CVE-2022-20831

CVE-2022-20831 involves multiple stored XSS flaws in Cisco Firepower Management Center (FMC) web UI caused by insufficient validation of user input. An authenticated, remote attacker could craft input in FMC interface fields to execute script code in the user’s browser or access browser-based inf...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. An attacker can crash the application by providing a maliciously crafted input through the multiple protocols...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. An attacker can crash the application by providing a maliciously crafted input through the multiple protocols...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service. The vulnerability exists in the InnoDB component, allowing an attacker to crash the application by providing a maliciously crafted input through the multiple protocols...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service DoS attacks. A privileged attacker with network access via multiple protocols is able to compromise the MySQL server, resulting in unauthorized ability to cause a hang or frequently repeatable crash...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service DoS attacks. A privileged attacker with network access via multiple protocols is able to compromise the MySQL server, resulting in unauthorized ability to cause a hang or frequently repeatable crash...

Denial Of Service (DoS)

rh-mysql80-mysql is vulnerable to denial of service DoS attacks. A privileged attacker with network access via multiple protocols is able to compromise the MySQL server, resulting in unauthorized ability to cause a hang or frequently repeatable crash...

FreeBSD : varnish -- Request Smuggling Vulnerability (b10d1afa-6087-11ed-8c5e-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b10d1afa-6087-11ed-8c5e-641c67a117d8 advisory. - Varnish Cache Project reports: A request smuggling attack can be performed on Varnish Cache servers b...

FreeBSD : varnish -- HTTP/2 Request Forgery Vulnerability (5b8d8dee-6088-11ed-8c5e-641c67a117d8)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5b8d8dee-6088-11ed-8c5e-641c67a117d8 advisory. - Varnish Cache Project reports: A request forgery attack can be performed on Varnish Cache servers tha...

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2022-87652)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft Corporation USA. Microsoft SharePoint Server is vulnerable to spoofing. An attacker could exploit the vulnerability with a specially crafted website to spoof content and trick users into believing that the site i...

CVE-2021-34569 WAGO I/O-Check Service prone to Out-of-bounds Write

In WAGO I/O-Check Service in multiple products an attacker can send a specially crafted packet containing OS commands to crash the diagnostic tool and write memory...

CVE-2022-45059

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend...

CVE-2022-3483

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 15.3.5, all versions starting from 15.4 before 15.4.4, all versions starting from 15.5 before 15.5.2. A malicious maintainer could exfiltrate a Datadog integration's access token by modifying the...

CVE-2022-3280

An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content...

Siemens JT2Go and Teamcenter Visualization Buffer Overflow Vulnerability (CNVD-2022-75548)

JT2Go is a 3D JT viewing tool that allows users to view JT, PDF, Solid Edge, PLM XML, and available JT, VFZ, CGM, and TIF data. teamcenter Visualization enables companies to enhance their product lifecycle management PLM environments with a comprehensive family of visualization solutions. The...

CVE-2022-45059

An issue was discovered in Varnish Cache 7.x before 7.1.2 and 7.2.x before 7.2.1. A request smuggling attack can be performed on Varnish Cache servers by requesting that certain headers are made hop-by-hop, preventing the Varnish Cache servers from forwarding critical headers to the backend...

REST API Authentication < 2.4.1 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Siemens POWER METER SICAM Q100 Input Validation Error Vulnerability

The POWER METER SICAM Q100 is a multifunctional device used to detect, report and analyze measured values and events. Siemens POWER METER SICAM Q100 is vulnerable to an input validation error, which could be exploited by an attacker to crash the device followed by an automatic reboot or execute...

Siemens QMS Automotive Information Disclosure Vulnerability

QMS Automotive provides the procedures, processes, structure and resources needed to streamline production and ERP operations while effectively managing quality issues. Siemens QMS Automotive is vulnerable to an information disclosure vulnerability that could be exploited by an attacker to access...

Attacker can take all the winnings and fill up the bids and cause loss of funds or dos

Lines of code Vulnerability details Impact Attacker can fill up all the bids and steal and be the winner and cause a dos and then withdraw/refund the funds since when doing a refund the bid isn't taken off the array an attacker can make 1000 bids and cause dos and have 100 percent chance of winni...