βΌ CVE-2022-38881 βΌ
π Read
via "National Vulnerability Database".
The d8s-archives for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35703 βΌ
π Read
via "National Vulnerability Database".
Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29908 βΌ
π Read
via "National Vulnerability Database".
The folioupdate service in Fabasoft Cloud Enterprise Client 22.4.0043 allows Local Privilege Escalation.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35705 βΌ
π Read
via "National Vulnerability Database".
Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40431 βΌ
π Read
via "National Vulnerability Database".
The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40432 βΌ
π Read
via "National Vulnerability Database".
The d8s-strings for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-hypothesis package. The affected version is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40430 βΌ
π Read
via "National Vulnerability Database".
The d8s-utility for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. The affected version is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38425 βΌ
π Read
via "National Vulnerability Database".
Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37203 βΌ
π Read
via "National Vulnerability Database".
JFinal CMS 5.1.0 is vulnerable to SQL Injection. These interfaces do not use the same component, nor do they have filters, but each uses its own SQL concatenation method, resulting in SQL injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38333 βΌ
π Read
via "National Vulnerability Database".
Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38882 βΌ
π Read
via "National Vulnerability Database".
The d8s-json for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38884 βΌ
π Read
via "National Vulnerability Database".
The d8s-grammars for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35706 βΌ
π Read
via "National Vulnerability Database".
Adobe Bridge version 12.0.2 (and earlier) and 11.1.3 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40234 βΌ
π Read
via "National Vulnerability Database".
Versions of IBM Spectrum Protect Plus prior to 10.1.12 (excluding 10.1.12) include the private key information for a certificate inside the generated .crt file when uploading a TLS certificate to IBM Spectrum Protect Plus. If this generated .crt file is shared, an attacker can obtain the private key information for the uploaded certificate. IBM X-Force ID: 235718.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40139 βΌ
π Read
via "National Vulnerability Database".
Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could allow a Apex One server administrator to instruct affected clients to download an unverified rollback package, which could lead to remote code execution. Please note: an attacker must first obtain Apex One server administration console access in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40140 βΌ
π Read
via "National Vulnerability Database".
An origin validation error vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to cause a denial-of-service on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38764 βΌ
π Read
via "National Vulnerability Database".
A vulnerability on Trend Micro HouseCall version 1.62.1.1133 and below could allow a local attacker to escalate privlieges due to an overly permissive folder om the product installer.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40144 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the productΓ’β¬β’s login authentication by falsifying request parameters on affected installations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40608 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40141 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34893 βΌ
π Read
via "National Vulnerability Database".
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.π Read
via "National Vulnerability Database".