CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-27817

CVE-2022-27817 affects the SWHKD hotkey daemon (SWHKD 1.1.5, Rust) which can consume keyboard events from unintended users. This behavior can lead to information disclosure and, more commonly, a denial of functionality. The connected documents confirm the impact but do not provide a concrete expl...

CVE-2022-1256

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation...

CVE-2022-1256

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation...

SWHKD 安全漏洞

SWHKD is a display protocol-independent hotkey daemon made in Rust. SWHKD has a security vulnerability that stems from keyboard events using an unintended user, which can be exploited by an attacker to cause information disclosure, but is usually a denial of functionality...

use of deprecated chainlink oracle method

Lines of code Vulnerability details Impact latestanswer , this method does not error if no answer has been reached, it will simply return 0, since we have checks in function requireanswer 0, "invalidoracleanswer"; we may not get the latest value of current price which can affect the functionality...

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2022-1386)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Service Update 037 for Microsoft Dynamics CRM (on-premises) 9.0

Service Update 037 for Microsoft Dynamics CRM on-premises 9.0 Dynamics 365 Introduction Service Update 9.0.37 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.37. More information Update package|...

PT-2022-2523 · Mcafee · Mcafee Agent

Name of the Vulnerable Software and Affected Versions: McAfee Agent versions prior to 5.7.6 Description: The issue is related to a local privilege escalation vulnerability that allows a low-privileged user to gain system privileges. This is achieved by exploiting the repair functionality, which...

Hardcoded credentials

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain...

Unrestricted file upload

eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality...

Oracle price does not compound

Lines of code Vulnerability details Impact The oracle does not correctly compound the monthly APRs - it resets on fulfill. Note that the oraclePrice storage variable is only set in updateCPIData as part of the oracle fulfill callback. It's set to the old price price from 1 month ago plus the...

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

CVE-2022-0922

The software does not perform any authentication for critical system functionality...

Remote code execution

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

CVE-2022-0922

CVE-2022-0922 affects Philips e-Alert hardware (affected: e-Alert versions 2.7 and prior). The vulnerability is missing authentication for critical functions (CWE-306), with CVSSv3 base score 6.5 (AV:A, AC:L, PR:N, UI:N, S:U, C:N, I:N, A:H). Exploitation is adjacent-network, low complexity; impac...

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

Remote Code Execution

spring-cloud-function-context is vulnerable to remote code execution. The routing functionality allows a user to provide a malicious SpEL as a routing-expression which would allow arbitrary OS commands to be executed remotely...

Rockwell Automation Logix Controllers

1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Logix Controllers Vulnerability: Inclusion of Functionality from Untrusted Control Sphere 2. RISK EVALUATION Successful exploitation of this vulnerability may allow an...