‼ CVE-2022-39038 ‼
📖 Read
via "National Vulnerability Database".
Agentflow BPM enterprise management system has improper authentication. A remote attacker with general user privilege can change the name of the user account to acquire arbitrary account privilege, and access, manipulate system or disrupt service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28126 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44727 ‼
📖 Read
via "National Vulnerability Database".
The EU Cookie Law GDPR (Banner + Blocker) module before 2.1.3 for PrestaShop allows SQL Injection via a cookie ( lgcookieslaw or __lglaw ).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3950 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in sanluan PublicCMS. Affected is the function initLink of the file dwz.min.js of the component Tab Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is a972dc9b1c94aea2d84478bf26283904c21e4ca2. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213456.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3944 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in jerryhanjj ERP. It has been declared as critical. Affected by this vulnerability is the function uploadImages of the file application/controllers/basedata/inventory.php of the component Commodity Management. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213451.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26024 ‼
📖 Read
via "National Vulnerability Database".
Improper access control in the Intel(R) NUC HDMI Firmware Update Tool for NUC7i3DN, NUC7i5DN and NUC7i7DN before version 1.78.2.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39388 ‼
📖 Read
via "National Vulnerability Database".
Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-26251 ‼
📖 Read
via "National Vulnerability Database".
Improper input validation in the Intel(R) Distribution of OpenVINO(TM) Toolkit may allow an authenticated user to potentially enable denial of service via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-40289 ‼
📖 Read
via "National Vulnerability Database".
mm-wki v0.2.1 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29893 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an authenticated user to potentially enable escalation of privilege via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44087 ‼
📖 Read
via "National Vulnerability Database".
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39036 ‼
📖 Read
via "National Vulnerability Database".
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38119 ‼
📖 Read
via "National Vulnerability Database".
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-29515 ‼
📖 Read
via "National Vulnerability Database".
Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-33064 ‼
📖 Read
via "National Vulnerability Database".
Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3956 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-26845 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39396 (parse-server) ‼
📖 Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21794 ‼
📖 Read
via "National Vulnerability Database".
Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44089 ‼
📖 Read
via "National Vulnerability Database".
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-28748 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".