‼ CVE-2021-37293 ‼
📖 Read
via "National Vulnerability Database".
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37292 ‼
📖 Read
via "National Vulnerability Database".
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 due to an undocumented backdoor account. A malicious user can log in using the backdor account with admin highest privileges and obtain system control.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37291 ‼
📖 Read
via "National Vulnerability Database".
An SQL Injection vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 ivia the input_id POST parameter in index.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38929 ‼
📖 Read
via "National Vulnerability Database".
IBM System Storage DS8000 Management Console (HMC) R8.5 88.5x.x.x, R9.1 89.1x.0.0, and R9.2 89.2x.0.0 could allow a remote attacker to obtain sensitive information through unpublished URLs. IBM X-Force ID: 210330.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29035 ‼
📖 Read
via "National Vulnerability Database".
In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39068 ‼
📖 Read
via "National Vulnerability Database".
IBM Curam Social Program Management 8.0.1 and 7.0.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 215306.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20071 ‼
📖 Read
via "National Vulnerability Database".
In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20074 ‼
📖 Read
via "National Vulnerability Database".
In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06183301; Issue ID: ALPS06183301.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24815 ‼
📖 Read
via "National Vulnerability Database".
JHipster is a development platform to quickly generate, develop, & deploy modern web applications & microservice architectures. SQL Injection vulnerability in entities for applications generated with the option "reactive with Spring WebFlux" enabled and an SQL database using r2dbc. Applications created without "reactive with Spring WebFlux" and applications with NoSQL databases are not affected. Users who have generated a microservice Gateway using the affected version may be impacted as Gateways are reactive by default. Currently, SQL injection is possible in the findAllBy(Pageable pageable, Criteria criteria) method of an entity repository class generated in these applications as the where clause using Criteria for queries are not sanitized and user input is passed on as it is by the criteria. This issue has been patched in v7.8.1. Users unable to upgrade should be careful when combining criterias and conditions as the root of the issue lies in the `EntityManager.java` class when creating the where clause via `Conditions.just(criteria.toString())`. `just` accepts the literal string provided. Criteria's `toString` method returns a plain string and this combination is vulnerable to sql injection as the string is not sanitized and will contain whatever used passed as input using any plain SQL.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1157 ‼
📖 Read
via "National Vulnerability Database".
Missing sanitization of logged exception messages in all versions prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 of GitLab CE/EE causes potential sensitive values in invalid URLs to be logged📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27573 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24832 ‼
📖 Read
via "National Vulnerability Database".
GoCD is an open source a continuous delivery server. The bundled gocd-ldap-authentication-plugin included with the GoCD Server fails to correctly escape special characters when using the username to construct LDAP queries. While this does not directly allow arbitrary LDAP data exfiltration, it can allow an existing LDAP-authenticated GoCD user with malicious intent to construct and execute malicious queries, allowing them to deduce facts about other users or entries within the LDAP database (e.g alternate fields, usernames, hashed passwords etc) through brute force mechanisms. This only affects users who have a working LDAP authorization configuration enabled on their GoCD server, and only is exploitable by users authenticating using such an LDAP configuration. This issue has been fixed in GoCD 22.1.0, which is bundled with gocd-ldap-authentication-plugin v2.2.0-144.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27570 ‼
📖 Read
via "National Vulnerability Database".
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25789 ‼
📖 Read
via "National Vulnerability Database".
A maliciously crafted DWF, 3DS and DWFX files in Autodesk AutoCAD 2022, 2021, 2020, 2019 can be used to trigger use-after-free vulnerability. Exploitation of this vulnerability may lead to code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28777 ‼
📖 Read
via "National Vulnerability Database".
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36896 ‼
📖 Read
via "National Vulnerability Database".
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Pricing Table (WordPress plugin) versions <= 1.5.2📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27569 ‼
📖 Read
via "National Vulnerability Database".
Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20070 ‼
📖 Read
via "National Vulnerability Database".
In ssmr, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06362920; Issue ID: ALPS06362920.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20065 ‼
📖 Read
via "National Vulnerability Database".
In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40065 ‼
📖 Read
via "National Vulnerability Database".
The communication module has a service logic error vulnerability.Successful exploitation of this vulnerability may affect data confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22255 ‼
📖 Read
via "National Vulnerability Database".
The application framework has a common DoS vulnerability.Successful exploitation of this vulnerability may affect the availability.📖 Read
via "National Vulnerability Database".