CVE-2022-3869

The provided sources confirm a code/injection vulnerability in froxlor/froxlor prior to version 0.10.38.2. Multiple documents (CVE-2022-3869 overview, Nuclei template, OSV, CNNVD, Veracode) describe HTML/Code Injection in Froxlor, typically via user input handling (e.g., customermail) and imprope...

Code injection

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39...

Format string

Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3...

CVE-2022-3721 Code Injection in froxlor/froxlor

Code Injection in GitHub repository froxlor/froxlor prior to 0.10.39...

CVE-2022-3023 Use of Externally-Controlled Format String in pingcap/tidb

Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3...

CVE-2022-3023

The CVE-2022-3023 entry relates to a vulnerability in the PingCAP TiDB server where an externally controlled format string is used, affecting TiDB and specifically versions prior to 6.4.0 and prior to 6.1.3. The issue is described as a format-string vulnerability that can lead to unintended behav...

OpenSSL Releases Security Update

OpenSSL has released a security advisory to address two vulnerabilities, CVE-2022-3602 and CVE-2022-3786, affecting OpenSSL versions 3.0.0 through 3.0.6. Both CVE-2022-3602 and CVE-2022-3786 can cause a denial of service. According to OpenSSL, a cyber threat actor leveraging CVE-2022-3786, "can...

CVE-2022-3254

creationtimestamp| type| source ---|---|--- 2022-10-31 19:38:14+00:00| seen| https://t.me/cibsecurity/52301 2026-02-06 15:04:17+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2022/CVE-2022-3254.yaml 2026-02-11 21:03:01+00:00| seen|...

GO-2022-1043 Hardcoded hashed password in github.com/flyteorg/flyteadmin

Default authorization server's configuration settings contain a known hardcoded hashed password. Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller...

Default credentials

Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.8...

CVE-2022-3754

CVE-2022-3754 affects the phpMyFAQ project (thorsten/phpmyfaq), before version 3.1.8. The root issue is weak password requirements; versions prior to 3.1.8 allow inadequate password length. The 3.1.8 release introduces an eight-character minimum password length. No exploit details are provided in...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-2639)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PYSEC-2022-42978

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

Code injection

Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7...

Amazon Linux AMI : vim (ALAS-2022-1639)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1639 advisory. A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msgouttransspecial function. This flaw allows a specially crafted file to crash software or execute code when opened in...

CVE-2022-3327

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

Authentication flaw

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

PYSEC-2022-42977

Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6...

SUSE SLES15 Security Update : helm (SUSE-SU-2022:3666-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3666-1 advisory. - Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. CVE-2022-1996 - Helm i...

CVE-2022-3607 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in octoprint/octoprint

Failure to Sanitize Special Elements into a Different Plane Special Element Injection in GitHub repository octoprint/octoprint prior to 1.8.3...