Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

4538 matches found

Prion
Prionadded 2022/12/14 3:15 p.m.19 views

Memory corruption

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service DoS or escalate privileges via crafted IOCTL requests...

4.3CVSS7.9AI score0.00141EPSS
Exploits1References4Affected Software1
Cvelist
Cvelistadded 2022/12/14 12:0 a.m.10 views

CVE-2022-44898

The MsIo64.sys component in Asus Aura Sync through v1.07.79 does not properly validate input to IOCTL 0x80102040, 0x80102044, 0x80102050, and 0x80102054, allowing attackers to trigger a memory corruption and cause a Denial of Service DoS or escalate privileges via crafted IOCTL requests...

8.1AI score0.00141EPSS
Exploits1References4
CVE
CVEadded 2022/12/14 12:0 a.m.55 views

CVE-2022-44898

The CVE-2022-44898 issue affects Asus Aura Sync: MsIo64.sys in v1.07.79 and earlier does not properly validate inputs to IOCTLs 0x80102040, 0x80102044, 0x80102050, and 0x80102054, enabling memory corruption that can lead to a Denial of Service or privilege escalation via crafted IOCTL requests. D...

7.8CVSS7.8AI score0.00141EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologiesadded 2022/12/14 12:0 a.m.3 views

PT-2022-27329 · Asus · Asus Aura Sync

Name of the Vulnerable Software and Affected Versions: Asus Aura Sync versions through v1.07.79 Description: The issue concerns the MsIo64.sys component, which does not properly validate input to certain IOCTL requests, specifically 0x80102040, 0x80102044, 0x80102050, and 0x80102054. This allows...

7.8CVSS7.8AI score0.00141EPSS
Exploits1References8
CNNVD
CNNVDadded 2022/12/14 12:0 a.m.3 views

ASUS Aura Sync 缓冲区错误漏洞

ASUS Aura Sync is a hardware light synchronization plug-in from the Chinese company Asus ASUS. A security vulnerability exists in ASUS Sync version v1.07.79, which stems from the failure of the MsIo64.sys component to properly validate inputs, allowing an attacker to trigger memory corruption and...

7.8CVSS7.4AI score0.00141EPSS
Exploits1References5
Fedora
Fedoraadded 2022/12/09 1:33 a.m.29 views

[SECURITY] Fedora 37 Update: nextcloud-25.0.1-1.fc37

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

6.5CVSS5.4AI score0.02075EPSS
Exploits0
Fedora
Fedoraadded 2022/12/09 12:51 a.m.31 views

[SECURITY] Fedora 36 Update: nextcloud-25.0.1-1.fc36

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

6.5CVSS5.4AI score0.02075EPSS
Exploits0
Fedora
Fedoraadded 2022/12/09 12:49 a.m.29 views

[SECURITY] Fedora 35 Update: nextcloud-25.0.1-1.fc35

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

6.5CVSS5.4AI score0.02075EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletinsadded 2022/12/08 4:25 p.m.52 views

Security Bulletin: Security Vulnerability found in zlib fixed in the zlib version shipped with IBM Security Verify for Gateway (RADIUS & WinLogin) and for Bridge (DirSync)

Summary The security vulnerabilityheap-based buffer overflow found in zlib was fixed in the following products: IBM Security Verify Gateway for RADIUS v1.0.8, IBM Security Verify Gateway for Windows Login v1.0.9 and IBM Security Verify Bridge for Directory Sync v1.0.10 Vulnerability Details...

9.8CVSS10AI score0.92544EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/12/08 12:0 a.m.1 views

PT-2022-36022 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue is related to an unpaired pm runtime put sync in omap8250 remove, which may potentially lead to security vulnerabilities. The actual impact and attack plausibility have not yet bee...

7.3AI score
Exploits0References1
Prion
Prionadded 2022/11/25 7:15 p.m.20 views

Design/Logic Flaw

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

4.9CVSS5.4AI score0.00473EPSS
Exploits1References3Affected Software1
UbuntuCve
UbuntuCveadded 2022/11/25 7:15 p.m.23 views

CVE-2022-39331

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

5.4CVSS6.1AI score0.00473EPSS
Exploits1References1
Debian CVE
Debian CVEadded 2022/11/25 12:0 a.m.31 views

CVE-2022-39333

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

6.1CVSS6.2AI score0.00473EPSS
Exploits1
CVE
CVEadded 2022/11/25 12:0 a.m.88 views

CVE-2022-39332

Summary (CVE-2022-39332) : The Nextcloud Desktop client (nextcloud-desktop) is affected. An attacker can inject arbitrary HTML into the Desktop Client via user status and information, enabling a desktop UI HTML injection (XSS) vulnerability. The issue is remedied by upgrading the Nextcloud Deskto...

5.4CVSS5AI score0.00473EPSS
Exploits1References4Affected Software1
OSV
OSVadded 2022/11/25 12:0 a.m.25 views

CVE-2022-39331 Cross-site Scripting (XSS) in Nexcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

4.6CVSS5.4AI score0.00473EPSS
Exploits1References6
OSV
OSVadded 2022/11/25 12:0 a.m.24 views

CVE-2022-39332 Cross-site scripting (XSS) in Nextcloud Desktop Client

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

4.6CVSS5.4AI score0.00473EPSS
Exploits1References6
Debian CVE
Debian CVEadded 2022/11/25 12:0 a.m.33 views

CVE-2022-39331

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue...

5.4CVSS5.4AI score0.00473EPSS
Exploits1
Debian CVE
Debian CVEadded 2022/11/25 12:0 a.m.24 views

CVE-2022-39332

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for...

5.4CVSS5.4AI score0.00473EPSS
Exploits1
CVE
CVEadded 2022/11/25 12:0 a.m.84 views

CVE-2022-39331

CVE-2022-39331 affects the Nextcloud desktop client. An attacker can inject arbitrary HTML into the Desktop Client notifications due to insufficient input sanitisation. Public advisories (OpenSUSE/OpenSUSE SU, Debian LTS) and the Debian/NVD entries reference this issue, with remediation recommend...

5.4CVSS5AI score0.00473EPSS
Exploits1References4Affected Software1
Oracle linux
Oracle linuxadded 2022/11/22 12:0 a.m.33 views

pcs security update

0.11.3-4 - Fixed ruby socket permissions - Resolves: rhbz2116841 0.11.3-3 - Fixed booth ticket mode value case insensitive - Fixed booth sync check whether /etc/booth exists - Resolves: rhbz2026725 rhbz2058243 0.11.3-2 - Fixed 'pcs resource restart' traceback - Resolves: rhbz2102663 0.11.3-1 -...

8.8CVSS1.2AI score0.00274EPSS
Exploits1
Rows per page
Query Builder