DEBIAN-CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-45132

In Linaro Automated Validation Architecture LAVA before 2022.11.1, remote code execution can be achieved through user-submitted Jinja2 template. The REST API endpoint for validating device configuration files in lava-server loads input as a Jinja2 template in a way that can be used to trigger...

CVE-2022-20925

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

Input validation

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

CVE-2022-20926

A vulnerability in the web management interface of the Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. The vulnerability is due to insufficient validation of user-supplied parameters for...

PT-2022-25867 · Unknown · Eyesofnetwork Web Interface

Name of the Vulnerable Software and Affected Versions: EyesOfNetwork Web Interface version 5.3 Description: A reflected cross-site scripting XSS issue was found in the EyesOfNetwork Web Interface, specifically via the "module/admin bp/add application.php" API endpoint. This issue can be exploited...

PT-2022-25866 · Unknown · Eyesofnetwork Web Interface

Name of the Vulnerable Software and Affected Versions: EyesOfNetwork Web Interface version 5.3 Description: A reflected cross-site scripting XSS issue was found in the EyesOfNetwork Web Interface. The issue is related to the "/module/report event/index.php" API endpoint. Recommendations: For...

PT-2022-11212 · Unknown · Perfex Crm

Name of the Vulnerable Software and Affected Versions: perfex crm version 1.10 Description: The issue is related to Cross Site Scripting XSS that can be exploited via the "/clients/profile" API endpoint. This allows for potential malicious script injection. Recommendations: For perfex crm version...

PT-2022-25868 · Unknown · Eyesofnetwork Web Interface

Name of the Vulnerable Software and Affected Versions: EyesOfNetwork Web Interface version 5.3 Description: A reflected cross-site scripting XSS issue was found in the EyesOfNetwork Web Interface. The issue is related to the /lilac/main.php API endpoint. Recommendations: For EyesOfNetwork Web...

PT-2022-5970 · Red Hat · Red Hat Advanced Cluster Management For Kubernetes +1

Name of the Vulnerable Software and Affected Versions: Red Hat Advanced Cluster Management for Kubernetes RHACM affected versions not specified Red Hat Advanced Cluster Security RHACS for Kubernetes affected versions not specified Description: The issue is related to a Server-Side Request Forgery...

PT-2022-26852 · Unknown · Canteen Management System

Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/print.php" API endpoint. Recommendations: For Canteen Management Syste...

PT-2022-26766 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/tests/manage test.php" API endpoint...

PT-2022-26765 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/appointments/manage appointment.php" API endpoint...

PT-2022-26854 · Unknown · Canteen Management System

Name of the Vulnerable Software and Affected Versions: Canteen Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/php action/printOrder.php" API endpoint. Recommendations: For Canteen...

PT-2022-23794 · WordPress · Web Stories

Name of the Vulnerable Software and Affected Versions: Web Stories plugin for WordPress versions up to, and including 1.24.0 Description: The issue arises from insufficient validation of URLs supplied via the url parameter in the "/v1/hotlink/proxy" REST API Endpoint. This allows authenticated...

PT-2022-23912 · Unknown · Seccome Ehoney

Name of the Vulnerable Software and Affected Versions: seccome Ehoney affected versions not specified Description: A critical issue was found in seccome Ehoney. It affects an unknown function of the /api/v1/attack/falco API endpoint. The manipulation of the Payload argument leads to SQL injection...

PT-2022-25641 · Unknown · Diaenergie

Name of the Vulnerable Software and Affected Versions: DIAEnergie versions prior to v1.9.01.002 Description: The issue concerns a stored cross-site scripting vulnerability. This vulnerability can be exploited through the "PostEnergyType API" endpoint. Recommendations: For versions prior to...

SUSE SLED15 / SLES15 Security Update : grafana (SUSE-SU-2022:3765-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3765-1 advisory. - Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could...

Server side request forgery (ssrf)

The url parameter of the /api/geojson endpoint in Metabase versions 44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects...

PT-2022-5272 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10 B05 Description: The issue is related to a stack overflow in the D-Link DIR-816 A2 router's firmware, which can be triggered via the srcip parameter at the "/goform/form2IPQoSTcAdd" API endpoint. This can...