PT-2022-23619 · Avdor Cis · Avdor Cis

Name of the Vulnerable Software and Affected Versions: Avdor CIS - crystal quality affected versions not specified Description: The issue concerns a credentials management error in a phone call recorder product, allowing an attacker to hear recorded calls without authenticating to the system. Thi...

PT-2022-24475 · Unknown · Church Management System

Name of the Vulnerable Software and Affected Versions: Church Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/admin/edit event.php" API endpoint. Recommendations: For Church...

PT-2022-20219 · Unknown · Nuxt/Framework

Name of the Vulnerable Software and Affected Versions: nuxt/framework versions prior to the fixed version Description: The issue is related to Cross-site Scripting XSS - Generic. There is no information about the estimated number of potentially affected devices worldwide or real-world incidents...

PT-2022-4663 · Trend Micro · Trend Micro Housecall

Name of the Vulnerable Software and Affected Versions: Trend Micro HouseCall versions 1.62.1.1133 and below Description: The issue is related to incorrect permission assignment, which could allow a local attacker to escalate privileges due to an overly permissive folder in the product installer...

PT-2022-23806 · H3C · H3C H200

Name of the Vulnerable Software and Affected Versions: H3C H200 version H200V100R004 Description: A stack overflow issue was discovered via the function Edit BasicSSID. Recommendations: For H3C H200 version H200V100R004, as a temporary workaround, consider disabling the Edit BasicSSID function...

Teleport 9.3.6 Command Injection Vulnerability

Teleport 9.3.6 is vulnerable to command injection leading to remote code execution. An attacker can craft a malicious ssh agent installation link by URL encoding a bash escape with carriage return line feed. This url encoded payload can be used in place of a token and sent to a user in a social...

PT-2022-16419 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. A specially-crafted configuration value can lead to a buffer overflow. An attacker can modify a configuration value to...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands may be vulnerable to loss of confidentiality due to CVE-2022-32210

Summary Node.js module undici is used by IBM App Connect Enterprise Certified Container when testing API endpoints. IBM App Connect Enterprise Certified Container DesignerAuthoring operands that use the API testing capability may be vulnerable to loss of confidentiality if made to target an API...

PT-2022-22133 · Pmb · Pmb

Name of the Vulnerable Software and Affected Versions: PMB version 7.3.10 Description: The issue allows reflected XSS via the id parameter in an lvl=author see request to "index.php". This can potentially lead to malicious script execution. Recommendations: For PMB version 7.3.10, consider...

CVE-2022-29209 Type confusion leading to `CHECK`-failure based denial of service in TensorFlow

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the macros that TensorFlow uses for writing assertions e.g., CHECKLT, CHECKGT, etc. have an incorrect logic when comparing sizet and int values. Due to type conversion rules, several of t...

SAP Web Dispatcher HTTP Request Smuggling

Onapsis Security Advisory 2022-0001: HTTP Request Smuggling in SAP Web Dispatcher Impact on Business By injecting an HTTP request as a prefix into a victim's request, a malicious user is able to cause damage in different ways, such as producing a Denial of Service by setting an invalid request as...

PT-2022-15302 · Huawei · Emui +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A permission bypass issue exists, potentially affecting data confidentiality when the NFC CAs access the TEE. Recommendations: At the moment, there is no information about a newer...

PT-2022-16980 · Ipcomm · Ipcomm Ipdio +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The absence of filters when loading some sections in the web application of the vulnerable device allows attackers to inject malicious code that will be...

PT-2022-12393 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.1.0 Description: The issue is related to an invalid call in the gf node changed function, which can lead to a Denial of Service DoS. Recommendations: For GPAC version 1.1.0, consider disabling the gf node changed function as a...

PT-2025-8101

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A issue in the Linux kernel has been resolved where the data transfer routines could potentially enter an infinite loop if the hardware enters a bad state. The polling loops for the stat...

PT-2021-6180 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Server Subscription Edition affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is...

PT-2021-22766 · Kimai2 · Kimai2

Name of the Vulnerable Software and Affected Versions: kimai2 affected versions not specified Description: The issue is related to Improper Access Control. There is no information provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issu...

SUSE-SU-2021:3815-1 Security update for netcdf

This update for netcdf fixes the following issues: - Fixed multiple vulnerabilities in ezXML: CVE-2019-20007, CVE-2019-20006, CVE-2019-20201, CVE-2019-20202, CVE-2019-20199, CVE-2019-20200, CVE-2019-20198, CVE-2021-26221, CVE-2021-26222, CVE-2021-30485, CVE-2021-31229, CVE-2021-31347,...

PT-2021-4811 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insecure privilege management in the NTFS file system of the Windows operating system. It allows an attacker to elevate their privileges, potentially affecting the...

PT-2021-4397 · Microsoft · Sharepoint Server +1

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Microsoft SharePoint Foundation affected versions not specified Microsoft SharePoint Enterprise Server affected versions not specified Description: The issue is related to incorrect...