Malicious Command Execution

xxl-job-core is vulnerable to malicious command execution. Lack of sanitization of new task in task management module of the background management allows an attacker to inject and execute malicious commands...

PT-2022-34585 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19.9 through v5.19.11 Description: A potential security issue exists due to a missing cpus read lock call in the cgroup attach task all function. The actual impact and attack plausibility have not yet been proven...

PT-2022-34653 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.145 Description: A potential security issue exists due to a missing lock in the cgroup attach task all function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Lin...

ASB-A-238377411

In getBackgroundRestrictionExemptionReason of AppRestrictionController.java, there is a possible way to bypass device policy restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not need...

CVE-2022-39031

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...

Authorization

Smart eVision has insufficient authorization for task acquisition function. An unauthorized remote attacker can exploit this vulnerability to acquire the Session IDs of other general users only...

CVE-2022-39031

CVE-2022-39031 affects Smart eVision where insufficient authorization in the Task Acquisition function can let an unauthorized remote attacker obtain other general users’ Session IDs. The NVD reports a CVSS v3.1 base score of 5.3 (Network, Low attack complexity, Privileges required: None, Confide...

XXL-JOB 操作系统命令注入漏洞

XXL-JOB is a distributed task scheduling platform based on java language from XU Xueli XXL-JOB community. XXL-JOB version 2.2.0 suffers from an operating system command injection vulnerability, which stems from a command execution vulnerability in a background task...

Smart eVision 安全漏洞

Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. It can integrate business management rooms, dashboards, reports, and input interfaces for business operations management...

Design/Logic Flaw

In ambiot amb1sdk aka SDK for Ameba1 before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection with four-way handshake failures in Soft AP mode...

Realtek RTL8195AM 安全漏洞

The Realtek RTL8195AM is an IoT microcontroller from China-based Realtek Semiconductor Realtek. A security vulnerability exists in previous versions of the Realtek RTL8195AM 284241d70308ff2519e40afd7b284ba892c730a3, which stems from the ability to lock the timer task when there are frequent and...

CVE-2022-34326

In ambiot amb1sdk aka SDK for Ameba1 before 2022-06-20 on Realtek RTL8195AM devices before 284241d70308ff2519e40afd7b284ba892c730a3, the timer task and RX task would be locked when there are frequent and continuous Wi-Fi connection with four-way handshake failures in Soft AP mode...

CVE-2022-34326

CVE-2022-34326 affects amb1_sdk (SDK for Ameba1) on Realtek RTL8195AM devices. The issue occurs before 2022-06-20 and before the build 284241d70308ff2519e40afd7b284ba892c730a3, where the timer task and RX task can become locked during frequent, persistent Wi‑Fi connection failures in Soft AP mode...

CVE-2022-40030

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php...

CVE-2022-40029

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

CVE-2022-40029

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...

CVE-2022-40030

SourceCodester Simple Task Managing System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at changeStatus.php...

CVE-2022-40028

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter...

CVE-2022-40028

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newProjectValidation.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the fullName parameter...

CVE-2022-40027

SourceCodester Simple Task Managing System v1.0 was discovered to contain a cross-site scripting XSS vulnerability via the component newTask.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the shortName parameter...