βΌ CVE-2022-32621 βΌ
π Read
via "National Vulnerability Database".
In isp, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310829; Issue ID: ALPS07310829.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32594 βΌ
π Read
via "National Vulnerability Database".
In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446207; Issue ID: ALPS07446207.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32598 βΌ
π Read
via "National Vulnerability Database".
In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32597 βΌ
π Read
via "National Vulnerability Database".
In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07446228; Issue ID: ALPS07446228.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45313 βΌ
π Read
via "National Vulnerability Database".
Mikrotik RouterOs before stable v7.5 was discovered to contain an out-of-bounds read in the hotspot process. This vulnerability allows attackers to execute arbitrary code via a crafted nova message.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32620 βΌ
π Read
via "National Vulnerability Database".
In mpu, there is a possible memory corruption due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07541753; Issue ID: ALPS07541753.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32622 βΌ
π Read
via "National Vulnerability Database".
In gz, there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363786; Issue ID: ALPS07363786.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32631 βΌ
π Read
via "National Vulnerability Database".
In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32630 βΌ
π Read
via "National Vulnerability Database".
In throttling, there is a possible out of bounds write due to an incorrect calculation of buffer size. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405966; Issue ID: ALPS07405966.π Read
via "National Vulnerability Database".
βΌ CVE-2022-32628 βΌ
π Read
via "National Vulnerability Database".
In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310780; Issue ID: ALPS07310780.π Read
via "National Vulnerability Database".
β Ping of death! FreeBSD fixes crashtastic bug in network tool β
π Read
via "Naked Security".
It's a venerable program, and this version had a venerable bug in it.π Read
via "Naked Security".
Naked Security
Ping of death! FreeBSD fixes crashtastic bug in network tool
Itβs a venerable program, and this version had a venerable bug in it.
βΌ CVE-2022-3837 βΌ
π Read
via "National Vulnerability Database".
The Uji Countdown WordPress plugin through 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3892 βΌ
π Read
via "National Vulnerability Database".
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.2 does not sanitize and escape Client IDs, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)π Read
via "National Vulnerability Database".
βΌ CVE-2022-3677 βΌ
π Read
via "National Vulnerability Database".
The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3838 βΌ
π Read
via "National Vulnerability Database".
The WPUpper Share Buttons WordPress plugin through 3.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3249 βΌ
π Read
via "National Vulnerability Database".
The WP CSV Exporter WordPress plugin before 1.3.7 does not properly sanitise and escape some parameters before using them in a SQL statement, allowing high privilege users such as admin to perform SQL injection attacksπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3856 βΌ
π Read
via "National Vulnerability Database".
The Comic Book Management System WordPress plugin before 2.2.0 does not sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3846 βΌ
π Read
via "National Vulnerability Database".
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3830 βΌ
π Read
via "National Vulnerability Database".
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).π Read
via "National Vulnerability Database".
βΌ CVE-2022-3926 βΌ
π Read
via "National Vulnerability Database".
The WP OAuth Server (OAuth Authentication) WordPress plugin before 3.4.2 does not have CSRF check when regenerating secrets, which could allow attackers to make logged in admins regenerate the secret of an arbitrary client given they know the client IDπ Read
via "National Vulnerability Database".
βΌ CVE-2022-3907 βΌ
π Read
via "National Vulnerability Database".
The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.π Read
via "National Vulnerability Database".