Code injection

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Prior to versions 1.9.16, 1.10.11, and 1.11.15, if an attacker is able to perform a container escape of a container running as root on a host where Cilium is installed,...

CVE-2022-29178 Incorrect Default Permissions in Cilium

Cilium is open source software for providing and securing network connectivity and loadbalancing between application workloads. Cilium prior to versions 1.9.16, 1.10.11, and 1.11.15 contains an incorrect default permissions vulnerability. Operating Systems with users belonging to the group ID 100...

CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

CVE-2022-0486

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected files and enable escalation of privileges equivalent to the root user. The vulnerability is...

CVE-2022-24391

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. The vulnerability is present in Fidelis Network and Deception versions prior to 9.4.5. Patches and updates are available to address this vulnerability...

CVE-2022-24389

Vulnerability in rconfig “certutils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox components as well as neighboring Fidelis components. The vulnerability is present in Fidelis...

CVE-2022-29156 affecting package kernel 5.10.109.1-2

CVE-2022-29156 affecting package kernel 5.10.109.1-2. A patched version of the package is available...

GHSA-7F62-4887-CFV5 Privilege escalation in easyappointments

The Easy!Appointments API authorization is checked against the user's existence, without validating the permissions. As a result, a low privileged user eg. provider can create a new admin user via the "/api/v1/admins/" endpoint and take over the system. A patch is available on the develop branch ...

PT-2022-2448 · Microsoft · Windows Graphics +1

Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to an information disclosure vulnerability in the Windows Graphics Component. It may allow a remote attacker to gain unauthorized access to protected...

CVE-2022-24823 Local Information Disclosure Vulnerability in io.netty:netty-codec-http

Netty is an open-source, asynchronous event-driven network application framework. The package io.netty:netty-codec-http prior to version 4.1.77.Final contains an insufficient fix for CVE-2021-21290. When Netty's multipart decoders are used local information disclosure can occur via the local syst...

CVE-2022-29166 Improper handling of multiline messages in matrix-appservice-irc

matrix-appservice-irc is a Node.js IRC bridge for Matrix. The vulnerability in node-irc allows an attacker to manipulate a Matrix user into executing IRC commands by having them reply to a maliciously crafted message. The vulnerability has been patched in matrix-appservice-irc 0.33.2. Refrain fro...

PT-2022-19090 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 b20191024 Description: A command injection issue is found in the setWiFiWpsCfg interface, allowing an attacker to execute arbitrary commands through a carefully constructed payload. Recommendations: For...

PT-2022-13668 · Fapolicyd +4 · Fapolicyd +4

Name of the Vulnerable Software and Affected Versions: fapolicyd affected versions not specified Description: A vulnerability was found due to an assumption on how glibc names the runtime linker. A build time regular expression may not correctly detect the runtime linker, causing pattern detectio...

PT-2022-14877 · Npm · Libxmljs

Name of the Vulnerable Software and Affected Versions: libxmljs versions all Description: The issue arises when the libxmljs.parseXml function is invoked with a non-buffer argument. In such cases, the V8 code attempts to call the toString method of the argument. If the argument's toString value i...

PT-2023-15742

Name of the Vulnerable Software and Affected Versions eZ Publish Ibexa Kernel versions prior to 7.5.28 Description An issue was discovered where access control based on object state is mishandled. This issue affects a policy used in roles to limit access to content based on specific object state...

CVE-2022-0561 affecting package libtiff for versions less than 4.3.0-2

CVE-2022-0561 affecting package libtiff for versions less than 4.3.0-2. A patched version of the package is available...

CVE-2022-24792 Potential infinite loop when parsing WAV format file in PJSIP

PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length...

PT-2022-18693

Name of the Vulnerable Software and Affected Versions Zimbra Collaboration ZCS version 9.0 Description A reflected cross-site scripting XSS issue in the /public/launchNewWindow.jsp component allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters...

Exploit for CVE-2022-26809

cve-2022-26809 https://www.pwndefend.com/2022/04/14/cve-2022-...