‼ CVE-2022-32320 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) in Ferdi through 5.8.1 and Ferdium through 6.0.0-nightly.98 allows attackers to read files via an uploaded file such as a settings/preferences file.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2021-46784 ‼
📖 Read
via "National Vulnerability Database".
In Squid 3.x through 3.5.28, 4.x through 4.17, and 5.x before 5.6, due to improper buffer management, a Denial of Service can occur when processing long Gopher server responses.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33903 ‼
📖 Read
via "National Vulnerability Database".
Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32985 ‼
📖 Read
via "National Vulnerability Database".
libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40149 ‼
📖 Read
via "National Vulnerability Database".
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root web server directory. In this way an attacker can download the entire key via the /self.key URI.📖 Read
via "National Vulnerability Database".
👏1
‼ CVE-2022-32263 ‼
📖 Read
via "National Vulnerability Database".
Pexip Infinity before 28.1 allows remote attackers to trigger a software abort via G.719.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31202 ‼
📖 Read
via "National Vulnerability Database".
The export function in SoftGuard Web (SGW) before 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31201 ‼
📖 Read
via "National Vulnerability Database".
SoftGuard Web (SGW) before 5.1.5 allows HTML injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31209 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The firmware contains a potential buffer overflow by calling strcpy() without checking the string length beforehand.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28807 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2023.2. An Out-of-Bounds Read vulnerability exists when rendering a .dwg file after it's opened in the recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26482 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. os.system command injection can be achieved by an admin.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28808 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading DWG files in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31211 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. There is a blank root password for TELNET by default.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40150 ‼
📖 Read
via "National Vulnerability Database".
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/ directory that is mapped to a publicly accessible path. In this way an attacker can download the entire NGINX/FastCGI configurations by querying the /conf/nginx.conf or /conf/fastcgi.conf URI.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31210 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Infiray IRAY-A8Z3 1.0.957. The binary file /usr/local/sbin/webproject/set_param.cgi contains hardcoded credentials to the web application. Because these accounts cannot be deactivated or have their passwords changed, they are considered to be backdoor accounts.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28809 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read vulnerability exists when reading a DWG file with an invalid vertex number in a recovery mode. An attacker can leverage this vulnerability to execute code in the context of the current process.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-30982 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Gentics CMS before 5.43.1. There is stored XSS in the profile description and in the username.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31213 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file.📖 Read
via "National Vulnerability Database".
🤯1
‼ CVE-2022-29286 ‼
📖 Read
via "National Vulnerability Database".
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31212 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26479 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file (which can be created via an rsync backdoor) causes all API calls to execute as admin without authentication.📖 Read
via "National Vulnerability Database".