‼ CVE-2022-42100 ‼
📖 Read
via "National Vulnerability Database".
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location input reply-form.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45306 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42099 ‼
📖 Read
via "National Vulnerability Database".
KLiK SocialMediaWebsite Version 1.0.1 has XSS vulnerabilities that allow attackers to store XSS via location Forum Subject input.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41568 ‼
📖 Read
via "National Vulnerability Database".
LINE client for iOS before 12.17.0 might be crashed by sharing an invalid shared key of e2ee in group chat.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44038 ‼
📖 Read
via "National Vulnerability Database".
Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45329 ‼
📖 Read
via "National Vulnerability Database".
AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40799 ‼
📖 Read
via "National Vulnerability Database".
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated attacker to execute OS level commands on the device.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45307 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44037 ‼
📖 Read
via "National Vulnerability Database".
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45204 ‼
📖 Read
via "National Vulnerability Database".
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45305 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32966 ‼
📖 Read
via "National Vulnerability Database".
RTL8168FP-CG Dash remote management function has missing authorization. An unauthenticated attacker within the adjacent network can connect to DASH service port to disrupt service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-32967 ‼
📖 Read
via "National Vulnerability Database".
RTL8111EP-CG/RTL8111FP-CG DASH function has hard-coded password. An unauthenticated physical attacker can use the hard-coded default password during system reboot triggered by other user, to acquire partial system information such as serial number and server information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36137 ‼
📖 Read
via "National Vulnerability Database".
ChurchCRM Version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS via location input sHeader.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45301 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in Chocolatey Ruby package v3.1.2.1 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\ruby31 and all files located in that folder.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41675 ‼
📖 Read
via "National Vulnerability Database".
A remote attacker with general user privilege can inject malicious code in the form content of Raiden MAILD Mail Server website. Other users export form content as CSV file can trigger arbitrary code execution and allow the attacker to perform arbitrary system operation or disrupt service on the user side.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45304 ‼
📖 Read
via "National Vulnerability Database".
Insecure permissions in Chocolatey Cmder package v1.3.20 and below grants all users in the Authenticated Users group write privileges for the path C:\tools\Cmder and all files located in that folder.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41676 ‼
📖 Read
via "National Vulnerability Database".
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43326 ‼
📖 Read
via "National Vulnerability Database".
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45202 ‼
📖 Read
via "National Vulnerability Database".
GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4202 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214518 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".