βΌ CVE-2022-35022 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35023 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a segmentation violation via /lib/x86_64-linux-gnu/libc.so.6+0xbb384.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40935 βΌ
π Read
via "National Vulnerability Database".
Online Pet Shop We App v1.0 is vulnerable to SQL Injection via /pet_shop/classes/Master.php?f=delete_category,id.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35028 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35408 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. An SMM callout vulnerability in the SMM driver in UsbLegacyControlSmm leads to possible arbitrary code execution in SMM and escalation of privileges. An attacker could overwrite the function pointers in the EFI_BOOT_SERVICES table before the USB SMI handler triggers. (This is not exploitable from code running in the operating system.)π Read
via "National Vulnerability Database".
βΌ CVE-2022-35025 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35030 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35039 βΌ
π Read
via "National Vulnerability Database".
OTFCC commit 617837b was discovered to contain a heap buffer overflow via /release-x64/otfccdump+0x6e20a0.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40933 βΌ
π Read
via "National Vulnerability Database".
Online Pet Shop We App v1.0 by oretnom23 is vulnerable to SQL injection via /pet_shop/classes/Master.php?f=delete_order,id.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40932 βΌ
π Read
via "National Vulnerability Database".
In Zoo Management System v1.0, there is an arbitrary file upload vulnerability in the picture upload point of the "gallery" file of the "Gallery" module in the background management system.π Read
via "National Vulnerability Database".
βΌ CVE-2021-27774 βΌ
π Read
via "National Vulnerability Database".
User input included in error response, which could be used in a phishing attack.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37234 βΌ
π Read
via "National Vulnerability Database".
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2022-40298 βΌ
π Read
via "National Vulnerability Database".
Crestron AirMedia for Windows before 5.5.1.84 has insecure inherited permissions, which leads to a privilege escalation vulnerability found in the AirMedia Windows Application, version 4.3.1.39. A low privileged user can initiate a repair of the system and gain a SYSTEM level shell.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30426 βΌ
π Read
via "National Vulnerability Database".
There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110 F3 firmware version <= P13 (latest) and AP130 F2 firmware version <= P04 (latest) and Aspire 1600X firmware version <= P11.A3L (latest) and Aspire 1602M firmware version <= P11.A3L (latest) and Aspire 7600U firmware version <= P11.A4 (latest) and Aspire MC605 firmware version <= P11.A4L (latest) and Aspire TC-105 firmware version <= P12.B0L (latest) and Aspire TC-120 firmware version <= P11-A4 (latest) and Aspire U5-620 firmware version <= P11.A1 (latest) and Aspire X1935 firmware version <= P11.A3L (latest) and Aspire X3475 firmware version <= P11.A3L (latest) and Aspire X3995 firmware version <= P11.A3L (latest) and Aspire XC100 firmware version <= P11.B3 (latest) and Aspire XC600 firmware version <= P11.A4 (latest) and Aspire Z3-615 firmware version <= P11.A2L (latest) and Veriton E430G firmware version <= P21.A1 (latest) and Veriton B630_49 firmware version <= AAP02SR (latest) and Veriton E430 firmware version <= P11.A4 (latest) and Veriton M2110G firmware version <= P21.A3 (latest) and Veriton M2120G fir.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41803 βΌ
π Read
via "National Vulnerability Database".
HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."π Read
via "National Vulnerability Database".
βΌ CVE-2022-38573 βΌ
π Read
via "National Vulnerability Database".
10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37235 βΌ
π Read
via "National Vulnerability Database".
Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncatπ Read
via "National Vulnerability Database".
βΌ CVE-2022-37232 βΌ
π Read
via "National Vulnerability Database".
Netgear N300 wireless router wnr2000v4-V1.0.0.70 is vulnerable to Buffer Overflow via uhttpd. There is a stack overflow vulnerability caused by strcpy.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35951 βΌ
π Read
via "National Vulnerability Database".
Redis is an in-memory database that persists on disk. Versions 7.0.0 and above, prior to 7.0.5 are vulnerable to an Integer Overflow. Executing an `XAUTOCLAIM` command on a stream key in a specific state, with a specially crafted `COUNT` argument may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This has been patched in Redis version 7.0.5. No known workarounds exist.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39230 βΌ
π Read
via "National Vulnerability Database".
fhir-works-on-aws-authz-smart is an implementation of the authorization interface from the FHIR Works interface. Versions 3.1.1 and 3.1.2 are subject to Exposure of Sensitive Information to an Unauthorized Actor. This issue allows a client of the API to retrieve more information than the clientΓ’β¬β’s OAuth scope permits when making Γ’β¬Εsearch-typeΓ’β¬οΏ½ requests. This issue would not allow a client to retrieve information about individuals other than those the client was already authorized to access. Users of fhir-works-on-aws-authz-smart 3.1.1 or 3.1.2 should upgrade to version 3.1.3 or higher immediately. Versions 3.1.0 and below are unaffected. There is no workaround for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41319 βΌ
π Read
via "National Vulnerability Database".
A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7).π Read
via "National Vulnerability Database".