‼ CVE-2022-24885 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28464 ‼
📖 Read
via "National Vulnerability Database".
Apifox through 2.1.6 is vulnerable to Cross Site Scripting (XSS) which can lead to remote code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24889 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 21.0.8, 22.2.4, and 23.0.1, it is possible to trick administrators into enabling "recommended" apps for the Nextcloud server that they do not need, thus expanding their attack surface unnecessarily. This issue is fixed in versions 21.0.8 , 22.2.4, and 23.0.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24887 ‼
📖 Read
via "National Vulnerability Database".
Nextcloud Talk is a video and audio conferencing app for Nextcloud, a self-hosted productivity platform. Prior to versions 11.3.4, 12.2.2, and 13.0.0, when sharing a Deck card in conversation, the metaData can be manipulated so users can be tricked into opening arbitrary URLs. This issue is fixed in versions 11.3.4, 12.2.2, and 13.0.0. There are currently no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27239 ‼
📖 Read
via "National Vulnerability Database".
In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22323 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 218379.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22275 ‼
📖 Read
via "National Vulnerability Database".
Improper Restriction of TCP Communication Channel in HTTP/S inbound traffic from WAN to DMZ bypassing security policy until TCP handshake potentially resulting in Denial of Service (DoS) attack if a target host is vulnerable.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22521 ‼
📖 Read
via "National Vulnerability Database".
In Miele Benchmark Programming Tool with versions Prior to 1.2.71, executable files manipulated by attackers are unknowingly executed by users with administrative privileges. An attacker could thereby obtain higher permissions. The attacker must already have access to the corresponding local system to be able to exchange the files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22312 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Identity Manager (IBM Security Verify Password Synchronization Plug-in for Windows AD 10.x) is vulnerable to a denial of service, caused by a heap-based buffer overflow in the Password Synch Plug-in. An authenticated attacker could exploit this vulnerability to cause a denial of service. IBM X-Force ID: 217369.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38874 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 allows for users to access information across tenant and domain boundaries in some situations. IBM X-Force ID: 208397.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38878 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key exchange without entity authentication. IBM X-Force ID: 208756.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-38939 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 stores potentially sensitive information in log files that could be read by an user with access to creating domains. IBM X-Force ID: 211037.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34590 ‼
📖 Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38919 ‼
📖 Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.3, 7.4, and 7.5 in some senarios may reveal authorized service tokens to other QRadar users. IBM X-Force ID: 210021📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27336 ‼
📖 Read
via "National Vulnerability Database".
Seacms v11.6 was discovered to contain a remote code execution (RCE) vulnerability via the component /admin/weixin.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22277 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in SonicOS SNMP service resulting exposure of Wireless Access Point sensitive information in cleartext.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34591 ‼
📖 Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to Local privilege Escalation. An authenticated attacker could get root access via the suid applications socat, ip udhcpc and ifplugd.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34592 ‼
📖 Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to Command injection via Web interface. An authenticated attacker could enter shell commands into some input fields.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34588 ‼
📖 Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions are prone to unprotected data export. Backup export is protected via a random key. The key is set at user login. It is empty after reboot .📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22278 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in SonicOS CFS (Content filtering service) returns a large 403 forbidden HTTP response message to the source address when users try to access prohibited resource this allows an attacker to cause HTTP Denial of Service (DoS) attack📖 Read
via "National Vulnerability Database".
‼ CVE-2021-34587 ‼
📖 Read
via "National Vulnerability Database".
In Bender/ebee Charge Controllers in multiple versions a long URL could lead to webserver crash. The URL is used as input of an sprintf to a stack variable.📖 Read
via "National Vulnerability Database".