‼ CVE-2022-44574 ‼
📖 Read
via "National Vulnerability Database".
An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33278 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to buffer copy without checking the size of input in HLOS when input message size is larger than the buffer capacity.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37939 ‼
📖 Read
via "National Vulnerability Database".
A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 servers. The vulnerability could be locally exploited to allow disclosure of information. HPE has made the following software to resolve the vulnerability in HPE Superdome Flex Servers v3.65.8 and Superdome Flex 280 Servers v1.45.8.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27898 ‼
📖 Read
via "National Vulnerability Database".
Jenkins 2.270 through 2.393 (both inclusive), LTS 2.277.1 through 2.375.3 (both inclusive) does not escape the Jenkins version a plugin depends on when rendering the error message stating its incompatibility with the current version of Jenkins, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide plugins to the configured update sites and have this message shown by Jenkins instances.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33256 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to improper validation of array index in Multi-mode call processor.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40527 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS due to reachable assertion in WLAN while processing PEER ID populated by TQM.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47453 ‼
📖 Read
via "National Vulnerability Database".
In wcn service, there is a possible missing params check. This could lead to local denial of service in wcn service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33272 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS in modem due to reachable assertion.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33250 ‼
📖 Read
via "National Vulnerability Database".
Transient DOS due to reachable assertion in modem when network repeatedly sent invalid message container for NR to LTE handover.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25705 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43399 ‼
📖 Read
via "National Vulnerability Database".
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47455 ‼
📖 Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-33257 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in Core due to time-of-check time-of-use race condition during dump collection in trust zone.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27530 ‼
📖 Read
via "National Vulnerability Database".
A DoS vulnerability exists in Rack <v3.0.4.2, <v2.2.6.3, <v2.1.4.3 and <v2.0.9.3 within in the Multipart MIME parsing code in which could allow an attacker to craft requests that can be abuse to cause multipart parsing to take longer than expected.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25143 ‼
📖 Read
via "National Vulnerability Database".
An uncontrolled search path element vulnerability in the Trend Micro Apex One Server installer could allow an attacker to achieve a remote code execution state on affected products.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47484 ‼
📖 Read
via "National Vulnerability Database".
In telephony service, there is a missing permission check. This could lead to local denial of service in telephone service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27905 ‼
📖 Read
via "National Vulnerability Database".
Jenkins update-center2 3.13 and 3.14 renders the required Jenkins core version on plugin download index pages without sanitization, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to provide a plugin for hosting.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27899 ‼
📖 Read
via "National Vulnerability Database".
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier creates a temporary file in the default temporary directory with the default permissions for newly created files when uploading a plugin for installation, potentially allowing attackers with access to the Jenkins controller file system to read and write the file before it is used, potentially resulting in arbitrary code execution.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-27901 ‼
📖 Read
via "National Vulnerability Database".
Jenkins 2.393 and earlier, LTS 2.375.3 and earlier uses the Apache Commons FileUpload library without specifying limits for the number of request parts introduced in version 1.5 for CVE-2023-24998 in org.kohsuke.stapler.RequestImpl, allowing attackers to trigger a denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-25148 ‼
📖 Read
via "National Vulnerability Database".
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47458 ‼
📖 Read
via "National Vulnerability Database".
In wlan driver, there is a possible missing params check. This could lead to local denial of service in wlan services.📖 Read
via "National Vulnerability Database".