PT-2022-11332 · Unknown +1 · Checkmk Raw Edition +1

Name of the Vulnerable Software and Affected Versions: CheckMK Raw Edition versions 1.5.0 through 1.6.0 Description: The issue concerns a misconfiguration in the web management console of CheckMK Raw Edition, specifically with the Dokuwiki web-app that is installed by default. This misconfigurati...

PT-2022-09: Insufficient validation of file paths and Path Traversal in Veeam Backup & Replication

The vulnerability was identified in Veeam Backup & Replication versions 9.5, 10, 11. The discovered vulnerability allows an attaker to perform an NTLM-relay attack on behalf of the account under which the service is running, uploading arbitrary files from arbitrary paths to the VBR server,...

PT-2022-3858 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLink T10 version V5.9c.5061 B20200511 Description: The issue is related to the lack of input data sanitization in the "Main" function of the TOTOLink T10 mesh system. This allows a remote attacker to execute arbitrary commands through the...

PT-2022-1355 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.10 Description: The issue is related to the RNDIS USB gadget in the Linux kernel, which lacks validation of the size of the RNDIS MSG SET command. This can allow attackers to obtain sensitive information fr...

PT-2022-15924 · Unknown · Cobalt Strike

Name of the Vulnerable Software and Affected Versions: CobaltStrike versions prior to 4.6 Description: The issue concerns the HTTPS listener in CobaltStrike, which fails to verify if the request URL starts with a forward slash /. This oversight allows attackers to gather sensitive information by...

PT-2022-7275 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a potential use-after-free in the moxart remove function, where the mmc host structure could be accessed after it was freed. This could allow an attacker to...

PT-2022-1414 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.14 through 5.16.4 Description: The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the kernel/ucount.c file, when unprivileged user namespaces are enabled. This allows a ucounts...

PT-2022-1638 · Mariadb +10 · Mariadb +11

Name of the Vulnerable Software and Affected Versions: MariaDB affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processi...

PT-2022-5376

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.55 through 8.5.73 Apache Tomcat versions 9.0.35 through 9.0.56 Apache Tomcat versions 10.0.0-M5 through 10.0.14 Apache Tomcat versions 10.1.0-M1 through 10.1.0-M8 Description The issue is related to a time of check,...

PT-2021-7531 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.16-rc6 Description: An issue was discovered in the Linux kernel where the uapi finalize function in drivers/infiniband/core/uverbs uapi.c lacks a check of kmalloc array. This issue is related to a pointer...

PT-2021-16381 · WordPress · Modern Events Calendar Lite

Name of the Vulnerable Software and Affected Versions: The Modern Events Calendar Lite WordPress plugin versions prior to 6.1.5 Description: The issue is related to an unauthenticated SQL injection problem. It occurs because the time parameter is not properly sanitised and escaped before being us...

PT-2021-8215 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0-rc4-syzkaller Description: The vulnerability is related to the MPTCP component in the Linux kernel, which can cause a NULL pointer dereference when deleting an endpoint. This can lead to a general...

PT-2021-16372 · WordPress · Wordpress Online Booking/Scheduling Plugin

Name of the Vulnerable Software and Affected Versions: The WordPress Online Booking and Scheduling Plugin version 20.3.0 and earlier Description: The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Staff Full Name field is not properly escaped before being outputt...

PT-2021-1523 · Linux +11 · Linux Kernel +11

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16-rc4 Description: A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers. This issue occurs when users call close and fget simultaneously,...

PT-2021-6982 · Oracle +6 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.28 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server. It allows a high-privileged attacker with network access via multiple protocols to...

PT-2021-1392

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.48 and earlier Description: A crafted request uri-path can cause mod proxy to forward the request to an origin server chosen by the remote user. This issue is related to insufficient validation of incoming...

PT-2021-5091 · Apache +9 · Apache Http Server +9

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.48 and earlier Description: The issue is related to malformed requests that can cause the server to dereference a NULL pointer, potentially leading to a denial of service. This can be exploited by a remote...

PT-2021-14783 · Nitro · Nitro Pro Pdf

Name of the Vulnerable Software and Affected Versions: Nitro Pro PDF affected versions not specified Description: An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go o...

PT-2021-7295 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15 rc7 Description: The issue is related to incomplete cleanup of temporary or auxiliary resources in the arch/x86/kvm/lapic.c component of the Kernel-based Virtual Machine KVM subsystem in the Linux kernel...

PT-2021-7629

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw was found in the filelock init function in fs/locks.c of the Linux kernel. This issue can lead to host memory exhaustion due to memcg not limiting the number of Portable Operating...

PT-2021-21799 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.6.0 TensorFlow versions 2.5.1 and earlier TensorFlow versions 2.4.3 and earlier TensorFlow versions 2.3.4 and earlier Description: The implementation of fully connected layers in TFLite is vulnerable to a divisi...

PT-2021-4148 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.14-rc3 Description: A lack of CPU resource in the Linux kernel tracing module functionality was found in the way a user uses the trace ring buffer in a specific way. Only privileged local users, with CAP SYS...

PT-2021-3856 · Unknown +6 · Kubernetes Containerd +5

Name of the Vulnerable Software and Affected Versions: containerd versions prior to 1.4.8 and 1.5.4 Description: The issue is related to a bug in containerd that allows pulling and extracting a specially-crafted container image to result in Unix file permission changes for existing files in the...

PT-2021-14806 · Poweriso · Poweriso

Name of the Vulnerable Software and Affected Versions: PowerISO version 7.9 Description: A memory corruption issue exists in the DMG File Format Handler functionality. This can be triggered by a specially crafted DMG file, leading to an out-of-bounds write. An attacker can exploit this by providi...

PT-2021-3390 · Phpmailer +3 · Phpmailer +3

Name of the Vulnerable Software and Affected Versions: PHPMailer versions 6.4.1 and earlier Description: The issue is related to the validateAddress function in PHPMailer, which can lead to the execution of untrusted code if such code is injected into the host project's scope by other means. This...

PT-2021-4222 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.12.10 Description: The issue allows local users to obtain sensitive information from kernel stack memory because parts of a data structure are uninitialized. This is due to a lack of initialization of a certain...

PT-2021-7013 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue was found in the drm lease held function in drivers/gpu/drm/drm lease.c due to a race problem, allowing a local user privilege attacker to cause a denial of...

PT-2022-1369 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free flaw was found in the Linux kernel’s io uring subsystem, allowing a local user to crash or escalate their privileges on the system. This issue is related to the way a...

PT-2021-3379 · Linux +3 · Xen-Netback +3

Name of the Vulnerable Software and Affected Versions: Linux xen-netback affected versions not specified Description: A use-after-free issue exists in Linux xen-netback due to insufficient input validation. This can be triggered by a malicious or buggy network PV frontend sending a malformed...

PT-2021-4248

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.4 Description The issue is related to a Use After Free vulnerability in the NFC sockets of the Linux kernel. This vulnerability can be exploited by a local attacker to elevate their privileges. In typical...

PT-2021-18239 · Hedgedoc · Hedgedoc

Name of the Vulnerable Software and Affected Versions: HedgeDoc versions prior to 1.5.0 Description: The issue affects HedgeDoc, an open-source collaborative markdown editor, where an attacker can receive arbitrary files from the file system when exporting a note to PDF. This exploit requires the...

PT-2021-5273 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.30 through 2.4.48 Description: A carefully crafted request uri-path can cause mod proxy uwsgi to read above the allocated memory and crash, resulting in a denial of service DoS. The issue is related to the mod...

PT-2021-2653 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.11.12 Description: The issue is related to incorrect computation of branch displacements in BPF JIT compilers, allowing them to execute arbitrary code within the kernel context. This affects files...

PT-2021-18085 · Esri · Arcgis Desktop +3

Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier ArcGIS Desktop versions 10.8.1 and earlier ArcGIS Engine versions 10.8.1 and earlier ArcGIS Pro versions 2.7 and earlier Description: Multiple buffer overflow vulnerabilities exist when parsing a...

PT-2021-2461 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.11.9 Description: An issue in the Linux kernel is related to a use-after-free error in the vhost vdpa config put function. This occurs because v-config ctx has an invalid value when a character device is...

PT-2021-7027

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 8.5.0 through 8.5.63 Apache Tomcat versions 9.0.0-M1 through 9.0.43 Apache Tomcat versions 10.0.0-M1 through 10.0.2 Description The issue arises from insufficient validation of incoming TLS packets. When configured to us...

PT-2021-3001 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 3.2 through 5.10.16 Description: An issue was discovered in the Linux kernel, as used by Xen, where grant mapping operations in batch hypercalls are mishandled by Linux backend drivers when running in PV mode. This can...

PT-2021-11711 · Mautic · Mautic

Name of the Vulnerable Software and Affected Versions: Mautic versions prior to 2.16.5 Mautic versions prior to 3.2.4 Description: A cross-site scripting XSS issue in the forms component allows remote attackers to inject executable JavaScript via mauticreturn. This could allow an attacker...

PT-2021-3161 · Fasterxml +2 · Jackson-Databind +2

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.7.5 and earlier Description: The issue is related to the interaction between serialization gadgets and typing, specifically with the...

PT-2021-3160 · Fasterxml +3 · Jackson-Databind +3

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.x before 2.9.10.8 FasterXML jackson-databind versions 2.6.7.5 and earlier Description: The issue is related to the interaction between serialization gadgets and typing, specifically with...

PT-2021-11759 · Tenda · Tenda N300 F3

Name of the Vulnerable Software and Affected Versions: Tenda N300 F3 version 12.01.01.48 Description: The issue allows remote attackers to obtain sensitive information, possibly including an http passwd line, via a direct request for "cgi-bin/DownloadCfg/RouterCfm.cfg". The vulnerability may...

PT-2020-6650 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.6 Description: The issue is related to the FUSE filesystem implementation in the Linux kernel. It causes a system crash due to fuse do getattr calling make bad inode in inappropriate situations. The...

PT-2020-6661 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed in the llcp sock bind function of the NFC protocol in the Linux kernel. This could allow a local attacker to access...

PT-2020-6654 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The issue is related to the use of memory after it has been freed in the llcp sock connect function. This could potentially allow an attacker to escalate their privileges. The problem ...

PT-2022-2032

Name of the Vulnerable Software and Affected Versions Spring Framework versions prior to 5.2.20 and 5.3.18 Spring Boot versions prior to 2.5.12 and 2.6.6 libspring-aop-java - 4.3.22-4ubuntu0.1esm1 libspring-beans-java - 4.3.22-4ubuntu0.1esm1 libspring-context-java - 4.3.22-4ubuntu0.1esm1...

PT-2020-5487 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Intel Graphics Drivers versions prior to 26.20.100.7212 Linux kernel versions prior to 5.5 Description: The issue is related to improper input validation in some Intel Graphics Drivers, which may allow a privileged user to potentially enable ...

PT-2020-14703 · Tiki · Tiki

Name of the Vulnerable Software and Affected Versions: Tiki versions prior to 21.2 Description: The issue allows an attacker to set the admin password to a blank value after a certain number of invalid login attempts. There have been reports of activities targeting this issue. Recommendations: Fo...

PT-2020-15516 · Jenkins · Jenkins Role-Based Authorization Strategy Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Role-based Authorization Strategy Plugin versions 3.0 and earlier Description: The issue arises from the improper invalidation of a permission cache when the configuration is changed, resulting in permissions being granted based on an...

PT-2020-17233 · Python +4 · Py +4

Name of the Vulnerable Software and Affected Versions: py versions through 1.9.0 Description: A denial of service via regular expression in the py.path.svnwc component could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame...

PT-2020-13259 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop affected versions not specified Description: The issue is related to Broken Access Control in a function within Combodo iTop. This allows an unauthorized attacker to inject commands and disclose system information. Recommendation...