βΌ CVE-2021-32505 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.π Read
via "National Vulnerability Database".
βΌ CVE-2021-32435 βΌ
π Read
via "National Vulnerability Database".
Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors.π Read
via "National Vulnerability Database".
βΌ CVE-2021-3698 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully, regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality.π Read
via "National Vulnerability Database".
βΌ CVE-2021-44625 βΌ
π Read
via "National Vulnerability Database".
A Buffer Overflow vulnerability exists in TP-LINK WR-886N 20190826 2.3.8 in /cloud_config/cloud_device/info interface, which allows a malicious user to executee arbitrary code on the system via a crafted post request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0433 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40056 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability of copying input buffer without checking its size in the video framework. Successful exploitation of this vulnerability may affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25830 βΌ
π Read
via "National Vulnerability Database".
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the logπ Read
via "National Vulnerability Database".
βΌ CVE-2021-28488 βΌ
π Read
via "National Vulnerability Database".
Ericsson Network Manager 20.2 has Insecure Permissions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24608 βΌ
π Read
via "National Vulnerability Database".
Luocms v2.0 is affected by Cross Site Scripting (XSS) in /admin/news/sort_add.php and /inc/function.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-25225 βΌ
π Read
via "National Vulnerability Database".
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation (PostgreSQL) by exploiting this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21132 βΌ
π Read
via "National Vulnerability Database".
Directory traversal vulnerability in pfSense-pkg-WireGuard pfSense-pkg-WireGuard 0.1.5 versions prior to 0.1.5_4 and pfSense-pkg-WireGuard 0.1.6 versions prior to 0.1.6_1 allows a remote authenticated attacker to lead a pfSense user to view a file outside the public folder.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33293 βΌ
π Read
via "National Vulnerability Database".
Panorama Tools libpano13 v2.9.20 was discovered to contain an out-of-bounds read in the function panoParserFindOLine() in parser.c.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0856 βΌ
π Read
via "National Vulnerability Database".
libcaca is affected by a Divide By Zero issue via img2txt, which allows a remote malicious user to cause a Denial of Serviceπ Read
via "National Vulnerability Database".
βΌ CVE-2022-26355 βΌ
π Read
via "National Vulnerability Database".
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been configured to store a registration authority certificate's private key in a Trusted Platform Module (TPM) to incorrectly store that key in the Microsoft Software Key Storage Provider (MSKSP). This issue only occurs if PowerShell was used when configuring FAS to store the registration authority certificateΓ’β¬β’s private key in the TPM. It does not occur if the TPM was not selected for use or if the FAS administration console was used for configuration.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24605 βΌ
π Read
via "National Vulnerability Database".
Luocms v2.0 is affected by SQL Injection in /admin/link/link_ok.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-42854 βΌ
π Read
via "National Vulnerability Database".
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/plugin/pmx" API. The affected endpoint does not have any input validation of the user's input that allows a malicious payload to be injected.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21158 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting vulnerability in marktext versions prior to v0.17.0 due to improper handling of the link (with javascript: scheme) inside the document may allow an attacker to execute an arbitrary script on the PC of the user using marktext.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26520 βΌ
π Read
via "National Vulnerability Database".
** DISPUTED ** In pgjdbc before 42.3.3, an attacker (who controls the jdbc URL or properties) can call java.util.logging.FileHandler to write to arbitrary files through the loggerFile and loggerLevel connection properties. An example situation is that an attacker could create an executable JSP file under a Tomcat web root. NOTE: the vendor's position is that there is no pgjdbc vulnerability; instead, it is a vulnerability for any application to use the pgjdbc driver with untrusted connection properties.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40060 βΌ
π Read
via "National Vulnerability Database".
There is a heap-based buffer overflow vulnerability in the video framework. Successful exploitation of this vulnerability may affect availability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-24930 βΌ
π Read
via "National Vulnerability Database".
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permissionπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25816 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authenticationπ Read
via "National Vulnerability Database".