‼ CVE-2022-45970 ‼
📖 Read
via "National Vulnerability Database".
Alist v3.5.1 is vulnerable to Cross Site Scripting (XSS) via the bulletin board.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37930 ‼
📖 Read
via "National Vulnerability Database".
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44647 ‼
📖 Read
via "National Vulnerability Database".
An Out-of-bounds read vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to disclose sensitive information on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This is similar to, but not the same as CVE-2022-44648.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43518 ‼
📖 Read
via "National Vulnerability Database".
An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise web interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37932 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in Hewlett Packard Enterprise OfficeConnect 1820, 1850, and 1920S Network switches. The vulnerability could be remotely exploited to allow authentication bypass. HPE has made the following software updates to resolve the vulnerability in Hewlett Packard Enterprise OfficeConnect 1820, 1850 and 1920S Network switches versions: Prior to PT.02.14; Prior to PC.01.22; Prior to PO.01.21; Prior to PD.02.22;📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44532 ‼
📖 Read
via "National Vulnerability Database".
An authenticated path traversal vulnerability exists in the Aruba EdgeConnect Enterprise command line interface. Successful exploitation of this vulnerability results in the ability to read arbitrary files on the underlying operating system, including sensitive system files in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43780 ‼
📖 Read
via "National Vulnerability Database".
Certain HP ENVY, OfficeJet, and DeskJet printers may be vulnerable to a Denial of Service attack.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44649 ‼
📖 Read
via "National Vulnerability Database".
An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45968 ‼
📖 Read
via "National Vulnerability Database".
Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43542 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43541 ‼
📖 Read
via "National Vulnerability Database".
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.📖 Read
via "National Vulnerability Database".
🕴 When Companies Compensate the Hackers, We All Foot the Bill 🕴
📖 Read
via "Dark Reading".
Ensuring stronger in-house defenses is integral to retaining customer loyalty.📖 Read
via "Dark Reading".
Dark Reading
When Companies Compensate the Hackers, We All Foot the Bill
Ensuring stronger in-house defenses is integral to retaining customer loyalty.
🕴 Popular WAFs Subverted by JSON Bypass 🕴
📖 Read
via "Dark Reading".
Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.📖 Read
via "Dark Reading".
Dark Reading
Popular WAFs Subverted by JSON Bypass
Web application firewalls from AWS, Cloudflare, F5, Imperva, and Palo Alto Networks are vulnerable to a database attack using the popular JavaScript Object Notation (JSON) format.
🕴 What We Can't See Can Hurt Us 🕴
📖 Read
via "Dark Reading".
Visibility into every environment, including cloud, enables businesses to mitigate operating risks.📖 Read
via "Dark Reading".
Dark Reading
What We Can't See Can Hurt Us
Visibility into every environment, including cloud, enables businesses to mitigate operating risks.
‼ CVE-2022-44147 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-16891. Reason: This candidate is a reservation duplicate of CVE-2019-16891. Notes: All CVE users should reference CVE-2019-16891 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45043 ‼
📖 Read
via "National Vulnerability Database".
Tenda AX12 V22.03.01.16_cn is vulnerable to command injection via goform/fast_setting_internet_set.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45957 ‼
📖 Read
via "National Vulnerability Database".
ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 is vulnerable to remote stack buffer overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45997 ‼
📖 Read
via "National Vulnerability Database".
Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45956 ‼
📖 Read
via "National Vulnerability Database".
Boa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone to bypass the Basic Authorization mechanism.📖 Read
via "National Vulnerability Database".