson Network Manager 20.2 has Insecure Permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24608 ‼
📖 Read
via "National Vulnerability Database".
Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25225 ‼
📖 Read
via "National Vulnerability Database".
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21132 ‼
📖 Read
via "National Vulnerability Database".
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder.📖 Read
via "National Vulnerability Database".