PT-2022-26884 · Unknown · Power Meter Sicam Q100

Name of the Vulnerable Software and Affected Versions: POWER METER SICAM Q100 versions prior to V2.50 Description: A vulnerability has been identified where affected devices do not renew the session cookie after login/logout and also accept user-defined session cookies. An attacker could overwrit...

PT-2022-7168 · Amd · Amd Ryzen

Name of the Vulnerable Software and Affected Versions: AMD Ryzen affected versions not specified Description: The issue is related to insufficient input validation in the System Management Mode SMM Supervisor firmware of AMD Ryzen processors. This could allow a remote attacker to elevate privileg...

PT-2022-5162 · Oracle +7 · Mysql Server +6

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.39 and prior MySQL Server versions 8.0.30 and prior Description: The issue is related to insufficient input validation in the Server: Optimizer component of MySQL Server, allowing a high-privileged attacker with...

PT-2022-6242 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A vulnerability was found in the Linux Kernel, classified as problematic. It affects the nilfs new inode function of the fs/nilfs2/inode.c file in the BPF component, leading to use aft...

PT-2022-25629 · Unknown · Transfer.Sh

Name of the Vulnerable Software and Affected Versions: Transfer.sh versions 1.4.0 and prior Description: The issue is related to Cross Site Scripting XSS and can be triggered via a malicious document uploaded in transfer.sh. There is no information about the estimated number of potentially affect...

PT-2022-24439 · Fpt · Fpt G-97Rg3 +1

Name of the Vulnerable Software and Affected Versions: FPT G-97RG6M version R4.2.98.035 FPT G-97RG3 version R4.2.43.078 Description: The issue allows for Remote Command Execution in the ping function. Recommendations: For FPT G-97RG6M version R4.2.98.035, consider disabling the ping function unti...

PT-2022-23493 · Unknown · Kkfileview

Name of the Vulnerable Software and Affected Versions: kkFileView version 4.0.0 Description: The issue allows for arbitrary file deletion via the fileName parameter at the /controller/FileController.java endpoint. Recommendations: For kkFileView version 4.0.0, consider restricting access to the...

PT-2022-23143 · Zitadel · Zitadel

Name of the Vulnerable Software and Affected Versions: ZITADEL versions 1.42.0 through 1.87.0 ZITADEL versions 1.56.0 through 1.87.0 ZITADEL version 2.x prior to 2.2.0 Description: The issue is related to a missing authorization check in the Actions feature, introduced in ZITADEL 1.42.0 on the AP...

PT-2022-16234 · WordPress · Simply Schedule Appointments

Name of the Vulnerable Software and Affected Versions: Simply Schedule Appointments WordPress plugin versions prior to 1.5.7.7 Description: The issue is related to missing authorization in a REST endpoint, allowing unauthenticated users to retrieve WordPress users' details, such as name and email...

PT-2022-23568 · Unknown · Ingredients Stock Management System

Name of the Vulnerable Software and Affected Versions: Ingredients Stock Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/items/view item.php" API endpoint. Recommendations: For...

PT-2022-19901 · Podman +11 · Podman +11

Name of the Vulnerable Software and Affected Versions: Buildah versions prior to 20.10.18 CRI-O versions prior to 20.10.18 Docker versions prior to 20.10.18 Moby Docker Engine versions prior to 20.10.18 Podman versions prior to 20.10.18 Description: The issue arises from an incorrect handling of...

PT-2022-19175 · Laravel · Laravel

Name of the Vulnerable Software and Affected Versions: laravel version 5.1 Description: A problematic issue was found, affecting some unknown processing, which leads to deserialization when manipulated. The attack can be initiated remotely. Recommendations: For laravel version 5.1, at the moment,...

PT-2022-4126

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition was found in the Linux kernel's memory subsystem, related to the copy-on-write COW breakage of private read-only shared memory mappings. This issue allows an unprivilege...

PT-2022-17535 · WordPress · Transposh Wordpress Translation Plugin

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions 1.0.8 and earlier Description: The issue allows access to sensitive actions, such as tp reset, under the Utilities tab, accessible via the /wp-admin/admin.php?page=tp utils endpoint. This...

PT-2022-9504 · WordPress +1 · Transposh Wordpress Translation Plugin +1

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions prior to 1.0.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the a parameter is not properly sanitised and escaped via an AJAX action. This...

PT-2022-3770 · Oracle +8 · Oracle Mysql Server +8

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 8.0.29 and prior Description: The issue is related to errors in resource release in the Server: Optimizer component of the Oracle MySQL Server. It can be exploited by a remote attacker to cause a denial of service...

PT-2022-6218 · Apache +10 · Apache Http Server +10

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.54 and prior versions Description: The issue is related to the inconsistent interpretation of HTTP requests, also known as 'HTTP Request Smuggling', in the mod proxy ajp module of the Apache HTTP Server. This...

PT-2022-6209 · Eclipse +2 · Eclipse Jetty +2

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.4.0 through 9.4.46 Eclipse Jetty versions 10.0.0 through 10.0.9 Eclipse Jetty versions 11.0.0 through 11.0.9 Description: The parsing of the authority segment of an http scheme URI in the Jetty HttpURI class improperl...

PT-2022-15268 · Sourcecodester · Sourcecodester Library Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Library Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown functionality of the file /librarian/bookdetails.php. The issue can be exploited through SQL injection by manipulatin...

PT-2022-6415 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19 Description: The issue is related to the misinterpretation of the get sg table return value in the Linux kernel's drivers/gpu/drm/arm/malidp planes.c file. This misinterpretation can lead to pointer...

PT-2022-11368 · Comodo +1 · Combodo Itop +1

Name of the Vulnerable Software and Affected Versions: Combodo iTop versions prior to 3.0.0-beta6 Description: The issue affects Combodo iTop, a web-based IT Service Management tool. In the affected versions, the export CSV page does not properly escape user-supplied parameters, allowing for...

PT-2022-2325

Name of the Vulnerable Software and Affected Versions Atlassian Jira Server and Data Center versions prior to 8.13.18 Atlassian Jira Server and Data Center versions 8.14.0 through 8.20.6 Atlassian Jira Server and Data Center versions 8.21.0 through 8.22.0 Atlassian Jira Service Management Server...

PT-2022-6858 · Oracle +10 · Java Se +12

Name of the Vulnerable Software and Affected Versions: Oracle Java SE versions 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition versions 20.3.5, 21.3.1, 22.0.0.2 Description: The issue is related to an unauthenticated attacker with network access via multiple protocols being ab...

PT-2022-13159 · Unknown · Janeczku/Calibre-Web

Name of the Vulnerable Software and Affected Versions: janeczku/calibre-web versions prior to 0.6.16 Description: The issue is related to improper access control in the janeczku/calibre-web GitHub repository. Recommendations: For versions prior to 0.6.16, update to version 0.6.16 or later to...

PT-2022-10: Local Authentication Restriction Bypass in HPE OneView

The vulnerability was identified in HPE OneView versions before 6.6. The discovered vulnerability allows an attaker to bypass local authentication restriction. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 29.03.2022 Recommendations: Update to version 6.6 Additional...

PT-2022-7714 · Ibm · Blackice Pc Protection

Name of the Vulnerable Software and Affected Versions: ISS BlackICE PC Protection affected versions not specified Description: A critical vulnerability was found in the Cross Site Scripting Detection component of ISS BlackICE PC Protection. The issue allows for privilege escalation through...

PT-2022-4540 · Unknown +5 · Xen Hypervisor +5

Name of the Vulnerable Software and Affected Versions: Xen hypervisor affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the blkfront driver of the Xen hypervisor. Exploitation of this issue may allow an attacker to cause a...

PT-2022-2087 · Intel +9 · Intel Processors +12

Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Intel Core i7-1185G7 Intel Core i9-12900K Haswell series Description: The issue is related to non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors,...

PT-2022-4531 · Xen +5 · Xen +5

Name of the Vulnerable Software and Affected Versions: Xen affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the Xen hypervisor's paravirtualization PV mode implementation. This can be exploited to cause a denial of service...

PT-2022-7490 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to a race condition in the configfs component of the Linux kernel. When configfs register subsystem or configfs unregister subsystem is executing link grou...

PT-2022-1640 · Mariadb +10 · Mariadb +11

Name of the Vulnerable Software and Affected Versions: MariaDB affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processi...

PT-2023-32690 · Emarsys · Emarsys Sdk For Android

Name of the Vulnerable Software and Affected Versions: SAP Emarsys SDK for Android affected versions not specified Description: The issue is due to a lack of proper authorization checks in the Emarsys SDK for Android, allowing an attacker to call a particular activity and forward web pages and/or...

PT-2022-5340 · Corel · Coreldraw Graphics Suite

Name of the Vulnerable Software and Affected Versions: CorelDRAW Graphics Suite version 23.5.0.506 Description: The issue is related to a read past the end of an allocated object when parsing PDF files, due to the lack of proper validation of user-supplied data. This can allow an attacker to...

PT-2022-11194 · Autodesk · Autodesk Inventor

Name of the Vulnerable Software and Affected Versions: Autodesk Inventor versions 2019 through 2022 Description: The issue is related to an Information Disclosure vulnerability when parsing JT files, which, in conjunction with other vulnerabilities, may lead to code execution through maliciously...

PT-2022-1608 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.5 Description: An issue was discovered in the Linux kernel, which is related to a memory leak in the yam siocdevprivate function in drivers/net/hamradio/yam.c. This issue can be exploited to cause a denial ...

PT-2022-1414 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 5.14 through 5.16.4 Description: The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the kernel/ucount.c file, when unprivileged user namespaces are enabled. This allows a ucounts...

PT-2022-1638 · Mariadb +10 · Mariadb +11

Name of the Vulnerable Software and Affected Versions: MariaDB affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this issue. The specific flaw exists within the processi...

PT-2022-13245 · Htmldoc +4 · Htmldoc +4

Name of the Vulnerable Software and Affected Versions: htmldoc version 1.9.15 Description: A vulnerability was found in htmldoc where the stack out-of-bounds read takes place in the gif get code function and occurs when opening a malicious GIF file, which can result in a crash segmentation fault...

PT-2022-1761 · Expat +12 · Expat +12

Name of the Vulnerable Software and Affected Versions: Expat aka libexpat versions prior to 2.4.3 Description: The issue is related to an integer overflow in the nextScaffoldPart function in xmlparse.c of the Expat library. This could allow a remote attacker to execute arbitrary code...

PT-2021-24242 · Unknown · Cve-Search

Name of the Vulnerable Software and Affected Versions: cve-search versions prior to 4.1.0 Description: The issue in cve-search allows regular expression injection, which can lead to ReDoS regular expression denial of service or other impacts. This occurs in the lib/DatabaseLayer.py file...

PT-2021-22893 · R3D Sdk · R3D Sdk

Name of the Vulnerable Software and Affected Versions: R3D SDK affected versions not specified Description: The issue arises when the R3D SDK parses a file submitted to the DPDecoder service as a job. It mistakenly skips the assignment of a property containing an object that refers to a UUID pars...

PT-2021-5592 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.15.11 Description: A use-after-free exists in the TEE subsystem of the Linux kernel due to a race condition in tee shm get from id during an attempt to free a shared memory object. This issue is related to the...

PT-2021-16381 · WordPress · Modern Events Calendar Lite

Name of the Vulnerable Software and Affected Versions: The Modern Events Calendar Lite WordPress plugin versions prior to 6.1.5 Description: The issue is related to an unauthenticated SQL injection problem. It occurs because the time parameter is not properly sanitised and escaped before being us...

PT-2021-16372 · WordPress · Wordpress Online Booking/Scheduling Plugin

Name of the Vulnerable Software and Affected Versions: The WordPress Online Booking and Scheduling Plugin version 20.3.0 and earlier Description: The issue is related to a Stored Cross-Site Scripting problem. It occurs because the Staff Full Name field is not properly escaped before being outputt...

PT-2021-16366 · WordPress · Wps Hide Login

Name of the Vulnerable Software and Affected Versions: WPS Hide Login WordPress plugin versions prior to 1.9.1 Description: The issue allows an unauthenticated user to discover the secret login page by setting a random referer string and making a request to /wp-admin/options.php. This can be...

PT-2021-20957 · Hitachi Energy · Pwc600 +5

Name of the Vulnerable Software and Affected Versions: Hitachi Energy Relion 670 Series versions 2.0 through 2.2.3.4 Hitachi Energy Relion 670 Series version 2.2.4 Hitachi Energy Relion 670/650 Series versions 2.1 through 2.2.0 Hitachi Energy Relion 670/650 Series version 2.2.4 Hitachi Energy...

PT-2021-6393 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.27 and prior Description: The issue is related to errors in resource release in the MySQL Server product, specifically in the Server: Optimizer component. It allows a high-privileged attacker with network access via...

PT-2021-23860 · Mozilla +2 · Firefox +2

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 94 Description: The issue allows a website to potentially steal authentication tokens by tricking a user into copying and pasting an image link that contains the token. This can happen when an image triggers...

PT-2021-7231 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw in the btrfs alloc tree b function in the Linux kernel's btrfs file system, specifically in fs/btrfs/extent-tree.c, is due to an improper lock operation. This issue can cause a...

PT-2021-7118 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.15-rc1 Description: The issue is related to the io-workqueue implementation in the Linux kernel, which lacks protection of internal data. This can be exploited to cause a denial of service. A local user with...