βΌ CVE-2022-40144 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an attacker to bypass the productΓ’β¬β’s login authentication by falsifying request parameters on affected installations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40608 βΌ
π Read
via "National Vulnerability Database".
IBM Spectrum Protect Plus 10.1.6 through 10.1.11 Microsoft File Systems restore operation can download any file on the target machine by manipulating the URL with a directory traversal attack. This results in the restore operation gaining access to files which the operator should not have access to. IBM X-Force ID: 235873.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40141 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Trend Micro Apex One and Apex One as a Service could allow an attacker to intercept and decode certain communication strings that may contain some identification attributes of a particular Apex One server.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34893 βΌ
π Read
via "National Vulnerability Database".
Trend Micro Security 2022 (consumer) has a link following vulnerability where an attacker with lower privileges could manipulate a mountpoint which could lead to escalation of privilege on an affected machine.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40142 βΌ
π Read
via "National Vulnerability Database".
A security link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service agents could allow a local attacker to create a writable folder in an arbitrary location and escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37347 βΌ
π Read
via "National Vulnerability Database".
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-35234.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3213 βΌ
π Read
via "National Vulnerability Database".
A heap buffer overflow issue was found in ImageMagick. When an application processes a malformed TIFF file, it could lead to undefined behavior or a crash causing a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37348 βΌ
π Read
via "National Vulnerability Database".
Trend Micro Security 2021 and 2022 (Consumer) is vulnerable to an Out-Of-Bounds Read Information Disclosure Vulnerability that could allow an attacker to read sensitive information from other memory locations and cause a crash on an affected machine. This vulnerability is similar to, but not the same as CVE-2022-37347.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40143 βΌ
π Read
via "National Vulnerability Database".
A link following local privilege escalation vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service servers could allow a local attacker to abuse an insecure directory that could allow a low-privileged user to run arbitrary code with elevated privileges. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40980 βΌ
π Read
via "National Vulnerability Database".
A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2995 βΌ
π Read
via "National Vulnerability Database".
Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29835 βΌ
π Read
via "National Vulnerability Database".
WD Discovery software executable files were signed with an unsafe SHA-1 hashing algorithm. An attacker could use this weakness to create forged certificate signatures due to the use of a hashing algorithm that is not collision-free. This could thereby impact the confidentiality of user content. This issue affects: Western Digital WD Discovery WD Discovery Desktop App versions prior to 4.4.396 on Mac; WD Discovery Desktop App versions prior to 4.4.396 on Windows.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3239 βΌ
π Read
via "National Vulnerability Database".
A flaw use after free in the Linux kernel video4linux driver was found in the way user triggers em28xx_usb_probe() for the Empia 28xx based TV cards. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28203 βΌ
π Read
via "National Vulnerability Database".
A denial-of-service issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. When many files exist, requesting Special:NewFiles with actor as a condition can result in a very long running query.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28201 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in MediaWiki before 1.35.6, 1.36.x before 1.36.4, and 1.37.x before 1.37.2. Users with the editinterface permission can trigger infinite recursion, because a bare local interwiki is mishandled for the mainpage message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38576 βΌ
π Read
via "National Vulnerability Database".
Interview Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /interview/delete.php?action=deletecand&id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38351 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Suprema Bio Star 2 v2.8.16 allows attackers to escalate privileges to System Administrator via a crafted PUT request to the update profile page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23768 βΌ
π Read
via "National Vulnerability Database".
This Vulnerability in NIS-HAP11AC is caused by an exposed external port for the telnet service. Remote attackers use this vulnerability to induce all attacks such as source code hijacking, remote control of the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28204 βΌ
π Read
via "National Vulnerability Database".
A denial-of-service issue was discovered in MediaWiki 1.37.x before 1.37.2. Rendering of w/index.php?title=Special%3AWhatLinksHere&target=Property%3AP31&namespace=1&invert=1 can take more than thirty seconds. There is a DDoS risk.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23767 βΌ
π Read
via "National Vulnerability Database".
This vulnerability of SecureGate is SQL-Injection using login without password. A path traversal vulnerability is also identified during file transfer. An attacker can take advantage of these vulnerabilities to perform various attacks such as obtaining privileges and executing remote code, thereby taking over the victimΓ’β¬β’s system.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23766 βΌ
π Read
via "National Vulnerability Database".
An improper input validation vulnerability leading to arbitrary file execution was discovered in BigFileAgent. In order to cause arbitrary files to be executed, the attacker makes the victim access a web page d by them or inserts a script using XSS into a general website.π Read
via "National Vulnerability Database".