PT-2022-11839

Name of the Vulnerable Software and Affected Versions ONLYOFFICE all versions as of 2021-11-08 Description The issue is related to Incorrect Access Control, where signed document download URLs can be forged due to a weak default URL signing key. This allows for potential exploitation, including...

CVE-2022-36431

An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code via a crafted JSP file. Issue fixed in version 7.9.6.1...

CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

CVE-2022-37888

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba Networks AP management protocol UDP port 8211. Successful exploitation of these vulnerabilities result...

CVE-2022-2433

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

Indy Node 输入验证错误漏洞

Indy Node is the server part of a distributed ledger open-sourced by Hyperledger in the United States. Built specifically for decentralized identities. An input validation error vulnerability exists in versions of Indy Node prior to 1.12.4, which stems from a "pool-upgrade" request handler in...

VulnCheck KEV: CVE-2022-27925

Synacor Zimbra Collaboration Suite ZCS contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution...

CVE-2022-20841

Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the...

CVE-2022-35865

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It! 20.21.2.109. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authorization of HTTP requests. The issue results from the lack of...

CVE-2022-29958

JTEKT TOYOPUC PLCs through 2022-04-29 do not ensure data integrity. They utilize the unauthenticated CMPLink/TCP protocol for engineering purposes, including downloading projects and control logic to the PLC. Control logic is downloaded to the PLC on a block-by-block basis with a given memory...

CVE-2022-33320

Deserialization of Untrusted Data vulnerability in Mitsubishi Electric GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions GENESIS64 versions 10.97 to 10.97.1, Mitsubishi Electric ICONICS Suite versions 10.97 to 10.97.1, Mitsubishi Electric Iconics Digital Solutions...

CVE-2022-20829 Cisco Adaptive Security Device Manager and Adaptive Security Appliance Software Client-side Arbitrary Code Execution Vulnerability

A vulnerability in the packaging of Cisco Adaptive Security Device Manager ASDM images and the validation of those images by Cisco Adaptive Security Appliance ASA Software could allow an authenticated, remote attacker with administrative privileges to upload an ASDM image that contains malicious...

CVE-2022-29875

A vulnerability has been identified in Biograph Horizon PET/CT Systems All VJ30 versions VJ30C-UD01, MAGNETOM Family NUMARIS X: VA12M, VA12S, VA10B, VA20A, VA30A, VA31A, MAMMOMAT Revelation All VC20 versions VC20D, NAEOTOM Alpha All VA40 versions VA40 SP2, SOMATOM X.cite All versions VA30 SP5 or...

VulnCheck KEV: CVE-2021-4045

TP-Link Tapo C200 IP camera, on its 1.1.15 firmware version and below, is affected by an unauthenticated RCE vulnerability, present in the uhttpd binary running by default as root. The exploitation of this vulnerability allows an attacker to take full control of the camera...

CVE-2022-24655

A stack overflow vulnerability exists in the upnpd service in Netgear EX6100v1 201.0.2.28, CAX80 2.1.2.6, and DC112A 1.0.0.62, which may lead to the execution of arbitrary code without authentication...

CVE-2022-26318

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS before 12.7.2U2, 12.x before 12.1.3U8, and 12.2.x through 12.5.x before 12.5.9U2...

CVE-2022-25073

TL-WR841Nv14US0.9.14.18 routers were discovered to contain a stack overflow in the function dmfillObjByStr. This vulnerability allows unauthenticated attackers to execute arbitrary code...

CVE-2022-25074

TP-Link TL-WR902ACUSV3191209 routers were discovered to contain a stack overflow in the function DM Fillobjbystr. This vulnerability allows unauthenticated attackers to execute arbitrary code...

CVE-2022-24355

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of file name...

PT-2022-4891 · D Link · Dlink Router

Name of the Vulnerable Software and Affected Versions: D-Link routers affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this issue. The...