βΌ CVE-2023-22611 βΌ
π Read
via "National Vulnerability Database".
A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxureΓ’βΒ’ Geo SCADA Expert 2019, EcoStruxureΓ’βΒ’ Geo SCADA Expert 2020, EcoStruxureΓ’βΒ’ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).π Read
via "National Vulnerability Database".
βΌ CVE-2022-47697 βΌ
π Read
via "National Vulnerability Database".
COMFAST (Shenzhen Sihai Zhonglian Network Technology Co., Ltd) CF-WR623N Router firmware V2.3.0.1 and before is vulnerable to Account takeover. Anyone can reset the password of the admin accounts.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45172 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected by flaws in authorization logic, through which a malicious user (with no privileges) is able to perform privilege escalation to the administrator role, and steal the accounts of any users on the system.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-22610 βΌ
π Read
via "National Vulnerability Database".
A CWE-285: Improper Authorization vulnerability exists that could cause Denial of Service against the Geo SCADA server when specific messages are sent to the server over the database server TCP port. Affected Products: EcoStruxureΓ’βΒ’ Geo SCADA Expert 2019, EcoStruxureΓ’βΒ’ Geo SCADA Expert 2020, EcoStruxureΓ’βΒ’ Geo SCADA Expert 2021 (All versions prior to October 2022), ClearSCADA (All Versions).π Read
via "National Vulnerability Database".
βΌ CVE-2022-45494 βΌ
π Read
via "National Vulnerability Database".
Buffer overflow vulnerability in function json_parse_object in sheredom json.h before commit 0825301a07cbf51653882bf2b153cc81fdadf41 (November 14, 2022) allows attackers to code arbitrary code and gain escalated privileges.π Read
via "National Vulnerability Database".
βΌ CVE-2022-37708 βΌ
π Read
via "National Vulnerability Database".
Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users outside the Docker container can access any files within the Docker container.π Read
via "National Vulnerability Database".
β€1
βΌ CVE-2022-32984 βΌ
π Read
via "National Vulnerability Database".
BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node are exposed.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45297 βΌ
π Read
via "National Vulnerability Database".
EQ v1.5.31 to v2.2.0 was discovered to contain a SQL injection vulnerability via the UserPwd parameter.π Read
via "National Vulnerability Database".
π1
βΌ CVE-2023-0454 βΌ
π Read
via "National Vulnerability Database".
OrangeScrum version 2.0.11 allows an authenticated external attacker to delete arbitrary local files from the server. This is possible because the application uses an unsanitized attacker-controlled parameter to construct an internal path.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42972 βΌ
π Read
via "National Vulnerability Database".
A CWE-732: Incorrect Permission Assignment for Critical Resource vulnerability exists that could cause local privilege escalation when a local attacker modifies the webroot directory. Affected Products: APC Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GA), APC Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GA-01-22261), Schneider Electric Easy UPS Online Monitoring Software (Windows 7, 10, 11 & Windows Server 2016, 2019, 2022 - Versions prior to V2.5-GS), Schneider Electric Easy UPS Online Monitoring Software (Windows 11, Windows Server 2019, 2022 - Versions prior to V2.5-GS-01-22261)π Read
via "National Vulnerability Database".
βΌ CVE-2023-23928 βΌ
π Read
via "National Vulnerability Database".
reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47770 βΌ
π Read
via "National Vulnerability Database".
Serenissima Informatica Fast Checkin version v1.0 is vulnerable to Unauthenticated SQL Injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34400 βΌ
π Read
via "National Vulnerability Database".
Dell BIOS contains a heap buffer overflow vulnerability. A local attacker with admin privileges could potentially exploit this vulnerability to perform an arbitrary write to SMRAM during SMM.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45095 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, 8.2.x-9.4.x, contain a command injection vulnerability. An authenticated user having access local shell and having the privilege to gather logs from the cluster could potentially exploit this vulnerability, leading to execute arbitrary commands, denial of service, information disclosure, and data deletion.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0607 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository projectsend/projectsend prior to r1606.π Read
via "National Vulnerability Database".
βΌ CVE-2021-22786 βΌ
π Read
via "National Vulnerability Database".
A CWE-200: Information Exposure vulnerability exists that could cause the exposure of sensitive information stored on the memory of the controller when communicating over the Modbus TCP protocol. Affected Products: Modicon M340 CPU (part numbers BMXP34*) (Versions prior to V3.30), Modicon M580 CPU (part numbers BMEP* and BMEH*) (Versions prior to SV3.20), Modicon MC80 (BMKC80) (Versions prior to V1.6), Modicon M580 CPU Safety (part numbers BMEP58*S and BMEH58*S) (All Versions), Modicon Momentum MDI (171CBU*) (Versions prior to V2.3), Legacy Modicon Quantum (All Versions)π Read
via "National Vulnerability Database".
βΌ CVE-2023-23630 βΌ
π Read
via "National Vulnerability Database".
Eta is an embedded JS templating engine that works inside Node, Deno, and the browser. XSS attack - anyone using the Express API is impacted. The problem has been resolved. Users should upgrade to version 2.0.0. As a workaround, don't pass user supplied things directly to `res.render`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45097 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4206 βΌ
π Read
via "National Vulnerability Database".
A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability reportπ Read
via "National Vulnerability Database".
βΌ CVE-2022-25916 βΌ
π Read
via "National Vulnerability Database".
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.π Read
via "National Vulnerability Database".
βΌ CVE-2022-47769 βΌ
π Read
via "National Vulnerability Database".
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.π Read
via "National Vulnerability Database".