‼ CVE-2022-44699 ‼
📖 Read
via "National Vulnerability Database".
Azure Network Watcher Agent Security Feature Bypass Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44697 ‼
📖 Read
via "National Vulnerability Database".
Windows Graphics Component Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-41121, CVE-2022-44671, CVE-2022-44680.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44696 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44695.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45005 ‼
📖 Read
via "National Vulnerability Database".
IP-COM EW9 V15.11.0.14(9732) was discovered to contain a command injection vulnerability in the cmd_get_ping_output function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44710 ‼
📖 Read
via "National Vulnerability Database".
DirectX Graphics Kernel Elevation of Privilege Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47211 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47212, CVE-2022-47213.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44695 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Office Visio Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-44694, CVE-2022-44696.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44698 ‼
📖 Read
via "National Vulnerability Database".
Windows SmartScreen Security Feature Bypass Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44708 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47212 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47213.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47213 ‼
📖 Read
via "National Vulnerability Database".
Microsoft Office Graphics Remote Code Execution Vulnerability. This CVE ID is unique from CVE-2022-26804, CVE-2022-26805, CVE-2022-26806, CVE-2022-44692, CVE-2022-47211, CVE-2022-47212.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46381 ‼
📖 Read
via "National Vulnerability Database".
Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41653 ‼
📖 Read
via "National Vulnerability Database".
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to an attacker obtaining user login credentials and control the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23499 ‼
📖 Read
via "National Vulnerability Database".
HTML sanitizer is written in PHP, aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values. In versions prior to 1.5.0 or 2.1.1, malicious markup used in a sequence with special HTML CDATA sections cannot be filtered and sanitized due to a parsing issue in the upstream package masterminds/html5. This allows bypassing the cross-site scripting mechanism of typo3/html-sanitizer. The upstream package masterminds/html5 provides HTML raw text elements (`script`, `style`, `noframes`, `noembed` and `iframe`) as DOMText nodes, which were not processed and sanitized further. None of the mentioned elements were defined in the default builder configuration, that's why only custom behaviors, using one of those tag names, were vulnerable to cross-site scripting. This issue has been fixed in versions 1.5.0 and 2.1.1.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2660 ‼
📖 Read
via "National Vulnerability Database".
Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2947 ‼
📖 Read
via "National Vulnerability Database".
Altair HyperView Player versions 2021.1.0.27 and prior perform operations on a memory buffer but can read from or write to a memory location outside of the intended boundary of the buffer. This hits initially as a read access violation, leading to a memory corruption situation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38355 ‼
📖 Read
via "National Vulnerability Database".
Daikin SVMPC1 version 2.1.22 and prior and SVMPC2 version 1.2.3 and prior are vulnerable to attackers with access to the local area network (LAN) to disclose sensitive information stored by the affected product without requiring authentication.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2949 ‼
📖 Read
via "National Vulnerability Database".
Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to the use of uninitialized memory vulnerability during parsing of H3D files. A DWORD is extracted from an uninitialized buffer and, after sign extension, is used as an index into a stack variable to increment a counter leading to memory corruption.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4171 ‼
📖 Read
via "National Vulnerability Database".
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43996 ‼
📖 Read
via "National Vulnerability Database".
The csaf_provider package before 0.8.2 allows XSS via a crafted CSAF document uploaded as text/html. The endpoint upload allows valid CSAF advisories (JSON format) to be uploaded with Content-Type text/html and filenames ending in .html. When subsequently accessed via web browser, these advisories are served and interpreted as HTML pages. Such uploaded advisories can contain JavaScript code that will execute within the browser context of users inspecting the advisory.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-46404 ‼
📖 Read
via "National Vulnerability Database".
A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system.📖 Read
via "National Vulnerability Database".