‼ CVE-2021-44055 ‼
📖 Read
via "National Vulnerability Database".
An missing authorization vulnerability has been reported to affect QNAP device running Video Station. If exploited, this vulnerability allows remote attackers to access data or perform actions that they should not be allowed to perform. We have already fixed this vulnerability in the following versions of Video Station: Video Station 5.5.9 ( 2022/02/16 ) and later📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38423 ‼
📖 Read
via "National Vulnerability Database".
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-38433 ‼
📖 Read
via "National Vulnerability Database".
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27875 ‼
📖 Read
via "National Vulnerability Database".
On F5 Access for Android 3.x versions prior to 3.0.8, a Task Hijacking vulnerability exists in the F5 Access for Android application, which may allow an attacker to steal sensitive user information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29474 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at least guest role privileges to read wsdl files in the BIG-IP file system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29502 ‼
📖 Read
via "National Vulnerability Database".
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28120 ‼
📖 Read
via "National Vulnerability Database".
Beijing Runnier Network Technology Co., Ltd Open virtual simulation experiment teaching management platform software 2.0 has a file upload vulnerability, which can be exploited by an attacker to gain control of the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29592 ‼
📖 Read
via "National Vulnerability Database".
Tenda TX9 Pro 22.03.02.10 devices allow OS command injection via set_route (called by doSystemCmd_route).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27189 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, when an Internet Content Adaptation Protocol (ICAP) profile is configured on a virtual server, undisclosed traffic can cause an increase in Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27636 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, BIG-IP Edge Client may log sensitive APM session-related information when VPN is launched on a Windows system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28714 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP APM 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, as well as F5 BIG-IP APM Clients 7.x versions prior to 7.2.1.5, a DLL Hijacking vulnerability exists in the BIG-IP Edge Client Windows Installer. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28080 ‼
📖 Read
via "National Vulnerability Database".
Royal Event Management System v1.0 was discovered to contain a SQL injection vulnerability via the todate parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28706 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2 and 15.1.x versions prior to 15.1.5.1, when the DNS resolver configuration is used, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28705 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, on platforms with an ePVA and the pva.fwdaccel BigDB variable enabled, undisclosed requests to a virtual server with a FastL4 profile that has ePVA acceleration enabled can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28859 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 15.1.x versions prior to 15.1.5.1 and 14.1.x versions prior to 14.1.4.6, when installing Net HSM, the scripts (nethsm-safenet-install.sh and nethsm-thales-install.sh) expose the Net HSM partition password. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28708 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2 and 15.1.x versions prior to 15.1.5.1, when a BIG-IP DNS resolver-enabled, HTTP-Explicit or SOCKS profile is configured on a virtual server, an undisclosed DNS response can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28707 ‼
📖 Read
via "National Vulnerability Database".
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, and 14.1.x versions prior to 14.1.4.6, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility (also referred to as the BIG-IP TMUI) that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28530 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester Covid-19 Directory on Vaccination System 1.0 is vulnerable to SQL Injection via cmdcategory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29501 ‼
📖 Read
via "National Vulnerability Database".
SchedMD Slurm 21.08.x through 20.11.x has Incorrect Access Control that leads to Escalation of Privileges and code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27880 ‼
📖 Read
via "National Vulnerability Database".
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27662 ‼
📖 Read
via "National Vulnerability Database".
On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Template Injection vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute template language-specific instructions in the context of the server. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated📖 Read
via "National Vulnerability Database".