‼ CVE-2022-2145 ‼
📖 Read
via "National Vulnerability Database".
Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31229 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, 8.2.x through 9.3.0.x, contain an error message with sensitive information. An administrator could potentially exploit this vulnerability, leading to disclosure of sensitive information. This sensitive information can be used to access sensitive resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31230 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.2.x, contain broken or risky cryptographic algorithm. A remote unprivileged malicious attacker could potentially exploit this vulnerability, leading to full system access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31106 ‼
📖 Read
via "National Vulnerability Database".
Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31056 ‼
📖 Read
via "National Vulnerability Database".
GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all assistance forms (Ticket/Change/Problem) permit sql injection on the actor fields. This issue has been resolved in version 10.0.2 and all affected users are advised to upgrade.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31108 ‼
📖 Read
via "National Vulnerability Database".
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. An attacker is able to inject arbitrary `CSS` into the generated graph allowing them to change the styling of elements outside of the generated graph, and potentially exfiltrate sensitive information by using specially crafted `CSS` selectors. The following example shows how an attacker can exfiltrate the contents of an input field by bruteforcing the `value` attribute one character at a time. Whenever there is an actual match, an `http` request will be made by the browser in order to "load" a background image that will let an attacker know what's the value of the character. This issue may lead to `Information Disclosure` via CSS selectors and functions able to generate HTTP requests. This also allows an attacker to change the document in ways which may lead a user to perform unintended actions, such as clicking on a link, etc. This issue has been resolved in version 9.1.3. Users are advised to upgrade. Users unable to upgrade should ensure that user input is adequately escaped before embedding it in CSS blocks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31885 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2231 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository vim/vim prior to 8.,2.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3433 ‼
📖 Read
via "National Vulnerability Database".
Invalid channel map in CONNECT_IND results to Deadlock. Zephyr versions >= v2.5.0 Improper Check or Handling of Exceptional Conditions (CWE-703). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3c2f-w4v6-qxrp📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3430 ‼
📖 Read
via "National Vulnerability Database".
Assertion reachable with repeated LL_CONNECTION_PARAM_REQ. Zephyr versions >= v1.14 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-46h3-hjcq-2jjr📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3432 ‼
📖 Read
via "National Vulnerability Database".
Invalid interval in CONNECT_IND leads to Division by Zero. Zephyr versions >= v1.14.0 Divide By Zero (CWE-369). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7364-p4wc-8mj4📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2246 ‼
📖 Read
via "National Vulnerability Database".
Prototype Pollution in GitHub repository clever/underscore.deep prior to 0.5.3.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3431 ‼
📖 Read
via "National Vulnerability Database".
Assertion reachable with repeated LL_FEATURE_REQ. Zephyr versions >= v2.5.0 contain Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7548-5m6f-mqv9📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31886 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3435 ‼
📖 Read
via "National Vulnerability Database".
Information leakage in le_ecred_conn_req(). Zephyr versions >= v2.4.0 Use of Uninitialized Resource (CWE-908). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-xhg3-gvj6-4rqh📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3434 ‼
📖 Read
via "National Vulnerability Database".
Stack based buffer overflow in le_ecred_conn_req(). Zephyr versions >= v2.5.0 Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-8w87-6rfp-cfrm📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31883 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24444 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/framework through 4.10 allows Session Fixation.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-19897 ‼
📖 Read
via "National Vulnerability Database".
A reflected Cross Site Scripting (XSS) in wuzhicms v4.1.0 allows remote attackers to execute arbitrary web script or HTML via the imgurl parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31884 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31887 ‼
📖 Read
via "National Vulnerability Database".
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.📖 Read
via "National Vulnerability Database".