‼ CVE-2022-32842 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. An app may be able to gain elevated privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35094 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35096 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35721 ‼
📖 Read
via "National Vulnerability Database".
IBM Jazz for Service Management 1.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 231380.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32219 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in Rocket.Chat <v4.7.5 which allowed the "users.list" REST endpoint gets a query parameter from JSON and runs Users.find(queryFromClientSide). This means virtually any authenticated user can access any data (except password hashes) of any user authenticated.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32783 ‼
📖 Read
via "National Vulnerability Database".
A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. An app may gain unauthorized access to Bluetooth.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40629 ‼
📖 Read
via "National Vulnerability Database".
This vulnerability exists in Tacitine Firewall, all versions of EN6200-PRIME QUAD-35 and EN6200-PRIME QUAD-100 between 19.1.1 to 22.20.1 (inclusive), due to insecure design in the Tacitine Firewall web-based management interface. An unauthenticated remote attacker could exploit this vulnerability by sending a specially crafted http request on the targeted device. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to view sensitive information on the targeted device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35249 ‼
📖 Read
via "National Vulnerability Database".
A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22423 ‼
📖 Read
via "National Vulnerability Database".
IBM Common Cryptographic Architecture (CCA 5.x MTM for 4767 and CCA 7.x MTM for 4769) could allow a local user to cause a denial of service due to improper input validation. IBM X-Force ID: 223596.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32807 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved file handling. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to overwrite arbitrary files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32220 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38439 ‼
📖 Read
via "National Vulnerability Database".
Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32800 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. An app may be able to modify protected parts of the file system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32781 ‼
📖 Read
via "National Vulnerability Database".
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5, Security Update 2022-005 Catalina, macOS Big Sur 11.6.8. An app with root privileges may be able to access private information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40100 ‼
📖 Read
via "National Vulnerability Database".
Tenda i9 v1.0.0.8(3828) was discovered to contain a command injection vulnerability via the FormexeCommand function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35099 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a stack overflow via ImageStream::getPixel(unsigned char*) at /xpdf/Stream.cc.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40105 ‼
📖 Read
via "National Vulnerability Database".
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the formWifiMacFilterGet function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32818 ‼
📖 Read
via "National Vulnerability Database".
The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28886 ‼
📖 Read
via "National Vulnerability Database".
A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32229 ‼
📖 Read
via "National Vulnerability Database".
A information disclosure vulnerability exists in Rockert.Chat <v5 due to /api/v1/chat.getThreadsList lack of sanitization of user inputs and can therefore leak private thread messages to unauthorized users via Mongo DB injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38704 ‼
📖 Read
via "National Vulnerability Database".
Cross-Site Request Forgery (CSRF) vulnerability in SEO Redirection plugin <= 8.9 at WordPress, leading to deletion of 404 errors and redirection history.📖 Read
via "National Vulnerability Database".