‼ CVE-2021-43867 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23465 ‼
📖 Read
via "National Vulnerability Database".
SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32865 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-32878 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2021. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4273 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Human Resource Management System 1.0. This issue affects some unknown processing of the file /hrm/controller/employee.php of the component Content-Type Handler. The manipulation of the argument pfimg leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-214769 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4272 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in FeMiner wms. Affected by this issue is some unknown functionality of the file /product/savenewproduct.php?flag=1. The manipulation of the argument upfile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214760.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-3491 ‼
📖 Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-37533 ‼
📖 Read
via "National Vulnerability Database".
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4274 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, was found in House Rental System. Affected is an unknown function of the file /view-property.php. The manipulation of the argument property_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-214770 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4275 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability has been found in House Rental System and classified as critical. Affected by this vulnerability is an unknown functionality of the file search-property.php of the component POST Request Handler. The manipulation of the argument search_property leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214771.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4276 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in House Rental System and classified as critical. Affected by this issue is some unknown functionality of the file tenant-engine.php of the component POST Request Handler. The manipulation of the argument id_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214772.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46410 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46414 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Unauthenticated remote command execution can occur via the management portal.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44721 ‼
📖 Read
via "National Vulnerability Database".
CrowdStrike Falcon 6.44.15806 allows an administrative attacker to uninstall Falcon Sensor, bypassing the intended protection mechanism in which uninstallation requires possessing a one-time token. (The sensor is managed at the kernel level.)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46391 ‼
📖 Read
via "National Vulnerability Database".
AWStats 7.x through 7.8 allows XSS in the hostinfo plugin due to printing a response from Net::XWhois without proper checks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46413 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46405 ‼
📖 Read
via "National Vulnerability Database".
Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46411 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46412 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35508 ‼
📖 Read
via "National Vulnerability Database".
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35507 ‼
📖 Read
via "National Vulnerability Database".
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.📖 Read
via "National Vulnerability Database".