Rocket.Chat Cross-Site Scripting Vulnerability (CNVD-2022-70579)

Rocket.Chat is an open source team chat software. Chat suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the chat window, which can be exploited by an attacker to manipulate its style, block functionality, and...

PT-2022-6088 · Cisco · Cisco Ios Xe

Name of the Vulnerable Software and Affected Versions: Cisco IOS XE Software affected versions not specified Description: A vulnerability in the DNS application layer gateway ALG functionality used by Network Address Translation NAT in Cisco IOS XE Software could allow an unauthenticated, remote...

Privilege Escalation

pinot-controller is vulnerable to privilege escalation. The vulnerability exists because the isDisableIngestionGroovy function of ControllerConf.java does not properly disable groovy functionality by default allowing an attacker to modify table-level config or broker/controller config to turn it ...

Tutor LMS < 2.0.10 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Create/Edit a Course, add a new Topic and put the following...

CVE-2022-35251

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

CVE-2022-35251

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

Cross site scripting

A cross-site scripting vulnerability exists in Rocket.chat v5 due to style injection in the complete chat window, an adversary is able to manipulate not only the style of it, but will also be able to block functionality as well as hijacking the content of targeted users. Hence the payloads are...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804-POC A critical vulnerability CVE-2022-36804 i...

PT-2022-6337 · Unknown · Mklogic-500

Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to the presence of hidden functionality, specifically SSH access, in the MKLogic-500. This could allow a remote attacker to gain full control over the device...

PT-2022-34163 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: A potential security issue has been identified, although its actual impact and attack plausibility have not yet been proven. The issue is related to the cpuinfo functionality in the Linux...

PT-2022-34240 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: The issue is related to the btrfs raid56 functionality, specifically in the raid56 parity recover function, where cached sectors are not trusted. The actual impact and potential for attack...

PT-2022-33312 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.6 Description: The issue concerns a logic flaw in the LAG Link Aggregation functionality over the MLX5 LAG FLAG NDEVS READY flag. The actual impact and potential for attack have not been proven yet...

PT-2022-33600 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: A potential security issue has been identified, although its actual impact and attack plausibility have not yet been proven. The issue is related to the cpuinfo functionality in the MIPS...

PT-2022-33431 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to the tracing functionality in the Linux Kernel, specifically with the assign vstr function. It involves using a copy of the va list to potentially mitigate a security...

PT-2022-33698 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.64 Description: A potential memory leak issue was discovered in the btrfs get dev args from path function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux...

GHSA-WRRW-CRP8-979Q Pageflow vulnerable to sensitive user data extraction via Ransack query injection

Impact The attack allows extracting sensitive properties of database objects that are associated with users or entries belonging to an account that the attacker has access to. Pageflow uses the ActiveAdmin Ruby library to provide some management features to its users. ActiveAdmin relies on the...

SuiteCRM authenticated SQL injection in export functionality

This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from t...

Authentication flaw

A threat actor with momentary access to the device can plug in a USB drive and perform a malicious firmware update, resulting in permanent changes to device functionality. No authentication or controls are in place to prevent a threat actor from maliciously modifying firmware and performing a...

CVE-2022-36385

CVE-2022-36385 affects Contec Health CMS8000 family (CMS8000 CONTEC ICU CCU Vital Signs Patient Monitor). The vulnerability arises from improper access controls that permit a threat actor with momentary physical access to insert a USB drive and perform a malicious firmware update, causing permane...

Service-Update-0.40-for-Microsoft-Dynamics CRM ( on-premises)-9.0

Service-Update-0.40-for-Microsoft-Dynamics CRM on-premises-9.0 Dynamics 365 Introduction Service Update 9.0.40 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.40. More information Update package|...