4605 matches found
CVE-2022-24391
Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...
CVE-2022-24389
Vulnerability in rconfig “certutils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis...
CVE-2022-29156 affecting package kernel 5.10.109.1-2
CVE-2022-29156 affecting package kernel 5.10.109.1-2. A patched version of the package is available...
GHSA-7F62-4887-CFV5 Privilege escalation in easyappointments
The Easy!Appointments API authorization is checked against the user's existence, without validating the permissions. As a result, a low privileged user eg. provider can create a new admin user via the "/api/v1/admins/" endpoint and take over the system. A patch is available on the develop branch ...
PT-2022-2448 · Microsoft · Windows Graphics +1
Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Windows Graphics Component. It may allow a remote attacker to gain unauthorized access to protected...
CVE-2022-24823 Local Information Disclosure Vulnerability in io.netty:netty-codec-http
Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...
CVE-2022-29166 Improper handling of multiline messages in matrix-appservice-irc
matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain fro...
PT-2022-19090 · Totolink · Totolink A7100Ru
Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 b20191024 Description: A command injection issue is found in the setWiFiWpsCfg interface, allowing an attacker to execute arbitrary commands through a carefully constructed payload. Recommendations: For...
PT-2022-13668 · Fapolicyd +4 · Fapolicyd +4
Name of the Vulnerable Software and Affected Versions: fapolicyd affected versions not specified Description: A vulnerability was found due to an assumption on how glibc names the runtime linker. A build time regular expression may not correctly detect the runtime linker, causing pattern detectio...
PT-2022-14877 · Npm · Libxmljs
Name of the Vulnerable Software and Affected Versions: libxmljs versions all Description: The issue arises when the libxmljs.parseXml function is invoked with a non-buffer argument. In such cases, the V8 code attempts to call the toString method of the argument. If the argument's toString value i...
PT-2023-15742
Name of the Vulnerable Software and Affected Versions eZ Publish Ibexa Kernel versions prior to 7.5.28 Description An issue was discovered where access control based on object state is mishandled. This issue affects a policy used in roles to limit access to content based on specific object state...
CVE-2022-0561 affecting package libtiff for versions less than 4.3.0-2
CVE-2022-0561 affecting package libtiff for versions less than 4.3.0-2. A patched version of the package is available...
CVE-2022-24792 Potential infinite loop when parsing WAV format file in PJSIP
PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length...
PT-2022-18693
Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS version 9.0 Description A reflected cross-site scripting XSS issue in the /public/launchNewWindow.jsp component allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters...
Exploit for CVE-2022-26809
cve-2022-26809 https://www.pwndefend.com/2022/04/14/cve-2022-...
CVE-2021-38199 affecting package kernel for versions less than 5.10.78.1-1
CVE-2021-38199 affecting package kernel for versions less than 5.10.78.1-1. A patched version of the package is available...
CVE-2019-3016 affecting package kernel for versions less than 5.10.78.1-1
CVE-2019-3016 affecting package kernel for versions less than 5.10.78.1-1. A patched version of the package is available...
CVE-2021-32760 affecting package moby-containerd for versions less than 1.4.4+azure-4
CVE-2021-32760 affecting package moby-containerd for versions less than 1.4.4+azure-4. A patched version of the package is available...
CVE-2016-9844 affecting package unzip for versions less than 6.0-19
CVE-2016-9844 affecting package unzip for versions less than 6.0-19. A patched version of the package is available...
CVE-2008-0888 affecting package unzip for versions less than 6.0-19
CVE-2008-0888 affecting package unzip for versions less than 6.0-19. A patched version of the package is available...