‼ CVE-2022-36452 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the web conferencing component of Mitel MiCollab through 9.5.0.101 could allow an unauthenticated attacker to upload malicious files. A successful exploit could allow an attacker to execute arbitrary code within the context of the application.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36453 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39354 ‼
📖 Read
via "National Vulnerability Database".
SputnikVM, also called evm, is a Rust implementation of Ethereum Virtual Machine. A custom stateful precompile can use the `is_static` parameter to determine if the call is executed in a static context (via `STATICCALL`), and thus decide if stateful operations should be done. Prior to version 0.36.0, the passed `is_static` parameter was incorrect -- it was only set to `true` if the call came from a direct `STATICCALL` opcode. However, once a static call context is entered, it should stay static. The issue only impacts custom precompiles that actually uses `is_static`. For those affected, the issue can lead to possible incorrect state transitions. Version 0.36.0 contains a patch. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27912 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous requests.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3644 ‼
📖 Read
via "National Vulnerability Database".
The collection remote for pulp_ansible stores tokens in plaintext instead of using pulp's encrypted field and exposes them in read/write mode via the API () instead of marking it as write only.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38181 ‼
📖 Read
via "National Vulnerability Database".
An Arm product family through 2022-08-12 mail GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36454 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27913 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Joomla! 4.2.0 through 4.2.3. Inadequate filtering of potentially malicious user input leads to reflected XSS vulnerabilities in various components.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36451 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the MiCollab Client server component of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to conduct a Server-Side Request Forgery (SSRF) attack due to insufficient restriction of URL parameters. A successful exploit could allow an attacker to leverage connections and permissions available to the host server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31468 ‼
📖 Read
via "National Vulnerability Database".
OX App Suite through 8.2 allows XSS via an attachment or OX Drive content when a client uses the len or off parameter.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38162 ‼
📖 Read
via "National Vulnerability Database".
Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-41711 ‼
📖 Read
via "National Vulnerability Database".
Badaso version 2.6.0 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33185 ‼
📖 Read
via "National Vulnerability Database".
Several commands in Brocade Fabric OS before Brocade Fabric OS v.9.0.1e, and v9.1.0 use unsafe string functions to process user input. Authenticated local attackers could abuse these vulnerabilities to exploit stack-based buffer overflows, allowing arbitrary code execution as the root user account.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33181 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshowâ€� and “supportlinkâ€�.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33178 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in the radius authentication system of Brocade Fabric OS before Brocade Fabric OS 9.0 could allow a remote attacker to execute arbitrary code on the Brocade switch.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33183 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownloadâ€� and “diagshowâ€� commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33184 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28169 ‼
📖 Read
via "National Vulnerability Database".
Brocade Webtools in Brocade Fabric OS versions before Brocade Fabric OS versions v9.1.1, v9.0.1e, and v8.2.3c could allow a low privilege webtools, user, to gain elevated admin rights, or privileges, beyond what is intended or entitled for that user. By exploiting this vulnerability, a user whose role is not an admin can create a new user with an admin role using the operator session id. The issue was replicated after intercepting the admin, and operator authorization headers sent unencrypted and editing a user addition request to use the operator's authorization header.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33180 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5 could allow a local authenticated attacker to export out sensitive files with “seccryptocfgâ€�, “configuploadâ€�.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33179 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, and 7.4.2j could allow a local authenticated user to break out of restricted shells with “set contextâ€� and escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28170 ‼
📖 Read
via "National Vulnerability Database".
Brocade Fabric OS Web Application services before Brocade Fabric v9.1.0, v9.0.1e, v8.2.3c, v7.4.2j store server and user passwords in the debug statements. This could allow a local user to extract the passwords from a debug file.📖 Read
via "National Vulnerability Database".