βΌ CVE-2022-44087 βΌ
π Read
via "National Vulnerability Database".
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component UPFILE_PIC_ZOOM_HIGHT.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39036 βΌ
π Read
via "National Vulnerability Database".
The file upload function of Agentflow BPM has insufficient filtering for special characters in URLs. An unauthenticated remote attacker can exploit this vulnerability to upload arbitrary file and execute arbitrary code to manipulate system or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38119 βΌ
π Read
via "National Vulnerability Database".
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-29515 βΌ
π Read
via "National Vulnerability Database".
Missing release of memory after effective lifetime in firmware for Intel(R) SPS before versions SPS_E3_06.00.03.035.0 may allow a privileged user to potentially enable denial of service via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2021-33064 βΌ
π Read
via "National Vulnerability Database".
Uncontrolled search path in the software installer for Intel(R) System Studio for all versions, may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3956 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. VDB-213462 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26845 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93, 12.0.92, 14.1.67, 15.0.42, 16.1.25 may allow an unauthenticated user to potentially enable escalation of privilege via network access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-39396 (parse-server) βΌ
π Read
via "National Vulnerability Database".
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.18, and prior to 5.3.1 on the 5.X branch, are vulnerable to Remote Code Execution via prototype pollution. An attacker can use this prototype pollution sink to trigger a remote code execution through the MongoDB BSON parser. This issue is patched in version 5.3.1 and in 4.10.18. There are no known workarounds.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21794 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business, Intel(R) NUC Enthusiast, Intel(R) NUC Kits before version HN0067 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44089 βΌ
π Read
via "National Vulnerability Database".
ESPCMS P8.21120101 was discovered to contain a remote code execution (RCE) vulnerability in the component IS_GETCACHE.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28748 βΌ
π Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2964. Reason: This candidate is a reservation duplicate of CVE-2022-2964. Notes: All CVE users should reference CVE-2022-2964 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38120 βΌ
π Read
via "National Vulnerability Database".
UPSMON PROΓ’β¬β’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45196 βΌ
π Read
via "National Vulnerability Database".
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34666 βΌ
π Read
via "National Vulnerability Database".
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37345 βΌ
π Read
via "National Vulnerability Database".
Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3957 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28611 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via physical access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-40750 βΌ
π Read
via "National Vulnerability Database".
IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36377 βΌ
π Read
via "National Vulnerability Database".
Incorrect default permissions in the installer software for some Intel(r) NUC Kit Wireless Adapter drivers for Windows 10 before version 22.40 may allow an authenticated user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36789 βΌ
π Read
via "National Vulnerability Database".
Improper access control in BIOS firmware for some Intel(R) NUC 10 Performance Kits and Intel(R) NUC 10 Performance Mini PCs before version FNCML357.0053 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38099 βΌ
π Read
via "National Vulnerability Database".
Improper input validation in BIOS firmware for some Intel(R) NUC 11 Compute Elements before version EBTGL357.0065 may allow a privileged user to potentially enable escalation of privilege via local access.π Read
via "National Vulnerability Database".