PT-2022-4025 · Jenkins · Jenkins Openshift Deployer Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: The issue is related to a missing permission check in the plugin, which can be exploited by attackers with Overall/Read permission to connect to an attacker-specified U...

PT-2022-8896 · Unknown · Sonar-Wrapper

Name of the Vulnerable Software and Affected Versions: sonar-wrapper versions all versions Description: A command injection issue affects the package. The injection point is located in lib/sonarRunner.js. Recommendations: For all versions, consider restricting access to the vulnerable...

PT-2022-3884 · Microsoft · Windows Common Log File System Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to insufficient access control in the Windows Common Log File System Driver, which can be exploited to elevate privileges. This could allo...

PT-2022-15750 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 2.0 Description: A critical issue was found in the system, affecting an unknown function of the file /pms/update user.php?user id=1. The manipulation of the profile picture argument wit...

PT-2022-21079 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version US AC10V1.0RTL V15.03.06.26 multi TD01 Description: A remote code execution issue was discovered, allowing exploitation via the lanIp parameter. Recommendations: For Tenda AC10 version US AC10V1.0RTL V15.03.06.26 multi TD01...

PT-2022-21083 · Snipe-It · Snipe-It

Name of the Vulnerable Software and Affected Versions: Snipe-IT version 6.0.2 Description: The issue allows attackers to execute arbitrary code via a crafted file, exploiting an arbitrary file upload vulnerability in the Update Branding Settings component. Recommendations: For Snipe-IT version...

PT-2022-21058 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: A stack overflow issue was discovered via the list parameter in the fromSetRouteStatic function. Recommendations: For Tenda AX1806 version 1.0.0.1, consider restricting access to the fromSetRouteStati...

PT-2022-20990 · Mcms · Mcms

Name of the Vulnerable Software and Affected Versions: MCMS version 5.2.8 Description: The issue is related to an arbitrary file upload vulnerability. This means that an attacker could potentially upload malicious files to the system, which could lead to various security problems. Recommendations...

PT-2022-21063 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.0.0.12 Description: The issue is related to multiple stack overflow vulnerabilities. These vulnerabilities can be exploited via the ssidList, storeName, and trademark parameters in the formSetStoreWeb function...

PT-2022-21071 · Totolink · Totolink T6

Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.9cu.5179 B20201015 Description: A stack overflow issue was discovered via the desc parameter in the function FUN 00412ef4. This issue can be exploited, potentially leading to unintended consequences. Recommendations: F...

PT-2022-22347 · Jenkins · Jenkins Deployment Dashboard Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because environment names on the Deployment Dashboard view are not properly escape...

PT-2022-3089 · Motorola · Motorola Moscad +1

Name of the Vulnerable Software and Affected Versions: Motorola MOSCAD and ACE line of RTUs through 2022-05-02 Description: The issue concerns the omission of an authentication requirement in the Motorola MOSCAD and ACE line of RTUs. These devices feature IP Gateway modules that allow for...

PT-2022-22133 · Pmb · Pmb

Name of the Vulnerable Software and Affected Versions: PMB version 7.3.10 Description: The issue allows reflected XSS via the id parameter in an lvl=author see request to "index.php". This can potentially lead to malicious script execution. Recommendations: For PMB version 7.3.10, consider...

PT-2022-20864 · Sap · Sap Financial Consolidation

Name of the Vulnerable Software and Affected Versions: SAP Financial Consolidation version 1010 Description: The issue results in escalation of privileges due to the lack of necessary authorization checks for an authenticated user. Recommendations: For SAP Financial Consolidation version 1010,...

CVE-2022-31022 Missing Role Based Access Control for the REST handlers in bleve/http package

Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node’s filesystem where the bleve index resides, if the user has used bleve’s own HTTP bleve/http handlers fo...

PT-2022-11632 · Halibut +2 · Halibut +2

Name of the Vulnerable Software and Affected Versions: Halibut version 1.2 Description: A use after free in cleanup index in index.c allows an attacker to cause a segmentation fault or possibly have other unspecified impact via a crafted text document. Recommendations: For Halibut version 1.2, as...

PT-2022-20309 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: xpdf version 4.04 Description: The issue arises when xpdf allocates excessive memory in response to crafted input. This can be triggered by sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE CX...

PT-2022-2448 · Microsoft · Windows Graphics +1

Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Windows Graphics Component. It may allow a remote attacker to gain unauthorized access to protected...

PT-2022-19309 · D Link · D-Link Dir-816 A2

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 A2 version 1.10CNB04 Description: A command injection issue was discovered via the admuser and admpass parameters in the "/goform/setSysAdm" API endpoint. Recommendations: For D-Link DIR-816 A2 version 1.10CNB04, as a temporary...

PT-2022-19090 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 b20191024 Description: A command injection issue is found in the setWiFiWpsCfg interface, allowing an attacker to execute arbitrary commands through a carefully constructed payload. Recommendations: For...