PT-2022-27583 · Tenda · Tenda Ac6V1.0

Name of the Vulnerable Software and Affected Versions: Tenda AC6V1.0 version 15.03.05.19 Description: The issue is related to a Buffer Overflow that can be triggered via the formSetMacFilterCfg. Recommendations: For Tenda AC6V1.0 version 15.03.05.19, consider restricting access to the...

PT-2022-27596 · Tenda · Tenda Ac6V1.0

Name of the Vulnerable Software and Affected Versions: Tenda AC6V1.0 version V15.03.05.19 Description: A buffer overflow issue was discovered via the ssid parameter in the form fast setting wifi set function. This issue can be exploited, potentially allowing unauthorized access or control...

PT-2022-27171 · Unknown · Sanitization Management System

Name of the Vulnerable Software and Affected Versions: Sanitization Management System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the "/php-sms/admin/?page=services/manage service&id=" endpoint. The id variable is vulnerable to this type of attack...

PT-2022-27119 · Unknown · Apartment Visitor Management System

Name of the Vulnerable Software and Affected Versions: Apartment Visitor Management System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the /avms/index.php endpoint. There is no information provided about the estimated number of potentially affected...

PT-2022-26764 · Unknown · Online Diagnostic Lab Management System

Name of the Vulnerable Software and Affected Versions: Online Diagnostic Lab Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/?page=user/manage user" API endpoint...

PT-2022-26875 · Ip Com · Ip-Com Ew9

Name of the Vulnerable Software and Affected Versions: IP-COM EW9 version 15.11.0.149732 Description: A command injection issue was found in the formSetDebugCfg function, which could potentially be exploited. Recommendations: For IP-COM EW9 version 15.11.0.149732, as a temporary workaround,...

Vulnerability Spotlight: Multiple issues in Robustel R1510 cellular router could lead to code execution, denial of service

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered nine vulnerabilities in the Robustel R1510 industrial cellular router, several of which could allow an adversary to inject operating system code remotely. The Robustel R1510...

PT-2022-6421 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat Reader versions 22.002.20212 and earlier Adobe Acrobat Reader versions 20.005.30381 and earlier Description: The issue is related to an out-of-bounds read vulnerability in Adobe Acrobat and Reader, which could lead to disclosure...

PT-2022-25708 · Sap · Sap 3D Visual Enterprise Author

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Author version 9 Description: The issue is caused by a lack of proper memory management. When a victim opens a manipulated Visual Design Stream .vds, MataiPersistence.dll file from untrusted sources, it can trigger a...

CVE-2022-40716

HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."...

PT-2022-5136 · Dell · Dell Wyse Thinos

Name of the Vulnerable Software and Affected Versions: Dell Wyse ThinOS version 2205 Description: The issue is related to the use of a regular expression with inefficient computational complexity in the UI of Dell Wyse ThinOS. This could allow a remote attacker to cause a denial-of-service. An...

PT-2022-25015 · Nokia · Nokia 1350 Oms

Name of the Vulnerable Software and Affected Versions: NOKIA 1350 OMS version R14.2 Description: The web application stores critical information, such as cleartext user credentials, in world-readable files in the filesystem. This issue occurs under the /usr/Systems/OTNE 1 14...

PT-2022-24344 · Unknown · Slims Senayan Library Management System

Name of the Vulnerable Software and Affected Versions: SLiMS Senayan Library Management System version 9.4.2 Description: The issue concerns multiple Server-Side Request Forgeries in the SLiMS Senayan Library Management System. The components /bibliography/marcsru.php and /bibliography/z3950sru.p...

PT-2022-23503 · Unknown · Clinic'S Patient Management System

Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: A SQL injection issue was found in the system, specifically via the id parameter at the "/pms/update patient.php" API endpoint. Recommendations: For Clinic's Patient Management Syste...

PT-2022-24084 · Tenda · Tenda Ac1206

Name of the Vulnerable Software and Affected Versions: Tenda AC1206 version 15.03.06.23 Description: A stack overflow issue was discovered via the page parameter in the fromDhcpListClient function. Recommendations: For Tenda AC1206 version 15.03.06.23, consider disabling the fromDhcpListClient...

PT-2022-23255 · Unknown · Bus Pass Management System

Name of the Vulnerable Software and Affected Versions: Bus Pass Management System version 1.0 Description: Multiple SQL injections were detected in the Bus Pass Management System. The issue affects several API endpoints, including "buspassms/admin/view-enquiry.php",...

PT-2022-19188 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 and dev master commit 3f7c0364 Description: A cross-site scripting issue exists in the videoAddNew functionality, allowing arbitrary Javascript execution through a specially-crafted HTTP request. This can be triggere...

Vulnerability Spotlight: Three vulnerabilities in HDF5 file format could lead to remote code execution

Dave McDaniel of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered three vulnerabilities in a library that works with the HDF5 file format that could allow an attacker to execute remote code on a targeted device. These issues arise in the libhdf5...

PT-2022-22900 · Tenda · Tenda W6

Name of the Vulnerable Software and Affected Versions: Tenda W6 version 1.0.0.94122 Description: A command injection issue exists in the "/goform/exeCommand" API endpoint, allowing attackers to construct cmdinput parameters for arbitrary command execution. Recommendations: For Tenda W6 version...

PT-2022-14567 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing permission check in the ConnectivityService, which could allow bypassing of network permissions. This might lead to local information disclosure of...