‼ CVE-2022-32742 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2464 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. Crafted malicious files can allow an attacker to traverse the file system when opened by ISaGRAF Workbench. If successfully exploited, an attacker could overwrite existing files and create additional files with the same permissions of the ISaGRAF Workbench software. User interaction is required for this exploit to be successful.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2463 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Path Traversal vulnerability. A crafted malicious .7z exchange file may allow an attacker to gain the privileges of the ISaGRAF Workbench software when opened. If the software is running at the SYSTEM level, then the attacker will gain admin level privileges. User interaction is required for this exploit to be successful.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2465 ‼
📖 Read
via "National Vulnerability Database".
Rockwell Automation ISaGRAF Workbench software versions 6.0 through 6.6.9 are affected by a Deserialization of Untrusted Data vulnerability. ISaGRAF Workbench does not limit the objects that can be deserialized. This vulnerability allows attackers to craft a malicious serialized object that, if opened by a local user in ISaGRAF Workbench, may result in remote code execution. This vulnerability requires user interaction to be successfully exploited.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20865 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The attacker would need to have Administrator privileges on the device. This vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37952 ‼
📖 Read
via "National Vulnerability Database".
A reflected cross-site scripting (XSS) vulnerability exists in the iHistorian Data Display of WorkstationST (<v07.09.15) could allow an attacker to compromise a victim's browser. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37953 ‼
📖 Read
via "National Vulnerability Database".
An HTTP response splitting vulnerability exists in the AM Gateway Challenge-Response dialog of WorkstationST (<v07.09.15) and could allow an attacker to compromise a victim's browser/session. WorkstationST is only deployed in specific, controlled environments rendering attack complexity significantly higher than if the attack were conducted on the software in isolation. WorkstationST v07.09.15 can be found in ControlST v07.09.07 SP8 and greater.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36358 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SEO Scout plugin <= 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27797 ‼
📖 Read
via "National Vulnerability Database".
An invalid memory address reference was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36701 ‼
📖 Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/view_item.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36700 ‼
📖 Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /items/manage_item.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-27802 ‼
📖 Read
via "National Vulnerability Database".
An floating point exception was discovered in the elf_lookup function in p_lx_elf.cpp in UPX 4.0.0 via a crafted Mach-O file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2980 ‼
📖 Read
via "National Vulnerability Database".
NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0258.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3929 ‼
📖 Read
via "National Vulnerability Database".
A DMA reentrancy issue was found in the NVM Express Controller (NVME) emulation in QEMU. This CVE is similar to CVE-2021-3750 and, just like it, when the reentrancy write triggers the reset function nvme_ctrl_reset(), data structs will be freed leading to a use-after-free issue. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition or, potentially, executing arbitrary code within the context of the QEMU process on the host.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2982 ‼
📖 Read
via "National Vulnerability Database".
Use After Free in GitHub repository vim/vim prior to 9.0.0259.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2997 ‼
📖 Read
via "National Vulnerability Database".
Session Fixation in GitHub repository snipe/snipe-it prior to 6.0.10.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35937 ‼
📖 Read
via "National Vulnerability Database".
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36699 ‼
📖 Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /categories/manage_category.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35938 ‼
📖 Read
via "National Vulnerability Database".
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36703 ‼
📖 Read
via "National Vulnerability Database".
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /stocks/manage_stockin.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-23210 ‼
📖 Read
via "National Vulnerability Database".
A floating point exception (divide-by-zero) issue was discovered in SoX in functon read_samples() of voc.c file. An attacker with a crafted file, could cause an application to crash.📖 Read
via "National Vulnerability Database".