βΌ CVE-2021-31577 βΌ
π Read
via "National Vulnerability Database".
In Boa, there is a possible escalation of privilege due to a missing permission check. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42951 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server 6.5.x and 6.6.x before 6.6.6, 7.x before 7.0.5, and 7.1.x before 7.1.2. During the start-up of a Couchbase Server node, there is a small window of time (before the cluster management authentication has started) where an attacker can connect to the cluster manager using default credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31578 βΌ
π Read
via "National Vulnerability Database".
In Boa, there is a possible escalation of privilege due to a stack buffer overflow. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23333 βΌ
π Read
via "National Vulnerability Database".
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31575 βΌ
π Read
via "National Vulnerability Database".
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45589 βΌ
π Read
via "National Vulnerability Database".
SQL Injection vulnerability in Talend ESB Runtime 7.3.1-R2022-09-RT thru 8.0.1-R2022-10-RT when using the provisioning service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31576 βΌ
π Read
via "National Vulnerability Database".
In Boa, there is a possible information disclosure due to a missing permission check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210008; Issue ID: OSBNB00123241.π Read
via "National Vulnerability Database".
βΌ CVE-2021-31574 βΌ
π Read
via "National Vulnerability Database".
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.π Read
via "National Vulnerability Database".
βΌ CVE-2022-48166 βΌ
π Read
via "National Vulnerability Database".
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42439 βΌ
π Read
via "National Vulnerability Database".
IBM App Connect Enterprise 11.0.0.17 through 11.0.0.19 and 12.0.4.0 and 12.0.5.0 contains an unspecified vulnerability in the Discovery Connector nodes which may cause a 3rd party systemΓ’β¬β’s credentials to be exposed to a privileged attacker. IBM X-Force ID: 238211.π Read
via "National Vulnerability Database".
βΌ CVE-2022-42950 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23942 βΌ
π Read
via "National Vulnerability Database".
The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44268 βΌ
π Read
via "National Vulnerability Database".
ImageMagick 7.1.0-49 is vulnerable to Information Disclosure. When it parses a PNG image (e.g., for resize), the resulting image could have embedded the content of an arbitrary. file (if the magick binary has permissions to read it).π Read
via "National Vulnerability Database".
βΌ CVE-2021-31573 βΌ
π Read
via "National Vulnerability Database".
In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: A20210009; Issue ID: OSBNB00123234.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44267 βΌ
π Read
via "National Vulnerability Database".
ImageMagick 7.1.0-49 is vulnerable to Denial of Service. When it parses a PNG image (e.g., for resize), the convert process could be left waiting for stdin input.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0615 βΌ
π Read
via "National Vulnerability Database".
A memory leak flaw and potential divide by zero and Integer overflow was found in the Linux kernel V4L2 and vivid test code functionality. This issue occurs when a user triggers ioctls, such as VIDIOC_S_DV_TIMINGS ioctl. This could allow a local user to crash the system if vivid test code enabled.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3229 βΌ
π Read
via "National Vulnerability Database".
Because the web management interface for Unified Intents' Unified Remote solution does not itself require authentication, a remote, unauthenticated attacker can change or disable authentication requirements for the Unified Remote protocol, and leverage this now-unauthenticated access to run code of the attacker's choosing.π Read
via "National Vulnerability Database".
βΌ CVE-2022-46496 βΌ
π Read
via "National Vulnerability Database".
BTicino Door Entry HOMETOUCH for iOS 1.4.2 was discovered to be missing an SSL certificate.π Read
via "National Vulnerability Database".
βΌ CVE-2022-44617 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in libXpm. When processing a file with width of 0 and a very large height, some parser functions will be called repeatedly and can lead to an infinite loop, resulting in a Denial of Service in the application linked to the library.π Read
via "National Vulnerability Database".
βΌ CVE-2022-28923 βΌ
π Read
via "National Vulnerability Database".
Caddy v2.4.6 was discovered to contain an open redirection vulnerability which allows attackers to redirect users to phishing websites via crafted URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23849 βΌ
π Read
via "National Vulnerability Database".
Versions of Coverity Connect prior to 2022.12.0 are vulnerable to an unauthenticated Cross-Site Scripting vulnerability. Any web service hosted on the same sub domain can set a cookie for the whole subdomain which can be used to bypass other mitigations in place for malicious purposes. CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:O/RC:Cπ Read
via "National Vulnerability Database".