6678 matches found
CVE-2022-43486
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices...
Denial of service
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices...
PT-2022-26938 · Buffalo · Buffalo Network Devices
Name of the Vulnerable Software and Affected Versions: Buffalo network devices affected versions not specified Description: A hidden functionality issue in Buffalo network devices allows an attacker with administrative privileges to enable debug functionalities and execute arbitrary commands on t...
CVE-2022-43486
Hidden functionality vulnerability in Buffalo network devices allows a network-adjacent attacker with an administrative privilege to enable the debug functionalities and execute an arbitrary command on the affected devices...
CVE-2022-4326
The CVE-2022-4326 issue affects Trellix Endpoint Agent (xAgent) on Windows prior to V35.31.22. A faulty removal-protection permissions scheme allows a local administrator to bypass protections and uninstall the agent. Affected component is the removal-protection mechanism within xAgent; root caus...
National Sleep Research Resource 跨站脚本漏洞
National Sleep Research Resource is an open source national sleep research resource system by National Sleep Research Resource. A cross-site scripting vulnerability exists in National Sleep Research Resource versions prior to 59.0.0 that stems from the presence of unknown functionality...
Zoom Client for Meetings < 4.1.34475.1105 Vulnerability (ZSB-18001)
The version of Zoom Client for Meetings installed on the remote host is prior to 4.1.34475.1105. It is, therefore, affected by a vulnerability as referenced in the ZSB-18001 advisory. - A vulnerability in the Zoom client could allow a remote, unauthenticated attacker to control meeting...
SOUND4 IMPACT/FIRST/PULSE/Eco 2.x upload.cgi Code Execution
!/usr/bin/env python SOUND4 IMPACT/FIRST/PULSE/Eco =2.x upload.cgi Unauthenticated Remote Code Execution Vendor: SOUND4 Ltd. Product web page: https://www.sound4.com | https://www.sound4.biz Affected version: FM/HD Radio Processing: Impact/Pulse/First Version 2: 1.1/2.15 Impact/Pulse/First Versio...
Zoom Client for Meetings < 2.5.146186.1130 Vulnerability (ZSB-18001)
The version of Zoom Client for Meetings installed on the remote host is prior to 2.5.146186.1130. It is, therefore, affected by a vulnerability as referenced in the ZSB-18001 advisory. - A vulnerability in the Zoom client could allow a remote, unauthenticated attacker to control meeting...
GHSA-P782-4J23-XQCG Apache Atlas: zip path traversal in import functionality
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...
CVE-2022-34271 Apache Atlas: zip path traversal in import functionality
A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...
CVE-2022-41268
In some SAP standard roles in SAP Business Planning and Consolidation - versions - SAPBW 750, 751, 752, 753, 754, 755, 756, 757, DWCORE 200, 300, CPMBPC 810, a transaction code reserved for the customer is used. By implementing such transaction code, a malicious user may execute unauthorized...
WPQA < 5.9.3 - Missing validation lead to functionality abuse
The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them...
PT-2022-27219 · Unknown · Ipti Br.Tag
Name of the Vulnerable Software and Affected Versions: ipti br.tag versions prior to 2.13.0 Description: A vulnerability was found in ipti br.tag, which has been declared as problematic. The manipulation of an unknown functionality leads to cross-site scripting. The attack can be launched remotel...
WPQA < 5.9.3 - Missing validation lead to functionality abuse
The plugin which is a companion plugin used with Discy and Himer themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. PoC...
Multiple vulnerabilities in Buffalo network devices
Overview Multiple network devices provided by BUFFALO INC. contain multiple vulnerabilities listed below. OS Command Injection CWE-78 - CVE-2022-43466 OS Command Injection CWE-78 - CVE-2022-43443 Hidden Functionality CWE-912 - CVE-2022-43486 Chuya Hayakawa of 00One, Inc. reported these...
PT-2022-27447 · Dragino · Dragino Lora Lg01
Name of the Vulnerable Software and Affected Versions: Dragino Lora LG01 18ed40 IoT version 4.3.4 Description: A Cross-Site Request Forgery issue was discovered in the logout page of the affected software. Recommendations: For Dragino Lora LG01 18ed40 IoT version 4.3.4, consider disabling the...
[SECURITY] Fedora 37 Update: xfce4-places-plugin-1.8.3-1.fc37
A menu with quick access to folders, documents, and removable media. The Places plugin brings much of the functionality of GNOME=EF=BF=BD=EF=BF=BD=EF =BF=BDs Places menu to Xfce. It puts a simple button on the panel. Clicking on this button opens up a menu with 4 sections: 1 System-defined...
CVE-2022-23485
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...
PYSEC-2022-43011
Sentry is an error tracking and performance monitoring platform. In versions of the sentry python library prior to 22.11.0 an attacker with a known valid invite link could manipulate a cookie to allow the same invite link to be reused on multiple accounts when joining an organization. As a result...