PT-2022-13668 · Fapolicyd +4 · Fapolicyd +4

Name of the Vulnerable Software and Affected Versions: fapolicyd affected versions not specified Description: A vulnerability was found due to an assumption on how glibc names the runtime linker. A build time regular expression may not correctly detect the runtime linker, causing pattern detectio...

PT-2022-14877 · Npm · Libxmljs

Name of the Vulnerable Software and Affected Versions: libxmljs versions all Description: The issue arises when the libxmljs.parseXml function is invoked with a non-buffer argument. In such cases, the V8 code attempts to call the toString method of the argument. If the argument's toString value i...

PT-2022-18693

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS version 9.0 Description A reflected cross-site scripting XSS issue in the /public/launchNewWindow.jsp component allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters...

PT-2022-18953 · Bentley · Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

PT-2022-18942 · Bentley · Bentley Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.034 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

PT-2022-15302 · Huawei · Emui +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A permission bypass issue exists, potentially affecting data confidentiality when the NFC CAs access the TEE. Recommendations: At the moment, there is no information about a newer...

PT-2022-18237 · Zbzcms · Zbzcms

Name of the Vulnerable Software and Affected Versions: zbzcms version 1.0 Description: The issue is related to incorrect access control at the /admin/run ajax.php endpoint, allowing attackers to add administrator accounts arbitrarily. Recommendations: For zbzcms version 1.0, as a temporary...

0day vulnerability discovered in Spring Core Framework

A vulnerability has been discovered in Spring Core Framework. Spring Core Framework is a set of Java libraries that can be used to develop applications in a structured way to develop applications that can can then run either standalone or in Web application environments such as Tomcat. A maliciou...

PT-2022-18380 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idcCMS version 1.10 Description: The issue allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. Recommendations: For idcCMS version 1.10, consider restricting access to the...

PT-2022-17287 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: The issue is related to multiple stack overflows that can occur via the NPTR, V12, V10, and V11 parameters in the Formsetqosband function. This can potentially lead to exploitation. Recommendations: F...

PT-2022-17295 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: A stack overflow issue was discovered via the ntpserver parameter in the SetSysTimeCfg function. Recommendations: For Tenda AC9 version 15.03.2.21, consider restricting access to the SetSysTimeCfg...

PT-2022-16980 · Ipcomm · Ipcomm Ipdio +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be...

PT-2022-15009 · Envoy · Envoy

Name of the Vulnerable Software and Affected Versions: Envoy affected versions not specified Description: The issue concerns Envoy, an open source edge and service proxy for cloud-native applications. It allows the re-use of TLS when certain certificate validation settings have changed from their...

CVE-2021-44779

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

CVE-2021-44779 WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

PT-2022-4912 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. This issue is related to the handling of the libcommonprod.so binary, where a specially-crafted configuration value can...

PT-2022-12281 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript versions 3.0.0 and below Description: A stack overflow issue was discovered in Jerryscript via the ecma find named property function in ecma-helpers.c. Recommendations: For Jerryscript versions 3.0.0 and below, consider restrictin...

PT-2022-7540 · Hdf5 +3 · Hdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.13.1-1 Description: The issue is related to a Divide By Zero vulnerability in the H5T complete copy function, located in the H5T.c file of the HDF5 library. This vulnerability can cause an arithmetic exception, leading to a...

PT-2022-12393 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.1.0 Description: The issue is related to an invalid call in the gf node changed function, which can lead to a Denial of Service DoS. Recommendations: For GPAC version 1.1.0, consider disabling the gf node changed function as a...

PT-2022-1525 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in the Windows Certificate authentication procedure, allowing an attacker to conduct spoofing attacks. It is associated with data substitution, enabling...