PT-2022-23619 · Avdor Cis · Avdor Cis

Name of the Vulnerable Software and Affected Versions: Avdor CIS - crystal quality affected versions not specified Description: The issue concerns a credentials management error in a phone call recorder product, allowing an attacker to hear recorded calls without authenticating to the system. Thi...

PT-2022-24559 · Transtek · Transtek Mojodat Fam

Name of the Vulnerable Software and Affected Versions: Transtek Mojodat FAM Fixed Asset Management version 2.4.6 Description: The issue allows remote attackers to bypass authorization in the mobile application. Recommendations: For version 2.4.6, consider restricting access to sensitive features...

PT-2022-24562 · Transtek · Transtek Mojodat Fam

Name of the Vulnerable Software and Affected Versions: Transtek Mojodat FAM Fixed Asset Management version 2.4.6 Description: The issue allows remote attackers to fetch other users' data upon a successful login request. Recommendations: For Transtek Mojodat FAM Fixed Asset Management version 2.4....

PT-2022-23488 · Tenda · Tenda G3

Name of the Vulnerable Software and Affected Versions: Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE Description: The issue is caused by a buffer overflow in the getsinglepppuser function due to sscanf. Recommendations: For Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE, as a temporary...

PT-2022-24107 · Totolink · Totolink A860R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A860R version 4.1.2cu.5182 B20201027 Description: The issue is related to a Buffer Overflow that can be triggered via the Cstecgi.cgi endpoint. This allows for potential exploitation. No information is provided about the estimated...

PT-2022-23590 · Unknown · Library Management System

Name of the Vulnerable Software and Affected Versions: Library Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the bookId parameter at the "/librarian/delete.php" API endpoint. Recommendations: For Library...

PT-2022-20219 · Unknown · Nuxt/Framework

Name of the Vulnerable Software and Affected Versions: nuxt/framework versions prior to the fixed version Description: The issue is related to Cross-site Scripting XSS - Generic. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents...

PT-2022-23854 · Vim · Gvim

Name of the Vulnerable Software and Affected Versions: gvim version 9.0.0000 Description: An issue in the installer of gvim allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:Program.exe. Recommendations: For gvim version 9.0.0000, consider restricting...

PT-2022-23839 · Wavlink · Wavlink Wl-Wn575A3

Name of the Vulnerable Software and Affected Versions: WAVLINK WL-WN575A3 version RPT75A3.V4300.201217 Description: A command injection issue was found in the adm.cgi file, allowing attackers to execute arbitrary commands via the username parameter. Recommendations: For WAVLINK WL-WN575A3 version...

PT-2022-4663 · Trend Micro · Trend Micro Housecall

Name of the Vulnerable Software and Affected Versions: Trend Micro HouseCall versions 1.62.1.1133 and below Description: The issue is related to incorrect permission assignment, which could allow a local attacker to escalate privileges due to an overly permissive folder in the product installer...

PT-2022-23781 · H3C · H3C Gr-1200W

Name of the Vulnerable Software and Affected Versions: H3C GR-1200W MiniGRW1A0V100R006 Description: A stack overflow issue was discovered in the function UpdateWanParamsMulti. Recommendations: For H3C GR-1200W MiniGRW1A0V100R006, as a temporary workaround, consider disabling the...

PT-2022-23420 · H3C · H3C Magic Nx18 Plus

Name of the Vulnerable Software and Affected Versions: H3C Magic NX18 Plus version NX18PV100R003 Description: A stack overflow issue was discovered via the function Asp SetTimingtimeWifiAndLed. This issue affects the H3C Magic NX18 Plus device. Recommendations: For H3C Magic NX18 Plus version...

PT-2022-23272 · Unknown · Clinic'S Patient Management System

Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the patients.php file. This means that an attacker could potentially inject malicious scripts into the website, which could then ...

PT-2022-4364 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...

PT-2022-15414 · Ibm · Ibm Spectrum Scale Data Access Services

Name of the Vulnerable Software and Affected Versions: IBM Spectrum Scale Data Access Services DAS version 5.1.3.1 Description: The issue allows an authenticated user to insert code, potentially enabling the attacker to manipulate cluster resources due to excessive permissions. Recommendations: F...

PT-2022-4110 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: The issue is related to a denial of service vulnerability in Microsoft Outlook. It is caused by incorrect clearing or release of resources. An attacker, acting remotely, can explo...

PT-2022-4335 · Microsoft · Windows Local Security Authority +1

Name of the Vulnerable Software and Affected Versions: Windows Local Security Authority LSA affected versions not specified Description: The issue is related to insufficient input validation in the Local Security Authority LSA service of the Microsoft Windows operating system. It can be exploited...

PT-2022-4116 · Cryptopro +3 · Cryptopro Secure Disk +3

Name of the Vulnerable Software and Affected Versions: CryptoPro Secure Disk versions before 2022-06-01 Description: A flaw was found in the bootloaders, allowing an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an attacker...

PT-2022-23284 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: The issue concerns a stored XSS vulnerability. It occurs because the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, allowing a malicious acto...

PT-2022-16419 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to...