CVE-2022-28625

A local disclosure of sensitive information vulnerability was discovered in HPE OneView versions: Prior to 7.0 or 6.60.01. A low privileged user could locally exploit this vulnerability to disclose sensitive information resulting in a complete loss of confidentiality, integrity, and availability...

PT-2022-23590 · Unknown · Library Management System

Name of the Vulnerable Software and Affected Versions: Library Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the bookId parameter at the "/librarian/delete.php" API endpoint. Recommendations: For Library...

PT-2022-23854 · Vim · Gvim

Name of the Vulnerable Software and Affected Versions: gvim version 9.0.0000 Description: An issue in the installer of gvim allows authenticated attackers to execute arbitrary code via a binary hijacking attack on C:Program.exe. Recommendations: For gvim version 9.0.0000, consider restricting...

GHSA-CC99-WHM5-MMQ3 Openstack Keystone Incorrect Authorization vulnerability

A flaw was found in openstack-keystone, only the first 72 characters of an application secret are verified allowing attackers bypass some password complexity which administrators may be counting on. The highest threat from this vulnerability is to data confidentiality and integrity. A patch is...

PT-2022-23420 · H3C · H3C Magic Nx18 Plus

Name of the Vulnerable Software and Affected Versions: H3C Magic NX18 Plus version NX18PV100R003 Description: A stack overflow issue was discovered via the function Asp SetTimingtimeWifiAndLed. This issue affects the H3C Magic NX18 Plus device. Recommendations: For H3C Magic NX18 Plus version...

PT-2022-23808 · H3C · H3C H200

Name of the Vulnerable Software and Affected Versions: H3C H200 version H200V100R004 Description: A stack overflow issue was discovered via the function SetAPWifiorLedInfoById. Recommendations: For H3C H200 version H200V100R004, consider disabling the SetAPWifiorLedInfoById function as a temporar...

PT-2022-23787 · H3C · H3C Gr-1200W

Name of the Vulnerable Software and Affected Versions: H3C GR-1200W MiniGRW1A0V100R006 Description: A stack overflow issue was discovered in the function UpdateWanModeMulti. Recommendations: For H3C GR-1200W MiniGRW1A0V100R006, as a temporary workaround, consider disabling the UpdateWanModeMulti...

PT-2022-23272 · Unknown · Clinic'S Patient Management System

Name of the Vulnerable Software and Affected Versions: Clinic's Patient Management System version 1.0 Description: The issue is related to Cross Site Scripting XSS via the patients.php file. This means that an attacker could potentially inject malicious scripts into the website, which could then ...

GHSA-8WJ3-CPMR-8WHP Cockpit Content Platform vulnerable to 2FA bypass

Cockpit Content Platform through version 2.2.1 is vulnerable to a two-factor authentication 2FA bypass. The 2FA secret is disclosed in a JWT token after user logs into their account, allowing an attacker to bypass the 2FA code. A patch is available on the develop branch and is expected to be part...

PT-2022-4364 · Ge Digital · Proficy Machine Edition

Name of the Vulnerable Software and Affected Versions: Proficy Machine Edition versions 9.00 and prior Description: The issue is related to an unrestricted upload of files with dangerous types. This allows an attacker to upload and execute malicious files in the target system. The vulnerability i...

Exploit for CVE-2017-0199

It is an offensive tool for Microsoft Office. The repository con...

PT-2022-7376 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.19.9 Description: The issue is related to a use-after-free vulnerability in the adev release function in the Linux kernel's Platform Environment Control Interface PECI driver. This vulnerability occurs when...

CVE-2021-20194 affecting package kernel 5.10.123.1-1

CVE-2021-20194 affecting package kernel 5.10.123.1-1. A patched version of the package is available...

CVE-2022-32981 affecting package kernel 5.10.123.1-1

CVE-2022-32981 affecting package kernel 5.10.123.1-1. A patched version of the package is available...

PT-2022-4110 · Microsoft · Outlook

Name of the Vulnerable Software and Affected Versions: Microsoft Outlook affected versions not specified Description: The issue is related to a denial of service vulnerability in Microsoft Outlook. It is caused by incorrect clearing or release of resources. An attacker, acting remotely, can explo...

PT-2022-4116 · Cryptopro +3 · Cryptopro Secure Disk +3

Name of the Vulnerable Software and Affected Versions: CryptoPro Secure Disk versions before 2022-06-01 Description: A flaw was found in the bootloaders, allowing an attacker to bypass or tamper with Secure Boot protections. To load and execute arbitrary code in the pre-boot stage, an attacker...

PT-2022-23284 · Airspan · Airspan Airspot 5410

Name of the Vulnerable Software and Affected Versions: Airspan AirSpot 5410 versions 0.3.4.1-4 and under Description: The issue concerns a stored XSS vulnerability. It occurs because the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, allowing a malicious acto...

PT-2022-6819 · Ppp +3 · Ppp +3

Name of the Vulnerable Software and Affected Versions: ppp affected versions not specified Description: The issue is related to the function dumpppp of the file pppdump/pppdump.c of the component pppdump. It involves improper validation of array index due to the manipulation of the argument...

PT-2022-20601 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 5.11 DSpace versions prior to 6.4 Description: The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form, making item requests vulnerable to XSS attacks. Th...

PT-2022-20599 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 6.4 Description: The issue concerns the exposure of metadata on withdrawn items via the XMLUI "mets.xml" object, as long as the handle/URL of the withdrawn item is known. This affects the XMLUI component of DSpace. Th...