‼ CVE-2022-41596 ‼
📖 Read
via "National Vulnerability Database".
The system tool has inconsistent serialization and deserialization. Successful exploitation of this vulnerability will cause unauthorized startup of components.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41590 ‼
📖 Read
via "National Vulnerability Database".
Some smartphones have authentication-related (including session management) vulnerabilities as the setup wizard is bypassed. Successful exploitation of this vulnerability affects the smartphone availability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46320 ‼
📖 Read
via "National Vulnerability Database".
The kernel module has an out-of-bounds read vulnerability. Successful exploitation of this vulnerability may cause memory overwriting.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23542 ‼
📖 Read
via "National Vulnerability Database".
OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. During an internal security assessment, it was discovered that OpenFGA version 0.3.0 is vulnerable to authorization bypass under certain conditions. This issue has been patched in version 0.3.1 and is backward compatible.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46313 ‼
📖 Read
via "National Vulnerability Database".
The sensor privacy module has an authentication vulnerability. Successful exploitation of this vulnerability may cause unavailability of the smartphone's camera and microphone.📖 Read
via "National Vulnerability Database".
🕴 Give Yourself the Gift of Secure Holiday Ecommerce 🕴
📖 Read
via "Dark Reading".
Automating your defenses can bring good tidings of great joy.📖 Read
via "Dark Reading".
Dark Reading
Give Yourself the Gift of Secure Holiday E-Commerce
Automating your defenses can bring good tidings of great joy.
‼ CVE-2022-42949 ‼
📖 Read
via "National Vulnerability Database".
Silverstripe silverstripe/subsites through 2.6.0 has Insecure Permissions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47629 ‼
📖 Read
via "National Vulnerability Database".
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42046 ‼
📖 Read
via "National Vulnerability Database".
WFS, Inc HeavenBurnsRed 2020.3.15.7141260 is vulnerable to Local Privilege Escalation.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24431 ‼
📖 Read
via "National Vulnerability Database".
All versions of package abacus-ext-cmdline are vulnerable to Command Injection via the execute function due to improper user-input sanitization.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-4617 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 1.3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25929 ‼
📖 Read
via "National Vulnerability Database".
The package smoothie from 1.31.0 and before 1.36.1 are vulnerable to Cross-site Scripting (XSS) due to improper user input sanitization in strokeStyle and tooltipLabel properties. Exploiting this vulnerability is possible when the user can control these properties.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38546 ‼
📖 Read
via "National Vulnerability Database".
A DNS misconfiguration was found in Zyxel NBG7510 firmware versions prior to V1.00(ABZY.3)C0, which could allow an unauthenticated attacker to access the DNS server when the device is switched to the AP mode.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25893 ‼
📖 Read
via "National Vulnerability Database".
The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25895 ‼
📖 Read
via "National Vulnerability Database".
All versions of package lite-dev-server are vulnerable to Directory Traversal due to missing input sanitization and sandboxes being employed to the req.url user input that is passed to the server code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46282 ‼
📖 Read
via "National Vulnerability Database".
Use after free vulnerability in CX-Drive V3.00 and earlier allows a local attacker to execute arbitrary code by having a user to open a specially crafted file,📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46662 ‼
📖 Read
via "National Vulnerability Database".
Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The affected product and versions are as follows: Roxio Creator LJB version number 12.2 build number 106B62B, version number 12.2 build number 106B63A, version number 12.2 build number 106B69A, version number 12.2 build number 106B71A, and version number 12.2 build number 106B74A)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44449 ‼
📖 Read
via "National Vulnerability Database".
Stored cross-site scripting vulnerability in Zenphoto versions prior to 1.6 allows remote a remote authenticated attacker with an administrative privilege to inject an arbitrary script.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47635 ‼
📖 Read
via "National Vulnerability Database".
Wildix WMS 6 before 6.02.20221216, WMS 5 before 5.04.20221214, and WMS4 before 4.04.45396.23 allows Server-side request forgery (SSRF) via ZohoClient.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43543 ‼
📖 Read
via "National Vulnerability Database".
KDDI +Message App, NTT DOCOMO +Message App, and SoftBank +Message App contain a vulnerability caused by improper handling of Unicode control characters. +Message App displays text unprocessed, even when control characters are contained, and the text is shown based on Unicode control character's specifications. Therefore, a crafted text may display misleading web links. As a result, a spoofed URL may be displayed and phishing attacks may be conducted. Affected products and versions are as follows: KDDI +Message App for Android prior to version 3.9.2 and +Message App for iOS prior to version 3.9.4, NTT DOCOMO +Message App for Android prior to version 54.49.0500 and +Message App for iOS prior to version 3.9.4, and SoftBank +Message App for Android prior to version 12.9.5 and +Message App for iOS prior to version 3.9.4📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46330 ‼
📖 Read
via "National Vulnerability Database".
Squirrel.Windows is both a toolset and a library that provides installation and update functionality for Windows desktop applications. Installers generated by Squirrel.Windows 2.0.1 and earlier contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.📖 Read
via "National Vulnerability Database".