βΌ CVE-2022-4639 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4637 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in ep3-bs 1.8.0. This affects an unknown part. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 1.8.1 is able to address this issue. The name of the patch is ef49e709c8adecc3a83cdc6164a67162991d2213. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216495.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4642 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in tatoeba2. It has been classified as problematic. This affects an unknown part of the component Profile Name Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version prod_2022-10-30 is able to address this issue. The name of the patch is 91110777fc8ddf1b4a2cf4e66e67db69b9700361. It is recommended to upgrade the affected component. The identifier VDB-216501 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4640 βΌ
π Read
via "National Vulnerability Database".
A vulnerability has been found in Mingsoft MCMS 5.2.9 and classified as problematic. Affected by this vulnerability is the function save of the component Article Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216499.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46334 βΌ
π Read
via "National Vulnerability Database".
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4638 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as problematic was found in collective.contact.widget up to 1.12. This vulnerability affects the function title of the file src/collective/contact/widget/widgets.py. The manipulation leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 5da36305ca7ed433782be8901c47387406fcda12. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216496.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4643 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in docconv up to 1.3.4. It has been declared as critical. This vulnerability affects the function ConvertPDFImages of the file pdf_ocr.go. The manipulation of the argument path leads to os command injection. The attack can be initiated remotely. Upgrading to version 1.3.5 is able to address this issue. The name of the patch is b19021ade3d0b71c89d35cb00eb9e589a121faa5. It is recommended to upgrade the affected component. VDB-216502 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4275 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, was found in katlings pyambic-pentameter. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is 974f21aa1b2527ef39c8afe1a5060548217deca8. It is recommended to apply a patch to fix this issue. VDB-216498 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4641 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in pig-vector and classified as problematic. Affected by this issue is the function LogisticRegression of the file src/main/java/org/apache/mahout/pig/LogisticRegression.java. The manipulation leads to insecure temporary file. The attack needs to be approached locally. The name of the patch is 1e7bd9fab5401a2df18d2eabd802adcf0dcf1f15. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216500.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3185 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product exposes sensitive data concerning the device.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3186 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the affected product allows an attacker to access the deviceΓ’β¬β’s main management page from the cloud. This feature enables users to remotely connect devices, however, the current implementation permits users to access other device's information.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3184 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where the deviceΓ’β¬β’s existing firmware allows unauthenticated users to access an old PHP page vulnerable to directory traversal, which may allow a user to write a file to the webroot directory.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3188 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where unauthenticated users could open PHP index pages without authentication and download the history file from the device; the history file includes the latest actions completed by specific users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3187 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP pages only validate when a valid connection is established with the database. However, these PHP pages do not verify the validity of a user. Attackers could leverage this lack of verification to read the state of outlets.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3183 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3189 βΌ
π Read
via "National Vulnerability Database".
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specially crafted PHP script could use parameters from a HTTP request to create a URL capable of changing the host parameter. The changed host parameter in the HTTP could point to another host that will send a request to the host or IP specified in the changed host parameter.π Read
via "National Vulnerability Database".
π cryptmount Filesystem Manager 6.1.1 π
π Read
via "Packet Storm Security".
cryptmount is a utility for creating and managing secure filing systems on GNU/Linux systems. After initial setup, it allows any user to mount or unmount filesystems on demand, solely by providing the decryption password, with any system devices needed to access the filing system being configured automatically. A wide variety of encryption schemes (provided by the kernel dm-crypt system and the libgcrypt library) can be used to protect both the filesystem and the access key. The protected filing systems can reside in either ordinary files or disk partitions. The package also supports encrypted swap partitions, and automatic configuration on system boot-up.π Read
via "Packet Storm Security".
Packetstormsecurity
cryptmount Filesystem Manager 6.1.1 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2022-41654 βΌ
π Read
via "National Vulnerability Database".
An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41697 βΌ
π Read
via "National Vulnerability Database".
A user enumeration vulnerability exists in the login functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send a series of HTTP requests to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36624 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in ahorner text-helpers 1.1.0/1.1.1. It has been declared as critical. This vulnerability affects unknown code of the file lib/text_helpers/translation.rb. The manipulation of the argument link leads to use of web link to untrusted target with window.opener access. The attack can be initiated remotely. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is 184b60ded0e43c985788582aca2d1e746f9405a3. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216520.π Read
via "National Vulnerability Database".
βΌ CVE-2020-36625 βΌ
π Read
via "National Vulnerability Database".
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.π Read
via "National Vulnerability Database".