4605 matches found
PT-2022-23787 · H3C · H3C Gr-1200W
Name of the Vulnerable Software and Affected Versions: H3C GR-1200W MiniGRW1A0V100R006 Description: A stack overflow issue was discovered in the function UpdateWanModeMulti. Recommendations: For H3C GR-1200W MiniGRW1A0V100R006, as a temporary workaround, consider disabling the UpdateWanModeMulti...
PT-2022-23420 · H3C · H3C Magic Nx18 Plus
Name of the Vulnerable Software and Affected Versions: H3C Magic NX18 Plus version NX18PV100R003 Description: A stack overflow issue was discovered via the function Asp SetTimingtimeWifiAndLed. This issue affects the H3C Magic NX18 Plus device. Recommendations: For H3C Magic NX18 Plus version...
PT-2022-23272 · Unknown · Clinic'S Patient Management System
Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the patients.php file. This means that an attacker could potentially inject malicious scripts into the website, which could then ...
GHSA-8WJ3-CPMR-8WHP Cockpit Content Platform vulnerable to 2FA bypass
Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...
PT-2022-4364 · Ge Digital · Proficy Machine Edition
Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...
Exploit for CVE-2017-0199
It is an offensive tool for Microsoft Office. The repository con...
PT-2022-7376 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.19.9 Description: The issue is related to a use-after-free vulnerability in the adev release function in the Linux kernel's Platform Environment Control Interface PECI driver. This vulnerability occurs when...
CVE-2021-20194 affecting package kernel 5.10.123.1-1
CVE-2021-20194 affecting package kernel 5.10.123.1-1. A patched version of the package is available...
CVE-2022-32981 affecting package kernel 5.10.123.1-1
CVE-2022-32981 affecting package kernel 5.10.123.1-1. A patched version of the package is available...
PT-2022-4116 · Cryptopro +3 · Cryptopro Secure Disk +3
Name of the Vulnerable Software and Affected Versions: CryptoPro Secure Disk versions before 2022-06-01 Description: A flaw was found in the bootloaders, allowing an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an attacker...
PT-2022-4110 · Microsoft · Outlook
Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: The issue is related to a denial of service vulnerability in Microsoft Outlook. It is caused by incorrect clearing or release of resources. An attacker, acting remotely, can explo...
PT-2022-23284 · Airspan · Airspan Airspot 5410
Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: The issue concerns a stored XSS vulnerability. It occurs because the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, allowing a malicious acto...
PT-2022-6819 · Ppp +3 · Ppp +3
Name of the Vulnerable Software and Affected Versions: ppp affected versions not specified Description: The issue is related to the function dumpppp of the file pppdump/pppdump.c of the component pppdump. It involves improper validation of array index due to the manipulation of the argument...
PT-2022-20601 · Dspace · Dspace
Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 5.11 DSpace versions prior to 6.4 Description: The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form, making item requests vulnerable to XSS attacks. Th...
PT-2022-20599 · Dspace · Dspace
Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 6.4 Description: The issue concerns the exposure of metadata on withdrawn items via the XMLUI "mets.xml" object, as long as the handle/URL of the withdrawn item is known. This affects the XMLUI component of DSpace. Th...
PT-2022-4025 · Jenkins · Jenkins Openshift Deployer Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins OpenShift Deployer Plugin versions 1.2.0 and earlier Description: The issue is related to a missing permission check in the plugin, which can be exploited by attackers with Overall/Read permission to connect to an attacker-specified U...
PT-2022-22210 · Wavlink · Wavlink Wifi-Repeater Rpta2-77W
Name of the Vulnerable Software and Affected Versions: Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 Description: An access control issue allows attackers to obtain system key information and execute arbitrary commands by accessing the page "syslog.shtml". Recommendations: For Wavlink...
PT-2022-8896 · Unknown · Sonar-Wrapper
Name of the Vulnerable Software and Affected Versions: sonar-wrapper versions all versions Description: A command injection issue affects the package. The injection point is located in lib/sonarRunner.js. Recommendations: For all versions, consider restricting access to the vulnerable...
EUVD-2022-6344
jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents...
CVE-2022-31159 Partial Path Traversal in com.amazonaws:aws-java-sdk-s3
The AWS SDK for Java enables Java developers to work with Amazon Web Services. A partial-path traversal issue exists within the downloadDirectory method in the AWS S3 TransferManager component of the AWS SDK for Java v1 prior to version 1.12.261. Applications using the SDK control the...