Input validation

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 16.2, iCloud for Windows 14.1, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing a maliciously crafted file may lead to arbitrary code execution...

CVE-2022-4052

A vulnerability was found in Student Attendance Management System and classified as critical. This issue affects some unknown processing of the file /Admin/createClass.php. The manipulation of the argument Id leads to sql injection. The attack may be initiated remotely. The exploit has been...

Cross site scripting

A vulnerability was found in eolinker apinto-dashboard and classified as problematic. This issue affects some unknown processing of the file /api/discoveries/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and ma...

CVE-2022-3803

The CVE-2022-3803 entry concerns eolinker apinto-dashboard. The vulnerability is a cross-site scripting (XSS) issue arising from unknown processing in the /api/discoveries/ path. The root cause is described as improper handling in that endpoint, enabling an attacker to inject malicious script. Se...

Sql injection

A vulnerability, which was classified as critical, has been found in seccome Ehoney. This issue affects some unknown processing of the file /api/v1/attack. The manipulation of the argument AttackIP leads to sql injection. The attack may be initiated remotely. The associated identifier of this...

Improper access control

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

Linux kernel has unspecified vulnerabilities (CNVD-2022-72079)

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. Linux kernel has a security vulnerability that affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. This operation results in a memory leak. No details of the...

Design/Logic Flaw

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of...

The vulnerability of the strcpy() function in Netgear Nighthawk AC1900 R7000 wireless router software allows a hacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the strcpy function in Netgear Nighthawk AC1900 R7000 wireless router software lies in the fact that the write operation goes beyond the buffer boundaries into memory when processing the binary file wl. Exploiting this vulnerability could allow an attacker to compromise the...

ROS-20221004-01

Vim text editor vulnerability is related to a boundary error during file processing in the function exfinally in exeval.c. Exploitation of the vulnerability could allow an attacker acting remotely, create a special file, force the victim to open it, cause memory corruption, and execute arbitrary...

PT-2022-21889 · Autodesk · Autodesk Dwg

Name of the Vulnerable Software and Affected Versions: Autodesk DWG affected versions not specified Description: A maliciously crafted Dwg2Spd file, when processed through the Autodesk DWG application, could lead to a memory corruption issue due to a write access violation. This issue, in...

The vulnerability of the Video microprogramming system component in Qualcomm’s embedded chips allows a hacker to trigger a service failure.

The vulnerability of the Video microprogramming software component in Qualcomm’s embedded chips relates to the lack of checks for buffer length and reading beyond the memory boundary when processing MP4 files. Exploiting this vulnerability can allow a remote attacker to cause service interruption...

The vulnerability of the Video microprogramming system component in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Video microprogramming software component in Qualcomm’s embedded chips relates to the copying of buffers without checking the size of the input data during the processing of WAV files. Exploiting this vulnerability can allow an attacker to cause service failures or execut...

Code injection

A logic issue was addressed with improved checks. This issue is fixed in iOS 15.6 and iPadOS 15.6, tvOS 15.6, macOS Monterey 12.5. Processing a maliciously crafted file may lead to arbitrary code execution...

The vulnerability in the implementation of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 allows a hacker to execute arbitrary code.

The vulnerability in the implementation of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 lies in the copying of buffers without checking the size of the input data during the processing of the netctrl file. Exploiting this vulnerability allows a remote...

CVE-2022-3147 Server-side Denial of Service while processing a specifically crafted JPEG file

Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service...

The vulnerability of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 allows a hacker to execute arbitrary code.

The vulnerability of the GetValue function in the microprogramming software for LinkHub Mesh Wi-Fi AC1200 lies in the copying of buffers without checking the size of the input data during the processing of the pann file. Exploiting this vulnerability allows a remote attacker to execute arbitrary...

PT-2022-20018 · Unknown · Oretnom23 Fast Food Ordering System

Name of the Vulnerable Software and Affected Versions: oretnom23 Fast Food Ordering System affected versions not specified Description: A problematic issue has been found in the oretnom23 Fast Food Ordering System, affecting the processing of the file "admin/?page=reports". The manipulation of th...

PT-2022-4635 · Measuresoft · Measuresoft Scadapro Server

Name of the Vulnerable Software and Affected Versions: Measuresoft ScadaPro Server All Versions Description: The issue is related to a use-after-free condition when processing a specific project file, which can allow an attacker to execute arbitrary code remotely. This is associated with the...

CVE-2022-2816

An out-of-bounds read vulnerability was found in Vim in the checkvim9unlet function in the vim9cmds.c file. This issue occurs because of invalid memory access when compiling the unlet command when a specially crafted input is processed. This flaw allows an attacker who can trick a user into openi...