CVE-2022-34393

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

AIX (IJ43073)

The version of AIX installed on the remote host is prior to APAR IJ43073. It is, therefore, affected by a vulnerability as referenced in the IJ43073 advisory. - IBM AIX 7.1, 7.2, 7.3 and VIOS , 3.1 could allow a non-privileged local user to exploit a vulnerability in X11 to cause a buffer overflo...

IBM AIX 安全漏洞

IBM AIX is an open standards-based UNIX operating system developed by International Business Machines IBM for the IBM Power architecture. IBM AIX has a security vulnerability that stems from a buffer overflow caused by a non-privileged local user exploiting a vulnerability in X11, resulting in a...

WP FullCalendar < 1.5 - Unauthenticated Arbitrary Post Access

The plugin does not ensure that the post retrieved via an AJAX action is public and can be accessed by the user making the request, allowing unauthenticated attackers to get the content of arbitrary posts, including draft/private as well as password-protected ones. Open the below URL as an...

CVE-2022-4372 Web Invoice <= 2.1.3 - Authenticated SQLi

The Web Invoice WordPress plugin through 2.1.3 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL Injection exploitable by high privilege users such as admin by default. However, depending on the plugin configuration, other users, such as...

CVE-2022-43849 IBM AIX denial of service

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX pfcdd kernel extension to cause a denial of service. IBM X-Force ID: 239170...

CVE-2022-43381 IBM AIX denial of service

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in the AIX SMB client to cause a denial of service. IBM X-Force ID: 238639...

CVE-2022-43382 IBM AIX denial of service

IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a local user with elevated privileges to exploit a vulnerability in the lpd daemon to cause a denial of service. IBM X-Force ID: 238641...

kernel: swiotlb information leak with DMA_FROM_DEVICE

A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls DMAFROMDEVICE. This flaw allows a local user to read random memory from the kernel space...

CVE-2022-36783 AlgoSec – FireFlow Reflected Cross-Site-Scripting (RXSS)

AlgoSec – FireFlow Reflected Cross-Site-Scripting RXSS A malicious user injects JavaScript code into a parameter called IntersectudRule on the search/result.html page. The malicious user changes the request from POST to GET and sends the URL to another user victim. JavaScript code is executed on...

Nextcloud: Mail app - blind SSRF via smtpHost parameter

A blind SSRF vulnerability was discovered in the Nextcloud Mail application, allowing an attacker to retrieve services running locally on the server and scan the internal network for information. The vulnerability was found in the smtpHost parameter and could be exploited by any user with the mai...

CVE-2022-31239

Dell PowerScale OneFS, versions 9.0.0 up to and including 9.1.0.19, 9.2.1.12, and 9.3.0.6, contain sensitive data in log files vulnerability. A privileged local user may potentially exploit this vulnerability, leading to disclosure of this sensitive data...

CVE-2022-2455

A business logic issue in the handling of large repositories in all versions of GitLab CE/EE from 10.0 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2 allowed an authenticated and authorized user to exhaust server resources by importing ...

CVE-2022-32492

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

CVE-2022-32486

Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user may potentially exploit this vulnerability by using an SMI to gain arbitrary code execution in SMRAM...

PT-2022-6305 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to improper input validation in Dell BIOS, which could allow a local authenticated malicious user to potentially exploit this vulnerability. By using a System...

CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

PT-2022-18107 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an Improper Authentication vulnerability. A locally authenticated malicious user could potentially exploit this by sending malicious input to a System Management...

Ubuntu: Security Advisory (USN-302-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-37616 · Nvidia · Nvidia Windows Gpu Display Driver +1

Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Linux versions prior to the fixed version NVIDIA GPU Display Driver for Windows versions prior to the fixed version Description: The issue is related to improper input validation and null-pointer dereferences in...