‼ CVE-2022-46957 ‼
📖 Read
via "National Vulnerability Database".
Sourcecodester.com Online Graduate Tracer System V 1.0.0 is vulnerable to Cross Site Scripting (XSS).📖 Read
via "National Vulnerability Database".
‼ CVE-2023-22739 ‼
📖 Read
via "National Vulnerability Database".
Discourse is an open source platform for community discussion. Versions prior to 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed) are subject to Allocation of Resources Without Limits or Throttling. As there is no limit on data contained in a draft, a malicious user can create an arbitrarily large draft, forcing the instance to a crawl. This issue is patched in versions 3.0.1 (stable), 3.1.0.beta2 (beta), and 3.1.0.beta2 (tests-passed). There are no workarounds.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40222 ‼
📖 Read
via "National Vulnerability Database".
An OS command injection vulnerability exists in the m2m DELETE_FILE cmd functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27508 ‼
📖 Read
via "National Vulnerability Database".
Unauthenticated denial of service📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24432 ‼
📖 Read
via "National Vulnerability Database".
A cross-site request forgery (CSRF) vulnerability in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers to connect to an attacker-specified HTTP server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-44263 ‼
📖 Read
via "National Vulnerability Database".
Dentsply Sirona Sidexis <= 4.3 is vulnerable to Incorrect Access Control.📖 Read
via "National Vulnerability Database".
‼ CVE-2020-36657 ‼
📖 Read
via "National Vulnerability Database".
uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call.📖 Read
via "National Vulnerability Database".
🔥1
‼ CVE-2022-41000 ‼
📖 Read
via "National Vulnerability Database".
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no gre index <1-8> tunnel A.B.C.D source (A.B.C.D|null) dest A.B.C.D keepalive (on|off) interval (<0-255>|null) retry (<0-255>|null) description (WORD|null)' command template.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24170 ‼
📖 Read
via "National Vulnerability Database".
Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via /goform/fromSetWirelessRepeat.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0417 ‼
📖 Read
via "National Vulnerability Database".
Memory leak in the NFS dissector in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24443 ‼
📖 Read
via "National Vulnerability Database".
Jenkins TestComplete support Plugin 2.8.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41009 ‼
📖 Read
via "National Vulnerability Database".
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'port triger protocol (tcp|udp|tcp/udp) triger port <1-65535> forward port <1-65535> description WORD' command template.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24427 ‼
📖 Read
via "National Vulnerability Database".
Jenkins Bitbucket OAuth Plugin 0.12 and earlier does not invalidate the previous session on login.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43917 ‼
📖 Read
via "National Vulnerability Database".
IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-20235 ‼
📖 Read
via "National Vulnerability Database".
The PowerVR GPU kernel driver maintains an "Information Page" used by its cache subsystem. This page can only be written by the GPU driver itself, but prior to DDK 1.18 however, a user-space program could write arbitrary data to the page, leading to memory corruption issues.Product: AndroidVersions: Android SoCAndroid ID: A-259967780📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0413 ‼
📖 Read
via "National Vulnerability Database".
Dissection engine bug in Wireshark 4.0.0 to 4.0.2 and 3.6.0 to 3.6.10 and allows denial of service via packet injection or crafted capture file📖 Read
via "National Vulnerability Database".
🔥1
‼ CVE-2022-43997 ‼
📖 Read
via "National Vulnerability Database".
Incorrect access control in Aternity agent in Riverbed Aternity before 12.1.4.27 allows for local privilege escalation. There is an insufficiently protected handle to the A180AG.exe SYSTEM process with PROCESS_ALL_ACCESS rights.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41012 ‼
📖 Read
via "National Vulnerability Database".
Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This buffer overflow is in the function that manages the 'no schedule link1 WORD link2 WORD policy (failover|backup) description (WORD|null)' command template.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1891 ‼
📖 Read
via "National Vulnerability Database".
A buffer overflow in the SystemLoadDefaultDxe driver in some Lenovo Notebook products may allow an attacker with local privileges to execute arbitrary code.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25927 ‼
📖 Read
via "National Vulnerability Database".
Versions of the package ua-parser-js from 0.7.30 and before 0.7.33, from 0.8.1 and before 1.0.33 are vulnerable to Regular Expression Denial of Service (ReDoS) via the trim() function.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0449 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".