βΌ CVE-2022-40028 βΌ
π Read
via "National Vulnerability Database".
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29800 βΌ
π Read
via "National Vulnerability Database".
A time-of-check-time-of-use (TOCTOU) race condition vulnerability was found in networkd-dispatcher. This flaw exists because there is a certain time between the scripts being discovered and them being run. An attacker can abuse this vulnerability to replace scripts that networkd-dispatcher believes to be owned by root with ones that are not.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30577 βΌ
π Read
via "National Vulnerability Database".
The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23950 βΌ
π Read
via "National Vulnerability Database".
In Keylime before 6.3.0, Revocation Notifier uses a fixed /tmp path for UNIX domain socket which can allow unprivileged users a method to prohibit keylime operations.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40026 βΌ
π Read
via "National Vulnerability Database".
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at board.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40219 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SedLex FavIcon Switcher plugin <= 1.2.11 at WordPress allows plugin settings change.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23948 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Keylime before 6.3.0. The logic in the Keylime agent for checking for a secure mount can be fooled by previously created unprivileged mounts allowing secrets to be leaked to other processes on the host.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35621 βΌ
π Read
via "National Vulnerability Database".
Access control vulnerability in Evoh NFT EvohClaimable contract with sha256 hash code fa2084d5abca91a62ed1d2f1cad3ec318e6a9a2d7f1510a00d898737b05f48ae allows remote attackers to execute fraudulent NFT transfers.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29799 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in networkd-dispatcher. This flaw exists because no functions are sanitized by the OperationalState or the AdministrativeState of networkd-dispatcher. This attack leads to a directory traversal to escape from the Γ’β¬Ε/etc/networkd-dispatcherΓ’β¬οΏ½ base directory.π Read
via "National Vulnerability Database".
βΌ CVE-2021-43310 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in Keylime before 6.3.0 allows an attacker to craft a request to the agent that resets the U and V keys as if the agent were being re-added to a verifier. This could lead to a remote code execution.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3252 βΌ
π Read
via "National Vulnerability Database".
Improper detection of complete HTTP body decompression SwiftNIO Extras provides a pair of helpers for transparently decompressing received HTTP request or response bodies. These two objects (HTTPRequestDecompressor and HTTPResponseDecompressor) both failed to detect when the decompressed body was considered complete. If trailing junk data was appended to the HTTP message body, the code would repeatedly attempt to decompress this data and fail. This would lead to an infinite loop making no forward progress, leading to livelock of the system and denial-of-service. This issue can be triggered by any attacker capable of sending a compressed HTTP message. Most commonly this is HTTP servers, as compressed HTTP messages cannot be negotiated for HTTP requests, but it is possible that users have configured decompression for HTTP requests as well. The attack is low effort, and likely to be reached without requiring any privilege or system access. The impact on availability is high: the process immediately becomes unavailable but does not immediately crash, meaning that it is possible for the process to remain in this state until an administrator intervenes or an automated circuit breaker fires. If left unchecked this issue will very slowly exhaust memory resources due to repeated buffer allocation, but the buffers are not written to and so it is possible that the processes will not terminate for quite some time. This risk can be mitigated by removing transparent HTTP message decompression. The issue is fixed by correctly detecting the termination of the compressed body as reported by zlib and refusing to decompress further data. The issue was found by Vojtech Rylko (https://github.com/vojtarylko) and reported publicly on GitHub.π Read
via "National Vulnerability Database".
βΌ CVE-2022-31679 βΌ
π Read
via "National Vulnerability Database".
Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23949 βΌ
π Read
via "National Vulnerability Database".
In Keylime before 6.3.0, unsanitized UUIDs can be passed by a rogue agent and can lead to log spoofing on the verifier and registrar.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40030 βΌ
π Read
via "National Vulnerability Database".
SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40027 βΌ
π Read
via "National Vulnerability Database".
SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23951 βΌ
π Read
via "National Vulnerability Database".
In Keylime before 6.3.0, quote responses from the agent can contain possibly untrusted ZIP data which can lead to zip bombs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36386 βΌ
π Read
via "National Vulnerability Database".
Authenticated Arbitrary Code Execution vulnerability in Soflyy Import any XML or CSV File to WordPress plugin <= 3.6.7 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36383 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Word Search Puzzles game plugin <= 2.0.1 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36390 βΌ
π Read
via "National Vulnerability Database".
Authenticated (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Totalsoft Event Calendar Γ’β¬β Calendar plugin <= 1.4.6 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36365 βΌ
π Read
via "National Vulnerability Database".
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in WHA Crossword plugin <= 1.1.10 at WordPress.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3233 βΌ
π Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.4.6.π Read
via "National Vulnerability Database".