Lucene search

K

ONE Security Vulnerabilities

cve
cve

CVE-2022-44652

An improper handling of exceptional conditions vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-12-12 01:15 PM
23
cve
cve

CVE-2022-44651

A Time-of-Check Time-Of-Use vulnerability in the Trend Micro Apex One and Apex One as a Service agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order...

7CVSS

7AI Score

0.0004EPSS

2022-12-12 01:15 PM
29
cve
cve

CVE-2022-44654

Affected builds of Trend Micro Apex One and Apex One as a Service contain a monitor engine component that is complied without the /SAFESEH memory protection mechanism which helps to monitor for malicious payloads. The affected component's memory protection mechanism has been updated to enhance...

7.5CVSS

7.5AI Score

0.001EPSS

2022-12-12 01:15 PM
26
cve
cve

CVE-2022-44650

A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on...

7.8CVSS

7.7AI Score

0.0004EPSS

2022-12-12 01:15 PM
25
cve
cve

CVE-2022-44649

An out-of-bounds access vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code.....

7.8CVSS

7.6AI Score

0.0004EPSS

2022-12-12 01:15 PM
24
cve
cve

CVE-2022-44653

A security agent directory traversal vulnerability in Trend Micro Apex One and Apex One as a Service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to....

7.8CVSS

7.8AI Score

0.0005EPSS

2022-12-12 01:15 PM
22
cve
cve

CVE-2022-37018

A potential vulnerability has been identified in the system BIOS for certain HP PC products which may allow escalation of privileges and code execution. HP is releasing firmware updates to mitigate the potential...

8.4CVSS

8.6AI Score

0.001EPSS

2022-12-12 01:15 PM
28
cve
cve

CVE-2022-1038

A potential security vulnerability has been identified in the HP Jumpstart software, which might allow escalation of privilege. HP is recommending that customers uninstall HP Jumpstart and use myHP...

7.8CVSS

7.8AI Score

0.0004EPSS

2022-12-12 01:15 PM
27
cve
cve

CVE-2021-3919

A potential security vulnerability has been identified in OMEN Gaming Hub and in HP Command Center which may allow escalation of privilege and/or denial of service. HP has released software updates to mitigate the potential...

9.8CVSS

9.5AI Score

0.002EPSS

2022-12-12 01:15 PM
29
cve
cve

CVE-2021-3661

A potential security vulnerability has been identified in certain HP Workstation BIOS (UEFI firmware) which may allow arbitrary code execution. HP is releasing firmware mitigations for the potential...

8.4CVSS

8.5AI Score

0.001EPSS

2022-12-12 01:15 PM
32
cve
cve

CVE-2022-45797

An arbitrary file deletion vulnerability in the Damage Cleanup Engine component of Trend Micro Apex One and Trend Micro Apex One as a Service could allow a local attacker to escalate privileges and delete files on affected installations. Please note: an attacker must first obtain the ability to...

7.1CVSS

7.5AI Score

0.0004EPSS

2022-12-12 09:15 AM
32
cve
cve

CVE-2022-3677

The Advanced Import WordPress plugin before 1.3.8 does not have CSRF check when installing and activating plugins, which could allow attackers to make a logged in admin install arbitrary plugins from WordPress.org, and activate arbitrary ones from the blog via CSRF...

6.5CVSS

6.4AI Score

0.001EPSS

2022-12-05 05:15 PM
23
cve
cve

CVE-2022-40204

A cross-site scripting (XSS) vulnerability exists in all current versions of Digital Alert Systems DASDEC software via the Host Header in undisclosed pages after...

5.4CVSS

5.2AI Score

0.001EPSS

2022-12-01 12:15 AM
31
cve
cve

CVE-2019-18265

Digital Alert Systems’ DASDEC software prior to version 4.1 contains a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the SSH username, username field of the login page, or via the HTTP host header. The injected content is stored in....

5.4CVSS

5.2AI Score

0.001EPSS

2022-11-30 11:15 PM
23
cve
cve

CVE-2022-44737

Multiple Cross-Site Request Forgery vulnerabilities in All-In-One Security (AIOS) – Security and Firewall (WordPress plugin) <= 5.1.0 on...

8.8CVSS

8.9AI Score

0.001EPSS

2022-11-22 04:15 PM
36
7
cve
cve

CVE-2022-31687

VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...

9.8CVSS

9.2AI Score

0.002EPSS

2022-11-09 09:15 PM
61
6
cve
cve

CVE-2022-31689

VMware Workspace ONE Assist prior to 22.10 contains a Session fixation vulnerability. A malicious actor who obtains a valid session token may be able to authenticate to the application using that...

9.8CVSS

9.2AI Score

0.002EPSS

2022-11-09 09:15 PM
22
4
cve
cve

CVE-2022-31688

VMware Workspace ONE Assist prior to 22.10 contains a Reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's...

6.1CVSS

6.3AI Score

0.001EPSS

2022-11-09 09:15 PM
25
4
cve
cve

CVE-2022-31686

VMware Workspace ONE Assist prior to 22.10 contains a Broken Authentication Method vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...

9.8CVSS

9.2AI Score

0.002EPSS

2022-11-09 09:15 PM
24
6
cve
cve

CVE-2022-31685

VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability. A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the...

9.8CVSS

9.3AI Score

0.002EPSS

2022-11-09 09:15 PM
34
13
cve
cve

CVE-2022-42494

Server Side Request Forgery (SSRF) vulnerability in All in One SEO Pro plugin <= 4.2.5.1 on...

6.5CVSS

6.5AI Score

0.001EPSS

2022-11-08 07:15 PM
35
5
cve
cve

CVE-2022-30694

The login endpoint /FormLogin in affected web services does not apply proper origin checking. This could allow authenticated remote attackers to track the activities of other users via a login cross-site request forgery...

6.5CVSS

4.6AI Score

0.001EPSS

2022-11-08 11:15 AM
67
2
cve
cve

CVE-2022-35886

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker....

8.8CVSS

8.6AI Score

0.001EPSS

2022-10-25 05:15 PM
30
4
cve
cve

CVE-2022-35887

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker....

8.8CVSS

8.9AI Score

0.001EPSS

2022-10-25 05:15 PM
30
4
cve
cve

CVE-2022-35885

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker....

8.8CVSS

8.6AI Score

0.001EPSS

2022-10-25 05:15 PM
29
6
cve
cve

CVE-2022-35881

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a...

8.8CVSS

8.7AI Score

0.001EPSS

2022-10-25 05:15 PM
29
4
cve
cve

CVE-2022-35880

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a...

8.8CVSS

8.7AI Score

0.001EPSS

2022-10-25 05:15 PM
31
2
cve
cve

CVE-2022-35874

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

9.8CVSS

9.4AI Score

0.003EPSS

2022-10-25 05:15 PM
25
2
cve
cve

CVE-2022-35878

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a...

8.8CVSS

8.7AI Score

0.001EPSS

2022-10-25 05:15 PM
34
cve
cve

CVE-2022-35884

Four format string injection vulnerabilities exist in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted HTTP request can lead to memory corruption, information disclosure and denial of service. An attacker....

8.8CVSS

8.9AI Score

0.001EPSS

2022-10-25 05:15 PM
32
4
cve
cve

CVE-2022-35876

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

9.8CVSS

9.4AI Score

0.003EPSS

2022-10-25 05:15 PM
30
2
cve
cve

CVE-2022-35877

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

9.8CVSS

9.4AI Score

0.003EPSS

2022-10-25 05:15 PM
36
2
cve
cve

CVE-2022-35879

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a...

8.8CVSS

8.7AI Score

0.001EPSS

2022-10-25 05:15 PM
35
cve
cve

CVE-2022-35875

Four format string injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. Specially-crafted configuration values can lead to memory corruption, information disclosure and denial of service. An attacker can modify a...

9.8CVSS

9.4AI Score

0.003EPSS

2022-10-25 05:15 PM
32
2
cve
cve

CVE-2022-33938

A format string injection vulnerability exists in the ghome_process_control_packet functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted XCMD can lead to memory corruption, information disclosure and denial of service. An attacker can send a malicious....

9.8CVSS

9.1AI Score

0.003EPSS

2022-10-25 05:15 PM
32
4
cve
cve

CVE-2022-33195

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS

10AI Score

0.003EPSS

2022-10-25 05:15 PM
28
2
cve
cve

CVE-2022-33194

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS

10AI Score

0.003EPSS

2022-10-25 05:15 PM
25
2
cve
cve

CVE-2022-33204

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP...

9.9CVSS

9.9AI Score

0.002EPSS

2022-10-25 05:15 PM
29
2
cve
cve

CVE-2022-33205

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP...

9.9CVSS

9.9AI Score

0.004EPSS

2022-10-25 05:15 PM
28
4
cve
cve

CVE-2022-33207

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP...

9.9CVSS

9.8AI Score

0.002EPSS

2022-10-25 05:15 PM
25
cve
cve

CVE-2022-33206

Four OS command injection vulnerabilities exists in the web interface /action/wirelessConnect functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP...

9.9CVSS

9.8AI Score

0.002EPSS

2022-10-25 05:15 PM
25
cve
cve

CVE-2022-35244

A format string injection vulnerability exists in the XCMD getVarHA functionality of abode systems, inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to memory corruption, information disclosure, and denial of service. An attacker can send a malicious XML payload...

9.8CVSS

9.2AI Score

0.003EPSS

2022-10-25 05:15 PM
24
cve
cve

CVE-2022-30541

An OS command injection vulnerability exists in the XCMD setUPnP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this...

9.8CVSS

9.7AI Score

0.003EPSS

2022-10-25 05:15 PM
29
4
cve
cve

CVE-2022-33193

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS

10AI Score

0.003EPSS

2022-10-25 05:15 PM
30
2
cve
cve

CVE-2022-33192

Four OS command injection vulnerabilities exist in the XCMD testWifiAP functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A XCMD can lead to arbitrary command execution. An attacker can send a sequence of malicious commands to trigger these vulnerabilities.This...

10CVSS

10AI Score

0.003EPSS

2022-10-25 05:15 PM
32
2
cve
cve

CVE-2022-30603

An OS command injection vulnerability exists in the web interface /action/iperf functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger...

8.8CVSS

9.2AI Score

0.002EPSS

2022-10-25 05:15 PM
39
4
cve
cve

CVE-2022-32586

An OS command injection vulnerability exists in the web interface /action/ipcamRecordPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to....

8.8CVSS

9.2AI Score

0.002EPSS

2022-10-25 05:15 PM
23
cve
cve

CVE-2022-32574

A double-free vulnerability exists in the web interface /action/ipcamSetParamPost functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted HTTP request can lead to memory corruption. An attacker can make an authenticated HTTP request to trigger this...

6.5CVSS

7AI Score

0.001EPSS

2022-10-25 05:15 PM
33
cve
cve

CVE-2022-33189

An OS command injection vulnerability exists in the XCMD setAlexa functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this...

9.8CVSS

9.7AI Score

0.003EPSS

2022-10-25 05:15 PM
25
cve
cve

CVE-2022-32773

An OS command injection vulnerability exists in the XCMD doDebug functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9X and 6.9Z. A specially-crafted XCMD can lead to arbitrary command execution. An attacker can send a malicious XML payload to trigger this...

9.8CVSS

9.7AI Score

0.003EPSS

2022-10-25 05:15 PM
29
Total number of security vulnerabilities825