PT-2022-5718 · NetGear · Netgear R7000P

Name of the Vulnerable Software and Affected Versions: Netgear R7000P versions V1.3.0.8 through V1.3.1.64 Description: The issue is related to a buffer overflow error via parameters stamode dns1 pri and stamode dns1 sec. This can allow a remote attacker to execute arbitrary code through these...

PT-2022-6529 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: The issue is related to a use-after-free vulnerability in the parsing of TIF files, which can be exploited by remote attackers to execute arbitrary code on affected installations...

PT-2022-12629 · Lanner · Iac-Ast2500A

Name of the Vulnerable Software and Affected Versions: Lanner Inc IAC-AST2500A version 1.10.0 Description: Session fixation and insufficient session expiration vulnerabilities allow an attacker to perform session hijacking attacks against users. Recommendations: For Lanner Inc IAC-AST2500A versio...

PT-2022-26293 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/formSetFirewallCfg" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, as...

PT-2022-36681 · Git +1 · Curl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack buffer overflow error, as indicated by the crash type 'Stack-buffer-overflow WRITE'. The crash state points to functions...

PT-2022-5278 · D Link · D-Link Covr

Name of the Vulnerable Software and Affected Versions: D-Link COVR versions 1200, 1202, 1203 v1.08 Description: The issue is related to a command injection vulnerability in the SetNetworkTomographySettings function. This vulnerability can be exploited via the tomography ping number parameter,...

PT-2022-25698 · Sap · Sap 3D Visual Enterprise Author

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Author version 9 Description: The issue arises due to improper memory management when handling Enhanced Metafile .emf, emf.x3d files from untrusted sources. This can lead to Remote Code Execution when a manipulated fi...

PT-2022-5427 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access restrictions in the Windows Local Security Authority LSA component, which can be exploited to elevate privileges. This allows an attacker to affe...

PT-2022-5444 · Microsoft · Windows Portable Device Enumerator Service +1

Name of the Vulnerable Software and Affected Versions: Windows Portable Device Enumerator Service affected versions not specified Description: The issue is related to the use of a hardcoded cryptographic key in the Windows Portable Device Enumerator Service. This could allow an attacker to bypass...

PT-2022-14656 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing authorization in the system service, which lacks permission checks and protection. This results in a local elevation of privilege. Recommendations: For...

PT-2022-25706 · Sap · Sap 3D Visual Enterprise Author

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Author version 9 Description: The issue arises due to improper memory management when a user opens a manipulated Windows Cursor File .cur, .ico.x3d from untrusted sources. This can cause the application to crash,...

PT-2022-25677 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

PT-2022-26094 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.04 Description: A problem has been detected in the convertToType0 function in the fofi/FoFiType1C.cc file, causing a crash. This issue is distinct from other known vulnerabilities. Recommendations: For Xpdf version 4.04, consid...

PT-2022-25538 · Unknown · Mipc Camera Firmware

Name of the Vulnerable Software and Affected Versions: mIPC camera firmware version 5.3.1.2003161406 Description: The issue is related to an unlimited strcpy on user input when setting a locale file, which leads to a stack buffer overflow. This occurs in the mIPC camera firmware. Recommendations:...

CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

PT-2022-25591 · Tenda · Tenda W20E

Name of the Vulnerable Software and Affected Versions: Tenda W20E router version 15.11.0.6 Description: The issue is a stack overflow vulnerability in the formSetDebugCfg function, which is triggered by the request "/goform/setDebugCfg/". This vulnerability can be exploited, but details about the...

PT-2022-25762 · Jenkins · Jenkins Bigpanda Notifier Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins BigPanda Notifier Plugin versions 1.4.0 and earlier Description: The issue concerns the storage of the BigPanda API key in an unencrypted form within the global configuration file on the Jenkins controller. This file can be accessed b...

PT-2022-22543 · Otfcc +1 · Otfcc +1

Name of the Vulnerable Software and Affected Versions: OTFCC commit 617837b Description: A heap buffer overflow issue has been discovered in OTFCC commit 617837b via the /release-x64/otfccdump+0x6c0bc3 endpoint. Recommendations: For OTFCC commit 617837b, as a temporary workaround, consider...

Vulnerability found in Microsoft Teams

Researchers from security firm Vectra have found a vulnerability found in the Microsoft Teams user application. The vulnerability allows a malicious party to obtain obtain authentication tokens from users and thereby perform actions with the victim's privileges. The vulnerability has not been...

PT-2022-25442 · Ansys · Ansys Spaceclaim

Name of the Vulnerable Software and Affected Versions: Ansys SpaceClaim version 2022 R1 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The fla...