‼ CVE-2022-25916 ‼
📖 Read
via "National Vulnerability Database".
Versions of the package mt7688-wiscan before 0.8.3 are vulnerable to Command Injection due to improper input sanitization in the 'wiscan.scan' function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47769 ‼
📖 Read
via "National Vulnerability Database".
An arbitrary file write vulnerability in Serenissima Informatica Fast Checkin v1.0 allows unauthenticated attackers to upload malicious files in the web root of the application to gain access to the server via the web shell.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45096 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-31902 ‼
📖 Read
via "National Vulnerability Database".
Notepad++ v8.4.1 was discovered to contain a stack overflow via the component Finder::add().📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23846 ‼
📖 Read
via "National Vulnerability Database".
Due to insufficient length validation in the Open5GS GTP library versions prior to versions 2.4.13 and 2.5.7, when parsing extension headers in GPRS tunneling protocol (GPTv1-U) messages, a protocol payload with any extension header length set to zero causes an infinite loop. The affected process becomes immediately unresponsive, resulting in denial of service and excessive resource consumption. CVSS3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0587 ‼
📖 Read
via "National Vulnerability Database".
A file upload vulnerability in exists in Trend Micro Apex One server build 11110. Using a malformed Content-Length header in an HTTP PUT message sent to URL /officescan/console/html/cgi/fcgiOfcDDA.exe, an unauthenticated remote attacker can upload arbitrary files to the SampleSubmission directory (i.e., \PCCSRV\TEMP\SampleSubmission) on the server. The attacker can upload a large number of large files to fill up the file system on which the Apex One server is installed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-24324 ‼
📖 Read
via "National Vulnerability Database".
A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Products: IGSS Data Server - IGSSdataServer.exe (Versions prior to V15.0.0.22073)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34458 ‼
📖 Read
via "National Vulnerability Database".
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34459 ‼
📖 Read
via "National Vulnerability Database".
Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a improper verification of cryptographic signature in get applicable driver component. A local malicious user could potentially exploit this vulnerability leading to malicious payload execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23455 ‼
📖 Read
via "National Vulnerability Database".
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23454 ‼
📖 Read
via "National Vulnerability Database".
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-27537 ‼
📖 Read
via "National Vulnerability Database".
Potential vulnerabilities have been identified in the system BIOS of certain HP PC products, which might allow arbitrary code execution, escalation of privilege, denial of service, and information disclosure. HP is releasing BIOS updates to mitigate these potential vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34398 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains a Time-of-check Time-of-use vulnerability. A local authenticated malicious user could\u00a0potentially exploit this vulnerability by using a specifically timed DMA transaction during an SMI to gain arbitrary code execution on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23453 ‼
📖 Read
via "National Vulnerability Database".
Potential security vulnerabilities have been identified in HP Support Assistant. These vulnerabilities include privilege escalation, compromise of integrity, allowed communication with untrusted clients, and unauthorized modification of files.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45099 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.4.x, contain a weak encoding for a NDMP password. A malicious and privileged local attacker could potentially exploit this vulnerability, leading to a full system compromise📖 Read
via "National Vulnerability Database".
‼ CVE-2020-14395 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-3439 ‼
📖 Read
via "National Vulnerability Database".
HP has identified a potential vulnerability in BIOS firmware of some Workstation products. Firmware updates are being released to mitigate these potential vulnerabilities.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-34403 ‼
📖 Read
via "National Vulnerability Database".
Dell BIOS contains a Stack based buffer overflow vulnerability. A local authenticated attacker could potentially exploit this vulnerability by using an SMI to send larger than expected input to a parameter to gain arbitrary code execution in SMRAM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-45100 ‼
📖 Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0608 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository microweber/microweber prior to 1.3.2.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-24977 ‼
📖 Read
via "National Vulnerability Database".
Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/apache/inlong/pull/7214 https://github.com/apache/inlong/pull/7214 to solve it.📖 Read
via "National Vulnerability Database".