PT-2022-27542 · Tenda · Tenda W6-S

Name of the Vulnerable Software and Affected Versions: Tenda W6-S version 1.0.0.4510 Description: The issue affects the component tpi systool handle0 and is related to the API endpoint /goform/SysToolReboot. This allows unauthenticated attackers to arbitrarily reboot the device. Recommendations:...

PT-2022-27561 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the Go parameter at the "/goform/SafeMacFilter" API endpoint. Recommendations: For Tenda W30E version 1.0.1.25633, as a temporary workaround, consider...

PT-2022-27562 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0.1.25633 Description: A stack overflow issue was discovered via the page parameter at the "/goform/qossetting" API endpoint. This issue affects the Tenda W30E device. Recommendations: For Tenda W30E version 1.0.1.25633, ...

PT-2022-27194 · Tenda · Tenda I21

Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the "/goform/AddSysLogRule" API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version...

PT-2022-24151 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise versions 9.2.1.0 and below Aruba EdgeConnect Enterprise versions 9.1.3.0 and below Aruba EdgeConnect Enterprise versions 9.0.7.0 and below Aruba EdgeConnect Enterprise versions 8.3.7.1 and below Description: A...

CVE-2022-45930

A SQL injection issue was discovered in AAA in OpenDaylight ODL before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface...

CVE-2022-41924 Tailscale Windows daemon is vulnerable to RCE via CSRF

A vulnerability identified in the Tailscale Windows client allows a malicious website to reconfigure the Tailscale daemon tailscaled, which can then be used to remotely execute code. In the Tailscale Windows client, the local API was bound to a local TCP socket, and communicated with the Windows...

Dolibarr vulnerable to privilege escalation

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API...

GHSA-GH7M-J673-WM97 Dolibarr vulnerable to privilege escalation

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API...

CVE-2022-43138

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API...

CVE-2022-43138

Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API...

Redwood is vulnerable to account takeover via dbAuth "forgot-password"

Impact What kind of vulnerability is it? Who is impacted? This is an API vulnerability in Redwood's dbAuth, specifically the dbAuth forgot password feature: - only projects with the dbAuth "forgot password" feature are affected - this vulnerability was introduced in v0.38.0 User Accounts are...

GHSA-3QMC-2R76-4RQP Redwood is vulnerable to account takeover via dbAuth "forgot-password"

Impact What kind of vulnerability is it? Who is impacted? This is an API vulnerability in Redwood's dbAuth, specifically the dbAuth forgot password feature: - only projects with the dbAuth "forgot password" feature are affected - this vulnerability was introduced in v0.38.0 User Accounts are...

CVE-2022-39394 wasmtime_trap_code C API function has out of bounds write vulnerability

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's C API implementation where the definition of the wasmtimetrapcode does not match its declared signature in the wasmtime/trap.h header file. This discrepancy causes the function implementation to...

PT-2022-25982 · Etic Telecom · Etic Telecom Remote Access Server

Name of the Vulnerable Software and Affected Versions: ETIC Telecom Remote Access Server RAS versions 4.5.0 and prior Description: The application programmable interface API of the affected software is vulnerable to directory traversal through several different methods. This could allow an attack...

CVE-2022-45130

Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names...

GHSA-RWCF-GQ22-PH83 IBAX go-ibax vulnerable to SQL injection

A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to sql injection. The attack may be launched remotely. The exploit has been...

IBAX go-ibax SQL注入漏洞

IBAX go-ibax is a blockchain system platform from IBAX Corporation. IBAX go-ibax suffers from a SQL injection vulnerability that stems from unknown functionality in file/api/v2/open/tablesInfo, where manipulation of parameter callbacks leads to SQL injection...

CVE-2022-3800 IBAX go-ibax rowsInfo sql injection

A vulnerability, which was classified as critical, has been found in IBAX go-ibax. Affected by this issue is some unknown functionality of the file /api/v2/open/rowsInfo. The manipulation of the argument tablename leads to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2022-3729

A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this...