CVE-2025-22457 - Critical Stack-Based Buffer Overflow Vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2025-2825: Authentication Bypass Vulnerability in CrushFTP and How to Protect Your Data and Systems
CVE-2025-1098: Arbitrary Code Execution Vulnerability in ingress-nginx Via Malicious Ingress Annotations
CVE-2025-29907 - Denial of Service Vulnerability in jsPDF prior to 3..1 via User-Controlled addImage Method Argument
CVE-2025-30066 - tj-actions Changed-Files Vulnerability Enables Remote Attackers to Uncover Secrets through Action Logs
CVE-2025-24855: Use-After-Free Vulnerability in numbers.c of libxslt Before 1.1.43
CVE-2025-25291: Authentication Bypass Vulnerability Found in ruby-saml Parsers
CVE-2025-25292: Authentication Bypass Vulnerability Found in Ruby-SAML Prior to Versions 1.12.4 and 1.18. Due to Parser Differential
CVE-2025-21864 - Linux Kernel Vulnerability Resolved: tcp: drop secpath at the same time as we currently drop dst
CVE-2025-21852 - Linux Kernel Null Pointer Dereference Vulnerability in net: Add rx_skb of kfree_skb to raw_tp_null_args[] Fixed
CVE-2025-27363: Exploring the Out of Bounds Write Vulnerability in FreeType 2.13. and Below
CVE-2025-27516 - Arbitrary Code Execution Vulnerability by Bypassing Jinja's Sandboxed Environment
CVE-2025-27111: Log Injection Vulnerability in Rack Middleware and How to Protect Your Ruby Server
CVE-2025-1937: Uncovering Memory Safety Bugs in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and Thunderbird 128.7
CVE-2025-22226: VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability in HGFS - Potential Memory Leak Exploit
CVE-2025-25724: list_item_verbose Buffer Overflow Vulnerability in libarchive's tar/util.c Leading to Denial of Service and Unspecified Impact
CVE-2025-1413: Critical Vulnerability found in DaVinci Resolve on macOS, Opening a Pathway to Dylib Hijacking & Privilege Escalation
CVE-2024-53427 - decNumberCopy Stack-based Buffer Overflow in jq 1.7.1 when Dealing with NaN Values
CVE-2025-22869: Denial of Service Attack on SSH Servers Implementing File Transfer Protocols via Slow Key Exchange
CVE-2025-22868 - Memory Consumption Vulnerability: Malformed Tokens Can Lead to Denial of Service Attacks
CVE-2021-4453: Fixing a potential GPU metrics table memory leak in drm/amd/pm of the Linux kernel
CVE-2025-20051 - Arbitrary File Read Vulnerability in Mattermost Boards Due to Insufficient Input Validation
CVE-2025-1412: Privilege Escalation Vulnerability in Mattermost Versions 9.11.x <= 9.11.6, 10.4.x <= 10.4.1
CVE-2025-0633 - A Sneak Peek into Heap-based Buffer Overflow in iniparser_dumpsection_ini() and How to Exploit it
CVE-2025-25473 - NULL Pointer Dereference Vulnerability in FFmpeg's libavformat/mov.c Component: Exploit Details and Patches Unveiled
CVE-2025-24928 - Stack-based Buffer Overflow in Libxml2: A Deep Dive into xmlSnprintfElements in valid.c
CVE-2025-25896: Buffer Overflow Vulnerability in D-Link DSL-3782 v1.01 Leading to Denial of Service Attacks
CVE-2024-56171 - Exploring the Use-After-Free vulnerability in libxml2 before 2.12.10 and 2.13.x before 2.13.6
CVE-2025-24895 - Critical Vulnerability in CIE.AspNetCore.Authentication Allows Attackers to Impersonate Users
CVE-2025-1390 - Libcap's PAM Module Incorrectly Recognizes Group Names, Leading to Privilege Escalation
CVE-2025-26793 - Hirsch Enterphone MESH Default Credential Vulnerability Exposes Private Resident Information in Multiple Buildings
CVE-2024-57790: IXON B.V. IXrouter IX240 Hardcoded Root Credentials Vulnerability - Unauthorized Access and Exploitation Risks
CVE-2025-22961 - Critical Information Disclosure Vulnerability in GatesAir Maxiva UAXT, VAXT Transmitters: Exploiting Incorrect Access Control for Unauthorized Database Access
CVE-2025-22960 - Session Hijacking Vulnerability in GatesAir Maxiva UAXT and VAXT Transmitters
CVE-2023-34399: Mercedes-Benz NTG6 Head-Unit Integer Overflow in Boost Library Causing Vulnerability in Profile Settings Import/Export
CVE-2025-21700: Linux Kernel Vulnerability Fixed in net: sched - Disallow Replacing of Child qdisc from One Parent to Another
CVE-2024-7102 - Unauthorized Pipeline Trigger in GitLab CE/EE Affecting Versions 16.4 to 17.5.
CVE-2024-36293: Exploring The Improper Access Control Vulnerability In Intel(R) Processors With Intel(R) SGX
CVE-2025-25743: Uncovering Command Injection Vulnerability in D-Link DIR-853 A1 FW1.20B07's SetVirtualServerSettings Module
CVE-2025-0516: A Deep Dive into GitLab CE/EE's Improper Authorization Vulnerability (Versions 17.7-17.7.4, 17.8-17.8.2)
CVE-2025-25202 - Ash Authentication Revoked Token Vulnerability in Elixir Applications
CVE-2024-40591: Improper Privilege Assignment Vulnerability in Fortinet FortiOS Allows Unauthorized Super-Admin Access
Critical Vulnerability CVE-2025-22467 Found in Ivanti Connect Secure: Stack-Based Buffer Overflow can Lead to Remote Code Execution
CVE-2025-26408 - The Vulnerability of JTAG Interface on Wattsense Bridge Devices for Firmware Exploitation with Physical Access
CVE-2025-24970 - Netty Framework Vulnerability: SslHandler Packet Validation Issue Can Lead to Native Crash
CVE-2025-25188 - Hickory DNS: Security vulnerability in DNSSEC validation leads to misplacement of trust
CVE-2025-25186: Net::IMAP Vulnerability - Denial of Service by Memory Exhaustion in Ruby's Response Parser
CVE-2025-21691: Linux Kernel Cachestat Vulnerability Resolved with Permission Checks
CVE-2025-21689 - USB: Serial: quatech2: Fixing Null-ptr-deref Issue in Linux Kernel's qt2_process_read_urb()
CVE-2025-21692: Linux Kernel Vulnerability - ETS Qdisc Out-of-Bound Indexing Fixed
CVE-2025-21684: Linux kernel vulnerability in gpio xilinx resolved
CVE-2025-0674 - Authentication Bypass Vulnerability in Multiple Elber Products: Unauthorized Password Management Access and Exploitation
[CVE-2024-57079] Prototype Pollution Vulnerability in @zag-js/core v.50. Allows Attackers to Cause a Denial of Service (DoS)
CVE-2025-23419: How an Attacker Can Bypass Client Certificate Authentication in Nginx Servers using Session Resumption
CVE-2025-0665 - libcurl: Eventfd File Descriptor Incorrectly Closed Twice Due to Threaded Name Resolve
CVE-2025-0509: Bypassing Sparkle's (Ed)DSA Signature Checks in Versions Prior to 2.64
CVE-2025-1012: Uncovering the Race Condition during Concurrent Delazification leading to Use-After-Free Vulnerability in Older Versions of Firefox and Thunderbird
CVE-2025-1018: Fullscreen Notification Spoofing in Firefox and Thunderbird
CVE-2025-1011 - Critical WebAssembly Code Generation Vulnerability in Firefox, Firefox ESR, and Thunderbird
CVE-2025-21679: Fixing the Linux Kernel Vulnerability - Btrfs Error Handling in "get_canonical_dev_path"
CVE-2025-21675 - Linux kernel vulnerability resolved in net/mlx5: Clear port select structure when failed to create
CVE-2025-21670: Preventing NULL Pointer Dereference in Linux Kernel vsock/bpf with Early Transport Check
CVE-2025-21678 - Resolved Linux Kernel Vulnerability: GTP Device Destruction with UDP Socket's Netns Dismantle
CVE-2025-21667 - Preventing Linux Kernel Vulnerability in iomap Write Operations
CVE-2025-21668: Linux Kernel Vulnerability in pmdomain: imx8mp-blk-ctrl - Resolved
CVE-2024-57948: Linux Kernel Fix for Corrupted List in mac802154
CVE-2024-47900 - Unauthorized GPU Access Vulnerability: Exploiting Improper GPU System Calls for OOB Kernel Memory Access
CVE-2024-23921 Revealed: ChargePoint Home Flex Charging Stations Vulnerable to Network-Adjacent Attacks
CVE-2023-6195: Server Side Request Forgery (SSRF) Vulnerability in GitLab CE/EE Affecting Imports from GitHub Repositories
CVE-2025-24500: Unauthenticated Access To PAM Database Information
CVE-2024-11187: BIND 9 Resource Consumption Vulnerability Exploitation with Specially Crafted Zone Queries
Exploring CVE-2024-57965: Understanding the Axios Vulnerability and its Resolution in Version 1.7.8
CVE-2024-40669: Local Escalation of Privilege in TBD due to Use After Free
CVE-2025-24130: An In-Depth Analysis of macOS File System Security Vulnerability, Exploitation Techniques, and Remediations
CVE-2025-24115: macOS Path Handling Security Vulnerability Fixed with Improved Validation
CVE-2023-47159 - IBM Sterling File Gateway User Enumeration Vulnerability
CVE-2024-43707: Unauthorized Access to Elastic Agent Policies in Kibana Revealing Sensitive Information
CVE-2024-57724: In-Depth Analysis of Segmentation Fault in Lunasvg v3.. and How to Exploit It
CVE-2025-24400 - Jenkins Eiffel Broadcaster Plugin Cache Key Vulnerability Leads to Illegitimate Signing of Events
CVE-2024-31903: Critical Vulnerability in IBM Sterling B2B Integrator Standard Edition Leads to Arbitrary Code Execution
CVE-2024-49737 - A Closer Look at Local Privilege Escalation in WindowOrganizerController.java's applyTaskFragmentOperation
CVE-2024-49735 - Local Escalation of Privilege Exploit Leveraging Resource Exhaustion to Override Permissions Settings
CVE-2025-22150: Undici HTTP/1.1 Client Vulnerability due to Predictable Boundary in Multipart Requests
CVE-2025-21662: Linux Kernel net/mlx5 Vulnerability Resolved - Variable Completion Fixed in cmd_work_handler()
CVE-2025-21663: Linux Kernel Vulnerability Resolved in Nvidia Tegra MGBE Controllers
CVE-2024-57946 - Linux Kernel Vulnerability in Virtio-blk Resolved: Avoid Queue Freeze Deadlocks during System Suspend
CVE-2025-21656: Resolving Linux Kernel Vulnerability in hwmon (drivetemp)
CVE-2024-57940: Fixing the Infinite Loop in exfat_readdir() in the Linux Kernel
CVE-2024-57939: RISC-V Linux Kernel Vulnerability Fixed in die() Function
CVE-2025-23086 – Origin Misattribution Vulnerability in Brave Browser
CVE-2025-22620 - Security Vulnerability in gitoxide's Permissions Handling Prior to .17.
CVE-2024-13176 - Timing Side-Channel Vulnerability in ECDSA Signature Computation
CVE-2024-57922 - Fix for Divide-by-Zero Error in drm/amd/display on Linux Kernel
CVE-2024-57915 - A Detailed Look at the Withdrawn Security Vulnerability
CVE-2024-57913 - Linux Kernel Vulnerability Resolved in functionfs_bind to Prevent Kernel Panic due to Race Condition
CVE-2024-57917: Linux kernel vulnerability resolved - topology: Keep the cpumask unchanged when printing cpumap
CVE-2024-57904: iio: adc: at91: call input_free_device() in Linux Kernel
CVE-2025-21654 - Resolving Vulnerability in Linux Kernel: OVL Encoding FID from Inode with No Alias
CVE-2025-21647: Linux kernel vulnerability in sch_cake scheduler resolved
CVE-2025-21651: Linux Kernel Vulnerability Resolved in net: hns3 - Preventing Auto-Enable Misc Vector
CVE-2025-21645: Linux Kernel Vulnerability Resolved in Platform/x86/amd/pmc
CVE-2025-21632 - Linux Kernel Vulnerability Resolved: Ensuring Active Shadow Stack before "Getting" Registers
CVE-2025-21631 - Linux Kernel Block, BFQ: Resolving waker_bfqq UAF after bfq_split_bfqq() Vulnerability
CVE-2020-0436: What happened and why it was rejected by the CVE Numbering Authority?
CVE-2025-23208 - Zot Image Registry Group Revocation/Removal Ignored, leading to potential Unauthorized Access
CVE-2022-0303 - A Closer Look at the Alleged Vulnerability and Why It's Not a Concern
CVE-2022-20128 - Rejected Reason and Overview of the Withdrawn Vulnerability
CVE-2018-9379 - Local Information Disclosure in MiniThumbFile.java Due to Confused Deputy
CVE-2018-9382: Analyzing the Wi-Fi Hotspot Vulnerability in WifiServiceImpl.java
CVE-2025-0518 - Unchecked Return Value, Out-of-bounds Read Vulnerability in FFmpeg Allows Reading Sensitive Constants Within an Executable
CVE-2025-22146: Critical Vulnerability in Sentry SAML SSO Implementation and Steps to Mitigate the Risk
CVE-2024-12084: Uncovering a Heap-Based Buffer Overflow Vulnerability in rsync Daemon with Exploit Details and Solutions
CVE-2025-21629: Resolving Linux Kernel Vulnerability in net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets
CVE-2024-57897: Linux Kernel Vulnerability in drm/amdkfd Resolved: Correcting Migration DMA Map Direction
CVE-2024-57901 - Linux Kernel af_packet Vulnerability Fixed: "vlan_get_protocol_dgram() vs MSG_PEEK"
CVE-2024-57883 - Linux Kernel Vulnerability: Independent PMD Page Table Shared Count in mm: hugetlb
CVE-2024-12088: Rsync '--safe-links' option fails to properly verify symbolic links, leading to path traversal vulnerability
CVE-2024-57876 - Fixing Memory Corruption Vulnerability in Linux kernel's drm/dp_mst
CVE-2024-57838: Linux Kernel Vulnerability Update: s390/entry - Improved Stack Depot Filtering and De-duplication
CVE-2024-56788 - net: ethernet: oa_tc6: Fixing tx skb Race Condition between Reference Pointers in Linux Kernel
CVE-2024-57791 - Resolving Linux Kernel Vulnerability in net/smc by Checking Return Value of sock_recvmsg
CVE-2024-55881 - Linux Kernel KVM x86 Vulnerability in Complete_Hypercall_Exit() Resolved
CVE-2024-53690: Linux Kernel Vulnerability in nilfs2 Resolved - Prevent Use of Deleted Inode
CVE-2024-41935: Linux Kernel f2fs Vulnerability - Fix to Shrink Read Extent Node in Batches
CVE-2024-13041: Critical External Groups Configuration Issue in GitLab CE/EE Allows Unauthorized Access to Internal Projects and Groups
CVE-2025-0306 - Ruby Interpreter Vulnerable to Marvin Attack: Decrypt and Forge Signatures Exploit
CVE-2023-38037 - Information Disclosure Vulnerability in ActiveSupport::EncryptedFile
CVE-2023-27531 - Critical Deserialization of Untrusted Data Vulnerability in Kredis JSON Deserialization Code
CVE-2024-56787: Resolved Linux Kernel Vulnerability in i.MX8M Plus Hardware - soc: imx8m: Probe the SoC driver as platform driver
CVE-2024-55459: Unpacking Exploit in Keras 3.7. that Allows Arbitrary Files to Be Written to User's System Through a Crafted Tar File via get_file Function
CVE-2025-0239 - Alt-Svc and ALPN Certificate Validation Issue in Firefox and Thunderbird
CVE-2025-21614: Denial of Service Vulnerability Found in Go-Git Library
CVE-2025-21613 - Argument Injection Vulnerability in Go-Git Library: Exploitation and Mitigation Details
CVE-2024-56767 - Security Patch for Linux Kernel DMAEngine at_xdmac Vulnerability
CVE-2024-56761: Resolving x86/fred Vulnerability in Linux Kernel - Clear WFE in missing-ENDBRANCH #CPs
CVE-2024-56760 - Resolved Vulnerability in Linux Kernel: PCI/MSI Handling Lack of IRQ Domain Gracefully
CVE-2024-56759: Linux Kernel BTRFS Use-After-Free Vulnerability Resolved, Mitigates Potential Exploits
CVE-2023-6601: Bypassing Unsafe File Extension Checks in FFmpeg's HLS Demuxer Through Base64-Encoded Data URIs
CVE-2024-21464: Memory Corruption while Processing IPA Statistics with No Active Clients Registered
CVE-2024-20154 - Out of Bounds Write Exploit in Modem Firmware Leading to Remote Code Execution
CVE-2024-56332 - Denial of Service (DoS) Vulnerability in Next.js Server Actions
CVE-2025-22275: iTerm2 Remote Information Disclosure Vulnerability via /tmp/framer.txt File
CVE-2023-47523 - Missing Authorization Vulnerability in Ecreate Infotech Auto Tag Creator Exploiting Incorrectly Configured Access Control Security Levels
CVE-2023-45828 - Missing Authorization Vulnerabilities in RumbleTalk Live Group Chat Allow Exploitation of Incorrectly Configured Access Control Security Levels
CVE-2024-56734 – Open Redirect Vulnerability in TypeScript's Better Auth Library's Verify Email Endpoint
CVE-2024-56748: Linux Kernel SCSI Memory Leak Vulnerability Resolved with a Fix in qedf_alloc_and_init_sb()
CVE-2024-56726 - Resolution of Linux kernel vulnerability in octeontx2-pf: Handling otx2_mbox_get_rsp errors in cn10k.c
CVE-2018-25107: Perl's Crypt::Random::Source Package's Security Vulnerability - Falling Back to the Insecure Built-in Rand() Function
CVE-2024-56703: Linux Kernel Soft Lockup Vulnerability in fib6_select_path Due to High Next Hop Churn Resolved
CVE-2024-56701: Fixing Vulnerability in the Linux Kernel - PowerPC/pSeries - DTL Access Lock
CVE-2024-56699 - Linux Kernel s390/pci: Fix Potential Double Remove of Hotplug Slot Vulnerability
CVE-2024-56700: Resolved Linux Kernel Vulnerability in media: wl128x: Fix atomicity violation in fmc_send_cmd()
CVE-2024-56658: Linux Kernel Resolves Net Vulnerability "net: defer final 'struct net' free in netns dismantle"
CVE-2024-56644 - Resolved Linux Kernel Vulnerability: Net/IPv6 Exception Dst Cache Leak
CVE-2024-56633: Linux Kernel TCP_BPF Memory Accounting Vulnerability Resolved
CVE-2024-56614: Linux Kernel xsk OOB Map Write Vulnerability
CVE-2024-56589: Resolving Linux Kernel Vulnerability in SCSI - hisi_sas Driver
CVE-2024-56592 - Resolving a Linux Kernel Vulnerability: bpf_map_fd_put_ptr() and htab_unlock_bucket()
CVE-2024-56584 - Linux Kernel io_uring/tctx Vulnerability and Resolution
CVE-2024-56585: Linux Kernel Vulnerability in LoongArch Fixed for PREEMPT_RT
CVE-2024-56583 - Linux Kernel sched/deadline Warning Fix for Boosted Tasks
CVE-2024-56586: Linux Kernel Vulnerability - f2fs_bug_on in f2fs_evict_inode Resolved
CVE-2024-56576 - Fix for Linux kernel crash in the media: i2c: tc358743 probe error path when using polling
CVE-2024-56562 - Linux Kernel i3c Master Vulnerability Resolved: Fix for Miss Free init_dyn_addr at i3c_master_put_i3c_addrs()
CVE-2024-56548 - Resolved Linux Kernel Vulnerability: HFSPlus Device Logical Block Size Query
CVE-2024-56533: Resolved Linux Kernel Vulnerability in ALSA: usx2y - Using snd_card_free_when_closed() at Disconnection
CVE-2024-53233 - Resolved Linux Kernel Unicode Vulnerability: Fix utf8_load() Error Path
CVE-2024-53234 - EROFS Warning in Linux Kernel: Handling NONHEAD !delta[1] lclusters gracefully
CVE-2024-53220: F2FS Linux Kernel Vulnerability Resolved in __get_secs_required()
CVE-2024-53214: Fixing the Linux Kernel Vulnerability - Hiding First-in-List PCIe Extended Capability
CVE-2024-53219: Resolving Linux Kernel Vulnerability in Virtiofs by Using Pages Instead of Pointer for Kernel Direct IO
CVE-2024-53209: Linux Kernel Vulnerability Resolved - bnxt_en: Fixing Receive Ring Space Parameters When XDP is Active
CVE-2024-53183: Resolved Linux Kernel Vulnerability Involving UML Network
CVE-2024-53172: Resolving the "ubi: fastmap: Fix duplicate slab cache names while attaching" Vulnerability in the Linux Kernel
CVE-2024-53169: Linux Kernel Vulnerability Resolved - nvme-fabrics: Fix Kernel Crash While Shutting Down Controller
CVE-2024-53160 - Fixing Data-Race in Linux Kernel's __mod_timer / kvfree_call_rcu Functions
CVE-2024-53241: Linux Kernel Fixes x86/xen Vulnerability – Bypassing PV Iret Hypercalls Through Hypercall Page
CVE-2024-56378 - Critical Out-of-Bounds Read Vulnerability in libpoppler.so of Poppler through 24.12.: Exploit Details, Code Snippets, and References
CVE-2024-35141 - IBM Security Verify Access Docker 10.. to 10..6 Privilege Escalation Vulnerability
CVE-2022-44518: Use-After-Free Vulnerability in Acrobat Reader DC Could Allow Arbitrary Code Execution
CVE-2022-44519: Uncovering a Use-After-Free Vulnerability in Acrobat Reader DC
CVE-2022-44515 - Out-of-Bounds Read Vulnerability in Adobe Acrobat Reader DC Results in ASLR Bypass
CVE-2024-45338 - Critical Denial of Service Vulnerability in Parse Functions: Analyzing Vulnerabilities, Exploits, and Possible Mitigations
CVE-2024-12698 - Incomplete Fix for OSE-OLM-Catalogd-Container Leaves Authenticated Streams Vulnerable to Rapid Reset Exploitation
CVE-2024-8650 - GitLab Merge Request Vulnerability: Unresolved Threads of Internal Notes in Public Projects Exposed to Non-Member Users
CVE-2024-55956: Critical Vulnerability in Cleo Harmony, VLTrader, and LexiCom Allowing Unauthenticated Users to Import and Execute Arbitrary Bash or PowerShell Commands
CVE-2024-53845: ESPTouchV2 AES/CBC Mode Vulnerability in IoT Connection Protocol
CVE-2024-49124 - An Insight into the Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability
CVE-2024-53005 - Substance3D Modeler Out-of-Bounds Read Vulnerability Leading to Sensitive Memory Disclosure and Potentially Bypassing ASLR
CVE-2024-49530: Use After Free Vulnerability in Acrobat Reader Potentially Leading to Arbitrary Code Execution
CVE-2024-49531: Critical NULL Pointer Dereference Vulnerability in Acrobat Reader (Versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier)
CVE-2024-53866: pnpm Package Manager Vulnerability Allows Cross-Workspace Code Execution
CVE-2024-37143 - Critical Vulnerability in Dell PowerFlex and Related Products: Improper Link Resolution Before File Access
CVE-2023-47776: Missing Authorization Vulnerability in miniOrange OTP Verification Plugin allows Exploiting Incorrectly Configured Access Control Security Levels
CVE-2024-42494: Unauthorized Information Disclosure in Ruijie Reyee OS (versions 2.206.x - 2.319.x)
CVE-2024-53907 - Potential Denial-of-Service Attack via Strip_Tags() Method and Striptags Template Filter in Django
CVE-2024-53141: Linux Kernel Vulnerability Resolved in netfilter: ipset - Missing Range Check in bitmap_ip_uadt
CVE-2024-53142: initramfs Filename Buffer Overrun Vulnerability in Linux Kernel Resolved
CVE-2024-52798 - Path-to-Regexp Performance Degradation Exploit and the Importance of Upgrading to Version .1.12
CVE-2018-9439: An In-Depth Look into Unregister_prot_hook and Packet_release Exploits in af_packet.c
CVE-2024-53133 – Linux Kernel Vulnerability Resolved: drm/amd/display - Handling DML Allocation Failure to Avoid Crash
CVE-2024-53131: Resolved Vulnerability in Linux Kernel - nilfs2: Fixing Null-ptr-deref in block_touch_buffer Tracepoint
CVE-2024-53129: Linux Kernel's drm/rockchip: vop Vulnerability Resolved
CVE-2024-53125: Linux Kernel BPF Vulnerability - sync_linked_regs() Subreg_Def Preservation
CVE-2024-37303 - Unauthenticated Remote Media Download Vulnerability in Synapse Matrix Homeserver
CVE-2024-53110: Critical Vulnerability in Linux Kernel Fixed, vp_vdpa Module Patched to Prevent Null-Terminated Error and Undefined Memory Access
CVE-2024-52003: Critical Vulnerability in Traefik's X-Forwarded-Prefix Header Handling - How to Identify and Fix It
CVE-2023-52922 - Linux Kernel Vulnerability: Use-After-Free issue in can: bcm: bcm_proc_show() function
CVE-2024-38309: Buffer Overflow Vulnerabilities in V-SFT, TELLUS, and TELLUS Lite Software Suites
CVE-2024-53858 - GitHub CLI Security Vulnerability - Leaking Authentication Tokens
CVE-2024-36464: Exposing Passwords in YAML Export – A Closer Look at the Security Implications and Best Practices for Exporting Media Types in YAML Configuration
CVE-2024-42331 - Heap Use-After-Free Vulnerability in Zabbix Server Duktape JavaScript Engine
CVE-2024-42332 - SNMP Authentication Bypass and Forged Data Injection in Zabbix UI
CVE-2024-8114 - GitLab CE/EE Privilege Escalation Vulnerability via Personal Access Tokens
CVE-2024-11696: Bypassing Add-On Signature Validation in Firefox and Thunderbird due to Unhandled Exceptions in `loadManifestFromFile` Method
CVE-2024-52811: A Buffer Overflow Vulnerability in ngtcp2 Project Due to Unvalidated ACKs in QUIC Protocol Implementation
CVE-2024-53899: Command Injection Vulnerability in virtualenv Before 20.26.6 - Exploit Details, Code Snippets, and Original References
CVE-2024-10220 - Kubernetes Kubelet Arbitrary Command Execution via GitRepo Volumes
CVE-2024-52804: Tackling the Quadratic Complexity Issue in Tornado's Cookie Parsing Method and How it Affects the Computational Performance
CVE-2024-53094 - RDMA/siw: Resolving Linux Kernel Vulnerability with Sendpage_ok() Check
CVE-2022-43937: Exploring the Information Exposure Through Log File Vulnerability in Brocade SANnav
CVE-2024-53084: Linux Kernel Vulnerability Resolved - drm/imagination Object Reference Loop Broken
CVE-2024-53065 - Linux Kernel Vulnerability Resolved: mm/slab Fix for Warning Due to Duplicate kmem_cache Creation in kmem_buckets_create
CVE-2024-53070 - Fixing Vulnerability in Linux Kernel: usb: dwc3: Crash During System Suspend if Device was Already Runtime Suspended
CVE-2024-53051 - Preventing Kernel Null Pointer Dereference in Linux with Encoder Check for Intel_hdcp_get_capability
CVE-2024-53050 - Linux Kernel Vulnerability Resolution in drm/i915/hdcp: Encoder Check Added in intel_hdcp2_get_capability
CVE-2024-53054: Linux Kernel cgroup/bpf Use a Dedicated Workqueue for Cgroup BPF Destruction
CVE-2024-53057: Resolving Linux kernel vulnerability in net/sched
CVE-2024-53052: Handling Deadlocks in Linux Kernel via io_uring
CVE-2024-48990: Local Privilege Escalation in needrestart through Arbitrary Code Execution as Root
CVE-2024-21539: Regular Expression Denial of Service (ReDoS) Vulnerability in eslint-plugin-kit Versions Before .2.3 - Exploit Details and Mitigation Measures
CVE-2024-48901: Critical Vulnerability Found in Moodle - Unauthorized Access to Report Schedules
CVE-2024-48896 - A Critical Vulnerability Uncovered in Moodle Allowing Unauthorized User Information Access Via Messaging System
CVE-2024-0793: Kube-controller-manager DoS Vulnerability due to Flawed HPA Config Parsing
CVE-2024-52308 - Remote Code Execution Vulnerability in GitHub CLI 2.6.1 and Earlier
CVE-2022-2232: LDAP Injection Vulnerability in Keycloak Package – Bypassing Username Lookup and Potential Exploits
CVE-2024-10977: Understanding the PostgreSQL Client Vulnerability and Mitigation Steps
CVE-2024-10979: Unprivileged Database User Gains Control of Sensitive Environment Variables in PostgreSQL PL/Perl, Enabling Arbitrary Code Execution
CVE-2023-34049: Salt-SSH Vulnerability Allows Attackers to Execute Unauthorized Scripts on Target VMs using Predictable File Paths
CVE-2024-11168: Improper Validation of IPv6 and IPvFuture Brackets in urllib.parse.urlsplit() and urlparse() functions, leading to Security Risks
CVE-2024-8534: Memory Safety Vulnerability in NetScaler ADC and Gateway Causing Memory Corruption and Denial of Service
CVE-2024-21538: Regular Expression Denial of Service (ReDoS) Vulnerability in cross-spawn until version 7..4
CVE-2024-10318: Session Fixation Vulnerability in NGINX OpenID Connect Reference Implementation
CVE-2024-50136 - Linux Kernel Vulnerability Resolved in net/mlx5: Unregister Notifier on Eswitch Init Failure
CVE-2024-50084: Linux Kernel Vulnerability Resolved in Net: Microchip: VCAP API
CVE-2024-50082: Linux Kernel Vulnerability Resolved - blk-rq-qos: Fix Crash on rq_qos_wait vs. rq_qos_wake_function Race
CVE-2024-50085: Linux Kernel Vulnerability - mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
CVE-2024-50087: Linux Kernel Vulnerability Resolved: btrfs Uninitialized Pointer Free on read_alloc_one_name() Error
CVE-2024-50068 Resolved: Linux Kernel Memory Leak Fix in damon_sysfs_test_add_targets()
CVE-2024-38821: Bypassing Spring Security Authorization Rules on Static Resources in WebFlux Applications
CVE-2024-49757: Bypassing Self-Registration Restriction in Zitadel Identity Infrastructure Software
CVE-2023-52918 - Linux Kernel Media PCI CX23885 Vulnerability Resolved with Proper NULL Pointer Check
CVE-2024-41713: Critical Path Traversal Vulnerability in Mitel MiCollab's NuPoint Unified Messaging Component
CVE-2024-50064 – Memory Leak Resolved in Linux Kernel ZRAM: Freeing Secondary Algorithms Names
CVE-2024-50049: Linux Kernel DRM/AMD/display Vulnerability Resolved - Null Pointer Dereferencing Issue Fixed
CVE-2024-50058: Linux Kernel Vulnerability in uart_shutdown() - UART Port Access Safeguard
CVE-2024-50048 - Resolving NULL Pointer Dereference Issue in fbcon_putcs within the Linux Kernel
CVE-2024-47744 - KVM Deadlock Vulnerability in Linux kernel Resolved with Dedicated Mutex
CVE-2024-9680: Use-After-Free Vulnerability in Animation Timelines Exploited in the Wild, Affecting Firefox and Thunderbird Versions
CVE-2024-31227 - Redis Server Panic and Denial of Service in ACL Selector
CVE-2024-31449 - Redis Lua Scripting Stack Buffer Overflow Vulnerability: What You Need to Know and How to Fix It
CVE-2024-31228: Denial-of-Service Vulnerability in Redis Due to Unbounded Recursion
CVE-2024-33066 - Memory Corruption Vulnerability in Log File Redirection
CVE-2024-9407: Exploring a Vulnerability in Dockerfile RUN --mount Instruction's bind-propagation Option
CVE-2024-46857 - Linux Kernel Vulnerability in net/mlx5 Fixed: Preventing Crashes during Bridge Mode Operations without VFs
CVE-2024-46867 - Linux Kernel Deadlock Resolved in drm/xe/client show_meminfo()
CVE-2024-46847 - Linux Kernel Vulnerability in mm: vmalloc Module
CVE-2024-47076: CUPS libcupsfilters Vulnerability – Lack of Sanitization of IPP Attributes from an IPP Server
CVE-2024-45614: Puma Web Server Issue with Proxy Header Clobbering
CVE-2024-46791: Fixing Deadlock in Linux Kernel's MCP251x Open Function
CVE-2024-46795 - Linux Kernel Vulnerability Resolved: Unset the binding mark of a reused connection in ksmbd
CVE-2024-6685 - GitLab Group Runners Information Disclosure Vulnerability Affecting Multiple Versions
CVE-2024-46691: Linux Kernel USB Type-C Vulnerability Resolved
CVE-2024-45590: DoS Attack on body-parser Node.js Middleware in Versions <1.20.3
CVE-2024-7341: Session Fixation Vulnerability in Keycloak SAML Adapters Leading to Security Risks
CVE-2024-45296 - Path-to-Regexp Vulnerability Leading to Potential Denial of Service Attacks
CVE-2024-8372 - Bypass Image Source Restrictions in AngularJS through Insufficient Sanitization of 'srcset' Attribute
CVE-2024-37288 - Kibana Vulnerability: Deserialization Issue Leading to Arbitrary Code Execution for Users Utilizing Elastic Security's AI Tools and Amazon Bedrock Connector
CVE-2023-46809: Node.js Versions Vulnerable to Marvin Attack via Unpatched OpenSSL and PKCS #1 v1.5 Padding in RSA Decryption
CVE-2024-44995 - Linux Kernel Vulnerability in net: hns3 Fixed, Avoiding Deadlock When Configuring TC During Reset
CVE-2024-44989 - Resolving Vulnerability in Linux Kernel Bonding: Fix xfrm Real_dev Null pointer Dereference
CVE-2024-45000: Linux Kernel fs/netfs/fscache_cookie NULL Pointer Dereference Vulnerability Resolved
CVE-2024-44981 - Resolving 'subtraction overflow' error in shift_and_mask() function of Linux kernel workqueue
CVE-2024-6119 - Certificate Name Check Denial of Service Vulnerability in Applications
CVE-2024-44946: Resolving a Linux Kernel Vulnerability with kcm_sendmsg() Serialization
CVE-2024-8210 - Critical Vulnerability in D-Link NAS Devices Leads to Command Injection
CVE-2024-41879: Critical Out-of-bounds Write Vulnerability in Acrobat Reader Versions 127..2651.105 and Earlier, Potentially Resulting in Arbitrary Code Execution
CVE-2024-44935 - Linux kernel vulnerability resolved: sctp null-ptr-deref in reuseport_add_sock()
CVE-2024-43907: Fixing Null Pointer Dereference in Linux Kernel drm/amdgpu/pm
CVE-2024-44933: Linux Kernel Security Patch Addresses Memory Out-of-Bounds Vulnerability in bnxt_en Module
CVE-2024-43905 - Linux Kernel Security Patch: Resolving a Vulnerability in drm/amd/pm Module for Vega10_hwmgr
CVE-2024-27185: Addressing the Pagination Class Arbitrary Parameters Issue and Cache Poisoning Exploits in Web Applications
CVE-2024-7305: Unveiling the Out-of-Bounds Write Vulnerability in Autodesk AutoCAD due to Maliciously Crafted DWF File
CVE-2024-7592: Unraveling the Low Severity CPython http.cookies' Module Vulnerability and Its Exploit
CVE-2024-42269 - Linux Kernel Vulnerability Fixed in netfilter:iptables, Preventing Null Pointer Dereference in ip6table_nat_table_init()
CVE-2024-42270 - Linux Kernel netfilter iptables Null Pointer Dereference Vulnerability Fixed
CVE-2024-42268 - Linux Kernel Vulnerability Resolved: net/mlx5 Missing Lock on Sync Reset Reload
CVE-2023-52889 - Linux Kernel AppArmor NULL Pointer Dereference Vulnerability Resolved
CVE-2024-6384 - MongoDB Enterprise Vulnerability: Underprivileged Users Downloading "Hot" Backup Files
CVE-2024-42479 - The Critical Vulnerability in llama.cpp, Explained, and Fixed in b3561
CVE-2024-7610 - GitLab CE/EE Denial of Service (DoS) Vulnerability via Elasticsearch Result Parsing
CVE-2024-42245: Linux Kernel Vulnerability Involving Sched/Fair Reverted to Prevent System Lockups
CVE-2024-42243 Linux Kernel Vulnerability: mm/filemap: Make MAX_PAGECACHE_ORDER Acceptable to XArray
CVE-2024-42248: Linux Kernel tty: serial: ma35d1 Vulnerability and its Resolution - A Deep Dive into the Code
CVE-2024-7264: Exploring the Vulnerability in libcurl's ASN1 Parser Code and its Impact on Applications
CVE-2024-42231: Linux Kernel Btrfs Zone Mode Vulnerability Resolved
CVE-2024-42226 - Preventing Potential Failure in the Linux Kernel's USB XHCI Handle_tx_event() for Transfer Events Without TRB
CVE-2024-42223: Linux Kernel Media DVB-Frontends TDA10048 Integer Overflow Fix
CVE-2024-42084 - Resolved Linux Kernel Vulnerability: ftruncate with Signed Offset
CVE-2024-42083: Fixing Kernel Panic in the Linux Kernel due to Multi-Buffer Handling in ionic_run_xdp()
CVE-2024-42080: Resolving RDMA/restrack Vulnerability in the Linux Kernel to Prevent Invalid Address Access
CVE-2024-40897: Stack-based Buffer Overflow Vulnerability in ORC Versions Prior to .4.39
CVE-2024-6327: Exploring the Insecure Deserialization Vulnerability in In Progress Telerik Report Server and Remote Code Execution
CVE-2024-6197 - Libcurl ASN.1 UTF8 String Parser Memory Corruption Vulnerability
CVE-2024-41836: NULL Pointer Dereference Vulnerability in InDesign Desktop - Explained with Exploit Details and Remediations
CVE-2024-41010: Linux Kernel Vulnerability in bpf Resolved - Fix for Too Early Release of tcx_entry
CVE-2024-6595: Critical vulnerability in GitLab allows NPM package conflict, patch now available
CVE-2022-48840: Linux Kernel iavf Hang during Reboot/Shutdown Fixed
CVE-2022-48842: Linux Kernel ice Vulnerability Fixed - Race Condition during Interface Enslave
CVE-2022-48841 - Linux Kernel NULL Pointer Dereference Vulnerability Resolution in ice_update_vsi_tx_ring_stats()
CVE-2022-48828 - Linux Kernel NFSd ia_size Underflow Vulnerability Analysis and Fix
CVE-2024-23794: Privilege Escalation Vulnerability in OTRS Inline Editing Functionality
CVE-2024-40960 - Linux Kernel IPv6 NULL Dereference Vulnerability Resolved
CVE-2024-31317 - Local Privilege Escalation in ZygoteProcess.java due to WRITE_SECURE_SETTINGS & Unsafe Deserialization
CVE-2024-3651: Quadratic Complexity Vulnerability in kjd/idna Library idna.encode() Function
CVE-2024-39477: Linux Kernel Vulnerability Resolved - mm/hugetlb: Do Not Call vma_add_reservation Upon ENOMEM
CVE-2024-39474 - Linux Kernel Vulnerability in vmalloc Fixed (mm/vmalloc)
CVE-2024-39473 - ASoC: SOF: ipc4-topology: Fixing Input Format Query of Process Modules without Base Extension in the Linux Kernel
CVE-2024-39483: KVM: SVM: Resolved Vulnerability Warns on vNMI + NMI Window if NMIs are Outright Masked
CVE-2024-39484: Linux Kernel Vulnerability Resolved in MMC Driver
CVE-2024-29510 - Memory corruption and SAFER sandbox bypass in Artifex Ghostscript prior to 10.03.1 via format string injection with uniprint device
CVE-2024-6323 - Unauthorized Access to Private Repository Content via Global Search in GitLab EE
CVE-2024-38629: Fixing Linux Kernel Vulnerability in dmaengine: idxd Module By Avoiding Unnecessary Destruction of file_ida
CVE-2024-36978 - Linux Kernel Vulnerability in net: sched: sch_multiq: Resolved through OOB Write Fix in multiq_tune()
CVE-2024-37891 - Unintended Exposure of Proxy-Authorization Header in urllib3 for Python
CVE-2024-32896 - Exploiting a Logic Error to Bypass Security Measures and Achieve Local Escalation of Privilege
CVE-2024-5688: Garbage Collection Timing leads to Use-After-Free Exploit in Firefox and Thunderbird
CVE-2024-22298 - Missing Authorization Vulnerability in TMS Amelia ameliabooking version 1..98
CVE-2024-32503 - Critical UAF Vulnerability Discovered in Samsung Mobile and Wearable Processors: Exynos 850, Exynos 108, Exynos 210, Exynos 128, Exynos 138, Exynos 133, Exynos W920, Exynos W930
CVE-2024-33655: Exploring the "DNSBomb" Issue in DNS Protocol and Guidelines to Prevent Traffic Amplification
CVE-2024-35428 - ZKTeco ZKBio CVSecurity 6.1.1 Vulnerable to Directory Traversal via BaseMediaFile, Leading to DoS Conditions
CVE-2024-36938: Mitigation of NULL Pointer Dereference Vulnerability in Linux Kernel's sk_psock_skb_ingress_enqueue
CVE-2024-36925 - Linux Kernel Vulnerability Resolved: SWIOTLB Initialisation for Restricted Pool when SWIOTLB_DYNAMIC=y
CVE-2024-36926: Resolving LPAR Panics During Boot Up with a Frozen PE in the Linux Kernel
CVE-2024-36904 - Linux Kernel Use-After-Free Vulnerability in tcp_twsk_unique()
CVE-2024-35333: Uncovering a Stack-Buffer-Overflow Vulnerability in html2xhtml 1.3's read_charset_decl Function
CVE-2024-35311: Yubico YubiKey 5, Security Key, YubiKey Bio, and YubiKey 5 FIPS Incorrect Access Control Vulnerability
CVE-2024-34161 - NGINX HTTP/3 QUIC Module Memory Leak Vulnerability - How to Detect and Mitigate It
CVE-2024-36426 - TARGIT Decision Suite Securing Session Token Vulnerability in Versions Prior to Autumn 2023 Update
CVE-2024-22588: Kwik Commit 745fd4e2 Fails to Discard Unused Encryption Keys – A Crucial Security Weakness
CVE-2021-47549 - Resolving sata_fsl UAF Vulnerability in Linux Kernel
CVE-2024-31843 - Command Injection Vulnerability in Italtel Embrace 1.6.4 and Exploit Details
CVE-2024-5143: Exploiting Device Administrative Privileges to Reveal Sensitive SMTP Server Credentials
CVE-2024-4978: Justice AV Solutions Viewer Setup 8.3.7.250-1 Vulnerability to Malicious Binary Execution and Authenticode Signature Exploitation
CVE-2024-29851 - Veeam Backup Enterprise Manager: High-privileged User's Theft of NTLM Hash of Enterprise Manager Service Account
CVE-2024-29852: Unauthorized Access to Backup Session Logs in Veeam Backup Enterprise Manager
CVE-2021-47449: Resolving Linux Kernel Vulnerability in Ice Tx Timestamp Tracking Flush
CVE-2024-34274: Deserialization of Untrusted Data Vulnerability Found in OpenBD 20210306203917-6cbe797
CVE-2023-52773: Fixing Linux Kernel Vulnerability - NULL Pointer Dereference in AMDGPU DM I2C XFER
CVE-2023-52752: Linux Kernel SMB Client Use-After-Free Vulnerability Fixed
CVE-2024-36004: Linux Kernel Vulnerability in i40e Workqueue Flags Resolved
CVE-2024-35982 - Resolving the batman-adv Infinite Loop Vulnerability in Linux Kernel
CVE-2024-36053 - Vulnerability in Mintupload Package (Service-Name Mishandling) Leading to Command Injection Exploits in Linux Mint
CVE-2024-35944 - Linux Kernel Vulnerability Resolved: VMCI Fix for memcpy() Run-Time Warning in dg_dispatch_as_host()
CVE-2024-35855: Linux Kernel Vulnerability Resolved in mlxsw Spectrum ACL TCAM Activity Update
CVE-2024-35844 - Linux Kernel Vulnerability in f2fs: Compress - Reserve_cblocks Counting Error When Out of Space Fixed
CVE-2023-45733 - An In-Depth Look into a Race Condition Vulnerability in Intel(R) Processors: A Partial Information Disclosure Threat
CVE-2024-3727 Vulnerability: A Comprehensive Guide on GitHub Repository Exploit and Addressing the Security Flaw in Containers Image Library
CVE-2024-35204: Veritas System Recovery Vulnerability - Incorrect Permissions Allow for Low-Privilege User Attacks
CVE-2024-29157: Exploring a Heap Buffer Overflow Vulnerability in HDF5 and How to Exploit It
CVE-2024-27401 - Addressing Linux Kernel Vulnerability in the Firewire Nosy: Ensuring Safe Packet Content Fetching with User_length
CVE-2024-27397 - Netfilter nf_tables Vulnerability Resolved Using Timestamp to Check Set Element Timeout in Linux Kernel
CVE-2024-4436: Incomplete Fix for etcd Package in Red Hat OpenStack Platform - How to Identify and Mitigate the Vulnerability
CVE-2024-33601: NSCD Netgroup Cache Memory Allocation Failure leading to Denial of Service
CVE-2024-34069: Werkzeug Debugger's Security Vulnerability Allows Code Execution on Developer's Machine
CVE-2023-44429: GStreamer AV1 Codec Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability - Critical Impact and Potential Exploit Paths
CVE-2023-49606 - Use-After-Free Vulnerability in Tinyproxy: Exploit Analysis and Mitigation
CVE-2024-27080: Linux Kernel Vulnerability in btrfs Fixed: Delalloc Ranges Detection Race Issue
CVE-2024-27389 - Linux Kernel Vulnerability: Resolving 'pstore: inode: Only d_invalidate() is needed'
CVE-2024-27079: Linux Kernel IOMMU/vt-d Vulnerability Fixed - NULL Domain on Device Release
CVE-2024-27392: Fixing Double-Free Vulnerability in Linux Kernel's NVMe Host
CVE-2024-27051: Understanding the Linux Kernel Patch "cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value"
CVE-2024-27063: Resolving Linux Kernel Vulnerability in leds: trigger: netdev
CVE-2024-27043 - Critical Use-After-Free Vulnerability Resolved in Linux Kernel Media Subsystem
CVE-2024-27038: Linux Kernel Vulnerability Resolved - clk: Fix clk_core_get NULL Dereference
CVE-2024-27030: Resolved Vulnerability in Linux Kernel with Separate Handlers for OcteonTX2-AF Interrupts
CVE-2024-27034: Resolved f2fs Kernel Vulnerability in Linux - Protecting Data Integrity in Compressed Clusters
CVE-2024-27031: Linux Kernel NFS Vulnerability Fixed - Deadlock Issue Resolved in nfs_netfs_issue_read() xarray Locking
CVE-2024-27048: Addressing the Linux Kernel Vulnerability in the brcm80211 Driver (Wi-Fi)
CVE-2024-27035: F2FS Compression Vulnerability in Linux Kernel Fixed by Ensuring Persistence of Compressed Blocks During Checkpoint
CVE-2024-27029: Getting to Know the Fixed Linux Kernel Vulnerability - drm/amdgpu: fix mmhub client id out-of-bounds access
CVE-2024-27027: Linux Kernel DPLL Vulnerability Resolved - dpll: fix dpll_xa_ref_*_del() for Multiple Registrations
CVE-2024-27014 - Preventing deadlock in Linux kernel while disabling aRFS (Address Resolution Features)
CVE-2024-27021: Resolving Linux r8169 driver's LED-related deadlock on module removal
CVE-2024-27013 - Limit Printing Rate in Linux Kernel Tun Device to Mitigate Soft Lockup Vulnerability
CVE-2024-27012 - Linux Kernel Vulnerability Resolved: Netfilter-nf_tables-Restore Set Elements When Delete Set Fails
CVE-2024-27004: Linux Kernel Vulnerability in clk Resolved
CVE-2024-27002: Linux Kernel Vulnerability in Mediatek Clock Controller Probing Resolved
CVE-2024-26995 - Critical Off-By-One Vulnerability in the Linux Kernel USB Type-C Power Delivery Manager Resolved
CVE-2024-26989: Linux kernel arm64 hibernate vulnerability - Fix level 3 translation fault in swsusp_save()
CVE-2024-26992 – Linux Kernel Adaptive PEBS Vulnerability Fixed; Full Breakdown and Analysis
CVE-2024-26981 - An overview of nilfs2 OOB Vulnerability Fix in Linux Kernel
CVE-2024-26984 - Linux Kernel Vulnerability in Nouveau Fixed: Race Condition Around Pointer Stores
CVE-2024-26978: Linux Kernel Vulnerability Resolved in Serial MAX310x Driver to Prevent NULL Pointer Dereference
CVE-2024-26974: Resolving Race Condition Vulnerability in Linux Kernel's Crypto: QAT during AER Recovery
CVE-2024-26969: Linux Kernel Vulnerability in clk: qcom: gcc-ipq8074 Frequency Table Arrays Fixed
CVE-2024-26970: Linux Kernel Vulnerability Resolved in clk: qcom: gcc-ipq6018 Frequency Table Arrays
CVE-2024-26971: Linux Kernel Vulnerability Fixed in clk: qcom: gcc-ipq5018 Frequency Table Arrays
CVE-2024-26966: Fixing the Vulnerability in Linux Kernel's Frequency Table Arrays
CVE-2024-26961: Linux Kernel mac802154 LLSEC Key Resources Release Vulnerability
CVE-2024-26958: Linux Kernel NFS Vulnerability - Fixing UAF in Direct Writes
CVE-2024-26955 - Linux Kernel Vulnerability Resolved: nilfs2 Prevents Kernel Bug at submit_bh_wbc()
CVE-2024-26956 - Fixing Linux Kernel Vulnerability in nilfs2: Detecting DAT Corruption in btree and Direct Mappings
CVE-2024-26951: Linux Kernel Vulnerability in WireGuard Netlink Resolved
CVE-2024-26953 - Linux Kernel 'net: esp' Vulnerability Fix: Bad Handling of Pages from page_pool
CVE-2024-26950: WireGuard Netlink Vulnerability Resolved in Linux Kernel with Improved Performance and Security
CVE-2024-26947: ARM Flushing Page Tables Vulnerability in Linux Kernel
CVE-2024-26946: Linux Kernel Vulnerability in Kprobes/x86 Resolved - Preventing Kernel Panic, and Ensuring System Stability
CVE-2024-26949 - A Detailed Look at the Linux Kernel Vulnerability Fix, 'drm/amdgpu/pm: Fix NULL pointer dereference when get power limit'
CVE-2024-26939: Linux kernel DRM/i915 VMA Fix UAF on destroy against retire race vulnerability
CVE-2024-26940 - Linux Kernel drm/vmwgfx Vulnerability Resolved with Debugfs TTM_RESOURCE_MANAGER Entry Condition
CVE-2024-26941: Linux Kernel DRM/DP Vulnerability Fixed - Divide By Zero Regression on DP MST Unplug with Nouveau
CVE-2024-26931: Linux Kernel Vulnerability - SCSI Command Flush on Cable Pull Fixed
CVE-2024-26929 - Linux Kernel Vulnerability Resolved: SCSI qla2xxx Double Free of fcport
CVE-2024-33899 - RARLAB WinRAR Security Vulnerability on Linux and UNIX Platforms
CVE-2024-26926: Offset Alignment Check Added to binder_get_object() in Linux Kernel to Prevent Data Leakage
Linux Kernel Vulnerability CVE-2024-26924: Avoiding Crashes with netfilter's nft_set_pipapo
CVE-2024-26922 - A Comprehensive Look at the Linux Kernel Vulnerability Resolution in drm/amdgpu and How to Analyze the Code Snippets
CVE-2024-2961: A Deep Dive into the Potential Buffer Overflow in Glibc's iconv() Function
CVE-2024-26891: Linux kernel vulnerability due to ATS Invalidation request when device is disconnected
CVE-2024-26892 - Resolving Use-After-Free Vulnerability in Linux Kernel's wifi mt76 Module
CVE-2024-26898 - Resolving Use-After-Free Vulnerability (CVE-2023-627) in the Linux Kernel AoE Driver
CVE-2024-26862 - Data Race Vulnerability in Linux Kernel Packet Handling Resolved
CVE-2024-26865: Linux Kernel Vulnerability Fixed in rds_tcp Module
CVE-2024-26870: Linux kernel vulnerability in NFSv4.2 resolved - Fixing the nfs4_listxattr kernel BUG
CVE-2024-26877: Linux Kernel Crypto Xilinx Vulnerability Resolved with BH Disabled
CVE-2024-26876: Linux Kernel Vulnerability Patched: drm/bridge: adv7511: fixes crash on irq during probe
CVE-2024-26879: Resolved Vulnerability in the Linux Kernel - Missing Clocks in axg_clk_regmaps
CVE-2023-52644: Linux Kernel Vulnerability in DMA Tx Path Resolved When QoS is Disabled
CVE-2024-26859 - Resolving Linux Kernel Vulnerability in net/bnx2x: Preventing Access to a Freed Page in Page_Pool and Fixing Race Condition during EEH Error Handling
CVE-2024-2243 - Critical Vulnerability in CSMock Allowing Unauthorized Access to Confidential Snyk Authentication Tokens and Arbitrary Command Execution on OSH Workers
CVE-2024-3093 - A Deep Dive into Understanding and Exploiting the Vulnerability of a ROT-13 Implementation
CVE-2024-29740 - Exploiting a Local Privilege Escalation Vulnerability in tmu_set_table of tmu.c
CVE-2024-26809 - Linux Kernel netfilter Vulnerability: nft_set_pipapo Double Release Fixed
CVE-2024-26656 - Linux Kernel drm/amdgpu Vulnerability Resolved: Fixing Use-After-Free Bug
CVE-2024-26654 - Fixing a Use-After-Free Bug in the Linux Kernel's ALSA Subsystem with Proper Cleanup Reordering
CVE-2024-30203 - Untrusted Inline MIME Contents in Emacs Gnus before 29.3: Exploiting the Vulnerability
CVE-2024-29943: Out-of-Bounds Read/Write Exploit on a JavaScript Object in Firefox < 124..1
CVE-2023-52620: Addressing Netfilter Vulnerability - nf_tables Timeout for Anonymous Sets in Linux Kernel
CVE-2024-2614 - Memory Safety Bugs in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8: A Deep Dive into the Vulnerability and How to Exploit It
CVE-2024-2609: Permission Prompt Input Delay Vulnerability in Firefox, Firefox ESR, and Thunderbird, Leading to Clickjacking Exploits
CVE-2024-26617 - Linux Kernel Vulnerability Resolved: Task MMU Notification Mechanism Moved Inside MM Lock
CVE-2024-26611: Linux kernel vulnerability resolved in xsk with fix for usage of multi-buffer BPF helpers for ZC XDP
CVE-2024-26616 - Avoiding Use-After-Free in Btrfs Scrub When Chunk Length Is Not 64K Aligned
CVE-2024-26613 - Understanding the Rejected Vulnerability and Why It Matters
CVE-2024-26615: Linux Kernel Vulnerability Resolved - net/smc: Fix Illegal rmb_desc Access in SMC-D Connection Dump
CVE-2024-26620: Linux Kernel S390/VFIO-AP Vulnerability Resolved with Complete AP Matrix Filtering
CVE-2024-26608: Linux Kernel ksmbd_nl_policy Global Out-Of-Bounds Read Fixed with Placeholder
CVE-2023-52498 - Resolving Deadlocks in Linux Kernel: PM Sleep
CVE-2023-52493 - Linux Kernel Vulnerability Resolved: Bus MHI Host Drops Chan Lock Before Queuing Buffers
CVE-2023-52486: Linux Kernel Vulnerability Resolved in drm_mode_page_flip_ioctl()
CVE-2023-52487: A Deep Look into the Resolved Linux Kernel Vulnerability - net/mlx5e Peer Flow Lists Handling
CVE-2023-52496: Understanding the Rejected Vulnerability and Its Implications
CVE-2024-26624: Unravelling the Mystery of the Withdrawn Vulnerability
CVE-2024-26625: Linux Kernel Vulnerability - LLC Socket Use-After-Free Fixed
CVE-2023-52603: Linux Kernel Vulnerability Resolved - UBSAN Array-Index-Out-Of-Bounds in dtSplitRoot
CVE-2023-52583: Resolving Vulnerability in Linux Kernel - Ceph: Fix Deadlock or Deadcode of Misusing dget()
CVE-2021-47079 - Resolved Vulnerability in the Linux Kernel: Fixing a NULL Pointer Dereference in the Platform/x86 Ideapad-Laptop
CVE-2021-47072: Linux Kernel Vulnerability Resolved in Btrfs - Removed Dentries Still Existing After Log is Synced
CVE-2021-47081: Linux Kernel Vulnerability - habanalabs/gaudi: Fixing Potential Use-After-Free in gaudi_memset_device_memory
CVE-2021-47069: Linux Kernel Vulnerability Resolved in ipc/mqueue, msg, sem - Avoiding Reliance on an Expired Stack Reference
CVE-2023-52497: EROFS-Inplace LZ4 Decompression Issue Fixed in Linux kernel
CVE-2021-47068 - Linux Kernel net/nfc Vulnerability Resolved: How to Address the Use-after-free Issue in llcp_sock_bind/connect
CVE-2021-47055 - Linux Kernel mtd Vulnerability: Require Write Permissions for Locking and Badblock ioctls
CVE-2021-47060 - Resolving Linux Kernel Vulnerability: KVM Stops Looking for Coalesced MMIO Zones If Bus Destroyed
CVE-2021-46959: Resolving Use-After-Free Vulnerability in Linux Kernel (spi)
CVE-2023-52476: Linux Kernel Vulnerability - Resolving 'perf/x86/lbr: Filter vsyscall addresses'
"CVE-2024-25262: Critical Heap Buffer Overflow Found in Texlive-Bin: Exploit Details, Fixes, and Prevention Measures"
CVE-2024-26559: Uncovering Sensitive Information Through uverif v.2. Vulnerability
CVE-2021-47047: Linux Kernel Vulnerability Fixed in SPI Controller
CVE-2021-47049: Linux Kernel Vulnerability Resolved – Use After Free in __vmbus_open()
CVE-2021-47043 - Linux Kernel's Media Venus Core Resource Leaks and Fixes involving 'venus_probe()'
CVE-2021-47051 - Fixing PM Reference Leak in the Linux Kernel (spi: fsl-lpspi)
CVE-2021-47040: Official Resolution of Linux Kernel Vulnerability in io_uring
CVE-2021-47025: Linux Kernel Vulnerability Resolved in IOMMU/Mediatek
CVE-2021-47033: Unraveling the mt76: mt7615 Vulnerability in the Linux Kernel and its Fix
CVE-2021-47019 - mt76: mt7921: Fixing Possible Invalid Register Access in the Linux Kernel
CVE-2021-47032: A Fix for the Linux Kernel Vulnerability in mt76: mt7915 that Leaks DMA Mapping Entries
CVE-2021-46998 - Linux Kernel Ethernet Vulnerability Fixed: Use After Free Bug in Ethernet Driver Resolved
CVE-2021-47003 - Linux Kernel Vulnerability: Fixing Null Dereference in dmaengine: idxd
CVE-2021-46999 - Resolving Panic Vulnerability in Linux Kernel SCTP Module
CVE-2021-47006 - Resolved Linux Kernel Vulnerability in ARM Hardware Breakpoint Handler
CVE-2021-46987: Fixing Deadlock in Linux Kernel when Cloning Inline Extents and Using Qgroups
CVE-2021-46989: Linux Kernel HFS+ Vulnerability - Preventing Corruption in Shrinking Truncate
CVE-2021-46978: Understanding the Linux Kernel Vulnerability and Its Resolution in KVM Nested Virtualization
CVE-2021-46992: Resolving Vulnerability in Linux Kernel Netfilter nftables
CVE-2021-46995: Linux Kernel Vulnerability Resolved in can: mcp251xfd: mcp251xfd_probe(): Fixing an Error Pointer Dereference in Probe
CVE-2020-36785 - Addressing the Linux Kernel Vulnerability: Use After Free Exploit in AtomISP Alloc_CSS_STAT_BUFs()
CVE-2021-46964 - Linux Kernel Vulnerability: SCSI "qla2xxx" Driver Crashes
CVE-2021-46961 - Linux Kernel Vulnerability: Handling Spurious Interrupts Fixed in irqchip/gic-v3
CVE-2021-46956 - Critical Memory Leak Issue Fixed in the Linux Kernel’s virtiofs: virtio_fs_probe()
CVE-2024-25398 - Srelay v.4.8p3 Denial of Service Vulnerability
CVE-2024-25711: Diffoscope Directory Traversal Vulnerability via Embedded Filenames in GPG Files
CVE-2024-27356 - Critical File Download Vulnerability Found in GL-iNet Devices: What You Need to Know
CVE-2024-22543: Privilege Escalation Vulnerability Impacting Linksys Router E170 1..04 (build 3)
CVE-2019-25161 - Understanding the Rejected Vulnerability and Its Implications
CVE-2024-27456 - Critical Permission Flaw in rack-cors 2..1 Could Allow Unauthorized Access
CVE-2024-27447: Understanding the Vulnerability and Exploit in Pretix before 2024.1.1
CVE-2022-34357 - Denial of service vulnerability in IBM Cognos Analytics Mobile Server 11.1.7, 11.2.4, and 12..
CVE-2024-21502 - Fastecdsa Package Vulnerability (Use of Uninitialized Variable) in Versions Prior to 2.3.2
CVE-2024-25730: Hitron CODA Modems Vulnerable to Insufficient PSK Entropy Exposing Millions of Devices
CVE-2021-33162 - Local Privilege Escalation in Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability Firmware
CVE-2021-33153: In-Depth Analysis of a Vulnerable JavaScript Library and its Exploitation
CVE-2021-33146: Information Disclosure via Network Access in Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability Firmware
CVE-2021-33143: Discovering the Vulnerability, Analyzing the Exploit, and Understanding the Solution
CVE-2021-33151: Understanding the Vulnerability, Exploring its Exploits, and Discussing its Mitigations
CVE-2021-33158 - Privilege Escalation via Local Access in Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability Firmware
CVE-2021-33112: Uncovering the Security Flaw, Its Exploit, and the Importance of Patching Your Vulnerabilities
CVE-2021-33072: A Deep Dive into the Critical Vulnerability and Exploit Details
CVE-2021-33121 - Unveiling the Intricacies of a Significant Vulnerability and How Exploiters Might Take Advantage
CVE-2024-25748 - Critical Stack-Based Buffer Overflow Vulnerability in Tenda AC9 AC9 v3.
CVE-2022-25377: Appwrite ACME-challenge Directory Traversal Vulnerability
CVE-2024-25385: Analyzing the Vulnerability in flvmeta v1.2.2 That Allows Attackers to Cause a Denial of Service Attack
CVE-2024-25851 - Explained: Netis WF278 v2.1.40144 Command Injection Vulnerability via config_sequence
CVE-2024-23127 - Heap-based Overflow Vulnerability in Autodesk Applications Using ODXSW_DLL.dll and libodxdll.dll
CVE-2024-25251 - Agro-School Management System 1. Incorrect Access Control Vulnerability
CVE-2023-49100 - Trusted Firmware-A (TF-A) Out-of-Bounds Read in SDEI Service and Its Implications
CVE-2023-52442 - Linux kernel ksmbd vulnerability (session id and tree id validation in compound request)
CVE-2023-42877 - Understanding the Vulnerability, Patch Details and Exploit Mitigation
CVE-2023-42860 - Permissions Issue Allowing Unauthorized File System Modification on macOS
CVE-2023-42835 - macOS Sonoma 14.1 Addresses Logic Issue Allowing Unauthorized Access to User Data
CVE-2023-52437 - A Deep Dive into the Withdrawn Vulnerability
CVE-2022-45320: Liferay Portal Vulnerability Allows Remote Authenticated Users to Gain Ownership of Wiki Pages
CVE-2023-52362: Critical Permission Management Vulnerability Found in Lock Screen Modules
CVE-2023-52387: Breaking Down the Resource Reuse Vulnerability in the GPU Module Affecting Service Confidentiality
CVE-2023-52097: Bypassing Foreground Service Restrictions in the NMS Module - Service Confidentiality At Risk!
CVE-2024-0020: Potential Information Disclosure via Confused Deputy in Android NotificationSoundPreference
CVE-2024-0041: Race Condition Vulnerability in removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, Leading to Local Escalation of Privilege
CVE-2024-0032: Exploiting Improper Input Validation in queryChildDocuments of FileSystemProvider.java for Directory Access and Local Privilege Escalation
CVE-2024-0034: Background Launch Process Controller Bug and BAL Bypass Exploit
CVE-2023-40113 - A Deep Dive into Cross-User Message Data Access Vulnerability and How to Mitigate It
CVE-2023-40115: Memory Corruption Vulnerability in readLogs of StatsService.cpp - Analysis, Exploits, and Prevention
CVE-2023-45286: Race Condition in Go-Resty Library Discloses HTTP Request Bodies Across Requests
CVE-2023-39325 - Mitigating Malicious HTTP/2 Client Attacks via Server Resource Consumption Limitation
CVE-2023-36922 - Unauthorized Command Injection in SAP NetWeaver ABAP (IS-OIL) due to Programming Error
CVE-2021-38561 The index calculation of golang.org/x/text before 0.3.7 is mishandled, causing an out-of-bounds read in BCP 47 tag parsing.
CVE-2021-44856 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1
CVE-2022-41767 An issue was found in MediaWiki before 1.35.8, 1.36.x, 1.37.x, and 1.38.x before 1.38.3.
CVE-2022-37706 Enlightenment before 0.25.4 is setuid root and has a system library function that mishandles pathnames that begin with /dev.
CVE-2022-42898 MIT Kerberos 5 has an integer overflow that may lead to remote code execution on 32-bit platforms.
CVE-2022-45197 Slixmpp before 1.8.3 lacks SSL Certificate hostname validation, which allows an attacker to pose as any server.
CVE-2022-42931 The password was saved by the Form Manager, not the password manager.
CVE-2022-42932 Memory safety bugs were found in Thunderbird 102.3.
CVE-2022-36319 Overflow and transform can interfere with each other, resulting in unpredictable mouse behavior.
CVE-2022-22754 An extension could have auto-updated itself and bypassed the prompt which grants it requested permissions.
CVE-2022-29918 Mozillla developers reported memory safety bugs in Firefox 99.
CVE-2022-36317 An overly long URL can cause a Denial of Service. This only applies to Firefox for Android.
CVE-2022-42930 If two Workers initialize CacheStorage, a data race could happen in ThirdPartyUtil
CVE-2022-2226 An OpenPGP digital signature includes the date when the signature was created. When displaying an email with a digital signature, the email's date will be shown.
CVE-2022-22738 An application could access out of bounds memory and cause a heap buffer overflow. This could be exploited to crash the application.
CVE-2022-22741 Resizing a popup while requesting fullscreen access would make it impossible to leave fullscreen mode.
CVE-2022-22744 The "Copy as curl" feature in DevTools isn't properly escaped for PowerShell. This could lead to command injection in a powershell prompt. This bug affects only Thunderbird for Windows.
CVE-2022-29911 An improper implementation of code>allow-top-navigation-by-user-activation/code> could lead to script execution without code>allow-scripts/code> being present.
CVE-2022-22748 Malicious websites could have confused Firefox into showing the wrong origin when asking to launch a program or handling an external URL protocol.
CVE-2022-29909 Documents in deeply-nested cross-origin browsing contexts could have gained the top-level origin's permissions, bypassing the prompt and possibly inheriting the permissions.
CVE-2022-45421 Mozilla developers Andrew McCreight and Gabriele Svelto found memory safety bugs in Thunderbird 102.4.
CVE-2022-34472 If a PAC URL is set and the server hosting the PAC is not reachable, OCSP requests will be blocked, resulting in incorrect error pages.
CVE-2022-45404 An attacker can go fullscreen through popups and code>window.print()/code> calls. This can lead to user confusion or spoofing attacks.
CVE-2022-1529 An attacker could have sent a message to the parent process and used the contents to double-index into a JavaScript object, leading to attacker-controlled JavaScript executing in the privileged parent process.
CVE-2022-38477 Firefox 103 and ESR 102.1 have memory safety bugs.
CVE-2022-36320 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-28282 Using a link rel="localization"> could lead to a use-after-free and potential exploitable crash.
CVE-2022-2505 Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 102
CVE-2022-34482 An attacker could trick a user to drag and drop an image to a filesystem to get an executable filename, which could contain malicious code.
CVE-2022-34478 The ms-msdt, search, and search-ms protocols bring content from browsers to Microsoft applications, avoiding the browser.
CVE-2022-42929 A browser may shut down if a site calls code>window.print()/code>, which may persist beyond browser restart.
CVE-2022-2200 An attacker can corrupt an object prototype to set undesired attributes, which can lead to privileged code execution.
CVE-2022-34480 An allocated pointer would be freed if one allocation fails.
CVE-2022-3034 An code>iframe/code> was specified in an HTML email, but Thunderbird didn't load the document.
CVE-2022-3033 An HTML email containing a code>meta/code> tag with the code>http-equiv="refresh"> attribute can be used to launch a DNS request and refresh the page. This can be used to launch a phishing attack.
CVE-2022-3032 An code>iframe/code> element with a code>srcdoc/code> attribute could use remote objects inside the nested document, which were not blocked.
CVE-2022-31736 A malicious website could have learned the size of a cross-origin resource.
CVE-2022-36318 When visiting directory listings for `chrome://` URLs as source text, some parameters were reflected
CVE-2022-31740 WASM code could cause a register allocation problem and exploitable crash on arm64.
CVE-2022-1802 An attacker could have corrupted the methods of an Array object to achieve execution of attacker-controlled code in a privileged context
CVE-2022-42928 An annotation missing in some allocated types could have lead to memory corruption and a crash.
CVE-2022-34479 A malicious website that shows a popup could take over the address bar and spoof users.
CVE-2022-42927 A same-origin policy violation could have allowed theft of cross-origin URL entries, leaking the result of a redirect.
CVE-2022-38472 XSLT error handling can be abused to associate attacker-controlled content with another origin. This could be used to fool the user into submitting data intended for the spoofed origin.
CVE-2022-38474 A website with microphone access could record audio without notification.
CVE-2022-0566 An attacker can write 1 byte outside of Thunderbird's bounds to exploit this vulnerability.
CVE-2022-28287 Text selection could cause text selection caching to behave incorrectly, causing a crash.
CVE-2022-3775 Grub2's font code doesn't validate if the glyph's width and height is in bitmap size.
CVE-2022-20691 The Cisco ATA 190 Series Adaptive Telephone Adapter has a vulnerability that could be exploited to cause a DoS condition.
CVE-2022-20687 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20689 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-20686 The LLDP functionality of Cisco ATA 190 Series Analog Telephone Adapters is vulnerable to remote code execution and could cause the devices to become accessible.
CVE-2022-20690 The Cisco ATA 190 Series Analog Telephone Adapter has memory corruption vulnerabilities that could allow an unauthenticated, adjacent attacker to cause the device to crash.
CVE-2022-33186 Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, and earlier versions have a vulnerability that could allow a remote unauthenticated attacker to execute commands on the switch that could disable the switch or modify Zoning.
CVE-2022-41622 BIG-IP and BIG-IQ are vulnerable to CSRF attacks through iControl SOAP.
CVE-2022-35256: Exploring the Vulnerability in Node v18.7.'s llhttp Parser and its Impact on HTTP Request Smuggling
CVE-2022-35260 - Curl Buffer Overflow in `.netrc` File Parsing Could Lead to Denial-of-Service
CVE-2022-4252 SourceCodester Canteen Management System has a vulnerability that is classified as problematic. The manipulation leads to cross site scripting.
CVE-2022-36431 An arbitrary file upload vulnerability in Rocket TRUfusion Enterprise before 7.9.6.1 allows unauthenticated attackers to execute arbitrary code.
CVE-2022-44294 The Sanitization Management System v1.0 is vulnerable to SQL Injection.
CVE-2022-36136 The latest version of the ChurchCRM XSS vulnerabilities allow attackers to store XSS.
CVE-2022-36137 CRM version 4.4.5 has XSS vulnerabilities that allow attackers to store XSS.
CVE-2022-41912 The crewjam/saml go library before version 0.4.9 is vulnerable to an authentication bypass when processing SAML responses containing multiple Assertion elements. This issue has been corrected in version 0.4.9.
CVE-2022-39332 Nextcloud desktop sync client with desktop client application, attacker can inject HTML.
CVE-2022-41158 Vulnerable code can be created with cookie values as file paths.
CVE-2022-40282 The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection
CVE-2022-45884 An issue was discovered in the Linux kernel through 6.0.9
CVE-2022-29825 An attacker can access sensitive information using an hard-coded password vulnerability in Mitsubishi Electric GX Works3 versions.
CVE-2022-44255 An overflow in the pre-authentication function of the TOTOLINK LR350 V9.3.5u.6369_B20220309 has been found.
CVE-2020-23591 An attacker can upload files through the " /mgm_dev_upgrade.asp " to delete all files for Denial of Service.
CVE-2022-44201 D-Link DIR823G 1.02B05 is vulnerable to Commad Injection.
CVE-2022-44806 D-Link DIR-882 1.10B02 and 1.20B06 is vulnerable to Buffer Overflow.
CVE-2022-44187 Netgear R7000P V1.3.0.8 is vulnerable to Buffer Overflow via wan_dns1_pri.
CVE-2022-2513 IEDs are stored in a cleartext form in Hitachi Energy's ConnPack, PCM600 versions below.
CVE-2022-41937 The XWiki Platform is a generic wiki platform that offers runtime services for applications built on it. The application allows anyone with view access to modify any page.
CVE-2022-41223 The Director database component of MiVoice Connect through 19.3 could be vulnerable to a code-injection attack.
CVE-2022-38097: Use-After-Free Vulnerability in Foxit Software's PDF Reader JavaScript Engine Puts Millions of Users at Risk
CVE-2022-45016 The XSS vulnerability in the WBCE CMS Search Settings module allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-4066 An issue was found in the function onion_response_flush of the file src/onion/response.c of the component Log Handler.
CVE-2022-4065 The cbeust testing tool has a critical vulnerability. The file testng-core/src/main/java/org/testng/JarFileUtils.java of the XML File Parser component has a vulnerability.
CVE-2022-31606 The NVIDIA GPU Display Driver has a vulnerability in the DxgkDdiEscape kernel mode handler that can allow an attacker with user capabilities to crash the system.
CVE-2022-31608 The NVIDIA GPU Display Driver has a vulnerability in D-Bus that a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, or escalation of privilege.
CVE-2022-42698 Unauth
CVE-2021-22141 An open redirect flaw was found in Kibana versions before 7.13.0 and 6.8.16
CVE-2021-37936 Kibana wasn't sanitizing document fields containing HTML, which allowed attackers to write arbitrary HTML.
CVE-2022-45163 An information disclosure vulnerability exists on NXP devices configured in SDP mode i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, and i.M.
CVE-2021-33621 cgi gem before 0.1.0.2, 0.2.x, and 0.3.x allows HTTP response splitting.
CVE-2022-41888 TensorFlow is an open source platform for machine learning. When using GPU, `tf.image.generate_bounding_box_proposals` receives a `scores` input that is not checked >
CVE-2022-41885 TensorFlow is an open source platform for machine learning. When `tf.raw_ops.FusedResizeAndPadConv2D` is given a large tensor, it overflows and is patched in GitHub commit d66e1d568275e6a2947de97dca7a102a211e01ce.
CVE-2022-41884 TensorFlow is an open source machine learning platform that can raise an error if a numpy array has a shape of one element with the others summing up to a large number.
CVE-2022-41880 TensorFlow is an open source machine learning platform. When the BaseCandidateSamplerOp function receives a value in true_classes larger than range_max, a heap oob read occurs.
CVE-2022-41908 TensorFlow is an open source platform for machine learning. An input token that is not a UTF-8 string will fail check in tf.raw_ops.PyFunc. We have patched the issue in GitHub commit 9f03a9d3bafe902c1e6beb105b2f24172f238645.
CVE-2022-41901 TensorFlow is an open source platform for machine learning. An input matrix with rank 0 will fail in "SparseMatrixNNZ"
CVE-2022-41781 Broken Access Control vulnerability in Permalink Manager Lite plugin <= 2.2.20 on WordPress.
CVE-2022-24038 Infraskope Security Event Manager has an unauthenticated access which could allow an unauthenticated attacker to damage the page where the agents are listed.
CVE-2022-24939 An invalid packet can cause a stack overflow in the ZNet stack.
CVE-2021-36905 Multiple Auth
CVE-2022-20428 An out of bounds write could lead to local escalation of privilege with System execution privileges.
CVE-2022-45066 Auth
CVE-2022-20427 There is a possible way to corrupt memory and gain System execution privileges in (TBD) of (TBD).
CVE-2022-39178 Webvendome's internal server IP is disclosed in a GET request.
CVE-2022-43457 SQL Injection in Delta Electronics DIAEnergie v1.9.02.001
CVE-2022-43332 An XSS vulnerability in Wondercms v3.3.4 allows attackers to inject arbitrary web script or HTML.
CVE-2022-44577 This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-43096 Mediatrix 4102 before v48.5.2718 allows local attackers to gain root access via the UART port.
CVE-2021-31608 Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
CVE-2022-42903 Zoho SupportCenter Plus allows low-privileged users to view the organization users list.
CVE-2022-43142 The add-fee.php component has an XSS vulnerability that can execute arbitrary web scripts, HTML files, or other dangerous content.
CVE-2022-41920 Lancet is a library for go that contains useful utility functions. An issue was found with zip fileutil, which is fixed in version 2.1.10 and 1.3.4.
CVE-2022-43140 The cn.keking.web.controller.OnlinePreviewController has a SSRF vulnerability.
CVE-2022-40751 UCD 6.2.7.0 through 7.2.3.1 may have a bug that allows an admin with "Manage Security" permissions to get files back.
CVE-2022-42893 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-42892 A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01)
CVE-2022-42954 Keyfactor EJBCA before 7.10.0 allows XSS.
CVE-2022-42982 NtripCaster 2.0.39 allows querying information over UDP without authentication. The NTRIP sourcetable is typically tens of kBs and can be requested with a packet of 30 bytes.
CVE-2022-42985 The ScratchLogin extension through 1.1 for MediaWiki does not escape verification failure messages, which allows users with administrator privileges to perform XSS attacks.
CVE-2022-40881 SolarWinds IoT Device Management contains a command injection vulnerability.
CVE-2021-38819 An SQL injection vulnerability exits on the Simple Image Gallery System 1.0 application through the "id" parameter.
CVE-2022-43781 An attacker with permission to control their username can exploit this issue to execute arbitrary code on the system.
CVE-2022-42960 EqualWeb Accessibility Widget 2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 3.0.0, 3.0.1, 3.0.2, 4.0.0, and 4.0.1 has DOM XSS due to improper validation of message events to accessibility.js
CVE-2022-44005 BACKCLICK Professional 5.9.63 has a vulnerability that can reveal subscribers' e-mail addresses if the newsletter sign-up functionality uses consecutive IDs.
CVE-2022-44002 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-43999 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-44007 An issue was discovered in BACKCLICK Professional 5.9.63
CVE-2022-39318 FreeRDP is a library for remote desktop protocol and clients, but affected versions don't have input validation. A malicious server can trick a client to crash with a division by zero.
CVE-2022-39319 - Critical Vulnerability in FreeRDP Library's `urbdrc` Channel and How to Mitigate
CVE-2022-41877 FreeRDP is a library for remote desktop protocol, affected versions have input length validation in `drive` channel missing.
CVE-2022-39320 FreeRDP is a library for remote desktop protocol and clients. An affected version may attempt integer addition on too narrow types and allocate a buffer too small holding the data written.
CVE-2022-39383 KubeVela is an application delivery platform. Users using the VelaUX API could be affected by this vulnerability.
CVE-2022-44069 Zenario CMS 9.3.57186 is vulnerable to Cross Site Scripting (XSS) via the Nest library module.
CVE-2022-43262 The Human Resource Management System v1.0 had a SQL injection vulnerability in the password parameter.
CVE-2022-43264 - Directory Traversal and Arbitrary File Download Vulnerability in Arobas Music Guitar Pro for iPad and iPhone before v1.10.2
CVE-2022-4018 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41917 OpenSearch is a community-driven open source fork of Elasticsearch and Kibana that allows users to specify a local file.
CVE-2022-3920 Consul and Consul Enterprise 1.13.0 to 1.13.3 do not filter out nodes and services that are used for the UI.
CVE-2022-41918 OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana
CVE-2022-29276 AhciBusDxe has SMI vulnerabilities, which lead to SMRAM corruption. This was discovered by Insyde during security review.
CVE-2022-4006 A vulnerability in WBCE CMS is the function increase_attempts of the file wbce/framework/class.login.php of the component Header Handler.
CVE-2022-30768 Stored XSS flaw in ZoneMinder 1.36.12 allows Admin users to execute arbitrary HTML or JavaScript when they logout.
CVE-2022-38201 Esri Portal for ArcGIS Quick Capture Web Designer has an unvalidated redirect vulnerability.
CVE-2022-30771 The initialization function in PnpSmm could lead to SMRAM corruption when using subsequent PNP SMI functions.
CVE-2022-38385 The IBM Cloud Pak for Security 1.10.0.0 through 1.10.2.0 could be exploited by an authenticated user to obtain sensitive information or perform unauthorized actions.
CVE-2022-42785 Multiple W&T products of the ComServer Series are prone to an authentication bypass
CVE-2022-20943 Multiple vulnerabilities in the SMB2 processor of the Snort detection engine could allow an unauthenticated, remote attacker to bypass the configured policies or cause a DoS.
CVE-2022-20949 The management web server of Cisco Firepower Threat Defense could be exploited by an authenticated, remote attacker with high privileges.
CVE-2022-29275 Untrusted input may allow SMRAM or OS memory tampering Use of untrusted pointers could allow OS or SMRAM memory tampering and lead to escalation of privileges. This issue was discovered by Insyde during security review.
CVE-2022-20940 An vulnerability in Cisco Firepower Threat Defense could allow an attacker to gain access to sensitive information.
CVE-2022-20839 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20935 An attacker could conduct a stored XSS attack against users of the FMC interface.
CVE-2022-20941 The web-based management interface of Cisco Firepower could be vulnerable to an unauthenticated, remote attacker who could access sensitive information.
CVE-2022-27895 Foundry was vulnerable to log files being captured due to an issue in earlier versions.
CVE-2022-45387 The Jenkins BART Plugin 1.0.3 and earlier does not escape the content of build logs before rendering it on the UI, resulting in a XSS vulnerability.
CVE-2022-45391 Jenkins NS-ND Integration Performance Plugin 4.8.0.143 and earlier disables SSL/TLS certificate and hostname validation for the entire Jenkins controller JVM.
CVE-2022-45382 Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds, resulting in a stored XSS vulnerabi l. This can be exploited by attackers who can edit build display name.
CVE-2022-45399 An permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics.
CVE-2022-45390 An error in the Jenkins loader.io plugin 1.0.1 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs.
CVE-2022-45394 An attacker with Item/Read permission can delete build logs.
CVE-2022-45380 Jenkins JUnit Plugin converted HTTP(S) URLs to clickable links which were unsafe, resulting in a XSS vulnerability that is exploitable by attackers with Item/Configure permission.
CVE-2022-42001 BlueSpiceBookshelf extension allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-3958 BlueSpiceUserSidebar extension has XSS flaw that allows user with regular account and edit permissions to inject arbitrary HTML.
CVE-2022-41814 BlueSpiceFoundation extension allows user with regular account and edit permissions to inject arbitrary HTML into the history view of a wikipage.
CVE-2022-42000 BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage.
CVE-2022-3895 UI components aren't sanitizing output and are prone to XSS.
CVE-2022-41611 An XSS vulnerability in the BlueSpiceDiscovery skin of BlueSpice allows user with admin privileges to inject arbitrary HTML.
CVE-2022-3480 An attacker could cause a denial-of-service of PHOENIX CONTACT FL MGUARD and TC MGUARD devices below version 8.9.0 by sending more unauthenticated HTTPS connections from different source IP's.
CVE-2022-25742 Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server.
CVE-2022-25667 The Snapdragon Wired Infrastructure and Networking component handles ICMP requests improperly, which exposes information disclosure.
CVE-2022-25674 Cryptographic issues in WPA/WPA2 group key handshake in Snapdragon Consumer, Industrial, and Voice & Music.
CVE-2022-33237 Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold
CVE-2022-25743: Memory Corruption in Graphics due to Use-After-Free while Importing Graphics Buffer in Various Snapdragon Components
CVE-2022-42053 An AC1200 router was found to have a command injection vulnerability in the setPortMapping function.
CVE-2022-41395 An AC1200 router with a command injection vulnerability was discovered. The vulnerable function is setDMZ.
CVE-2022-42058 The Tenda AC1200 router model W15Ev2 V15.11.0.10(1576) had a stack overflow vulnerability.
CVE-2022-40844 An issue with Tenda's W15Ev2 AC1200 router's applications' filtering tab allows an attacker to execute JavaScript code via the URL.
CVE-2022-41396 An AC 1200 W15Ev2 router was found to have multiple command injection vulnerabilities in the function setIPsecTunnelList.
CVE-2022-42129 An IDOR vulnerability in the Liferay Portal DXP and 7.3-7.4 modules allows remote attackers to view and access form entries.
CVE-2022-42126 The Asset Libraries module in Liferay Portal 7.3.5 through 7.4.3.28, and Liferay DXP 7.3 before update 8 and 7.4 before update 29 doesn't properly check permissions, which allows remote attackers to view asset libraries.
CVE-2022-42111 An XSS vulnerability in Liferay Portal's user notification module allows attackers to inject arbitrary web script or HTML.
CVE-2022-33986 DMA attacks on the SMI handler's parameter buffer could lead to a TOCTOU attack.
CVE-2022-33909 DMA transactions used by the HddPassword software SMI handler could cause SMRAM corruption.
CVE-2022-33983 DMA transactions used for NvmExpressLegacy software could cause SMRAM corruption.
CVE-2022-33906 DMA transactions that are used by FwBlockServiceSmm software SMI handler could cause SMRAM corruption.
CVE-2022-43690 In CMS below 8.5.10, the legacy_salt function was not compared strictly, allowing authentication bypass if used.
CVE-2022-43030 An RCE vulnerability was found in SIYUCMS, a content management system.
CVE-2022-40903 Aiphone GT-DMB-N 3-in-1 Video Entrance Station with NFC Reader 1.0.3 doesn't mitigate failed access attempts, which allows attackers to gain admin privileges.
CVE-2022-40735 The Diffie-Hellman Key Agreement Protocol allows use of long exponents that can be expensive when using short exponents.
CVE-2022-33982 DMA attacks on the Int15ServiceSmm parameter buffer could lead to a TOCTOU attack on the SMI handler and lead to SMRAM corruption.
CVE-2022-43686 In Concrete CMS, the authTypeConcreteCookieMap table can be filled up causing a denial of service.
CVE-2022-43968 Reflected XSS was found in 9.0.0-9.1.2 versions of Concrete CMS below 8.5.10 and between dashboard icons.
CVE-2022-43294 Tasmota was found to have a stack overflow in ClientPortPtr at lib/libesp32/rtsp/CRtspSession.cpp.
CVE-2022-41913 Discourse-calendar adds calendar functionality to the first post of a topic.
CVE-2022-3362 Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0.
CVE-2022-43295 XPDF v4.04 had a stack overflow vulnerability in the function FileStream::copy().
CVE-2022-37109 Camp Fuller is vulnerable to Incorrect Access Control.
CVE-2022-44389 EyouCMS V1.5.9-UTF8-SP1 was found to have a Cross Site Request Forgery vulnerability in the Edit Admin Profile module.
CVE-2022-34320 IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow attackers to decrypt sensitive information.
CVE-2022-44390 An XSS vulnerability in EyouCMS V1.5.9-UTF8-SP1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43694 CMS below 8.5.10 and between 9.0.0 and 9.1.2 is vulnerable to Reflected XSS due to un-sanitized output.
CVE-2022-34313 IBM CICS TX 11.1 doesn't set the secure attribute on authorization tokens or session cookies. This makes it easier for attackers to get the cookie values or send a http:// link to a user and plant the link.
CVE-2022-43342 An XSS vulnerability in Eramba GRC Software c2.8.1's Add function allows attackers to inject arbitrary web scripts or HTML.
CVE-2022-3484 The WPB Show Core plugin through TODO does not sanitise and escape a parameter, which can lead to Reflected Cross-Site Scripting.
CVE-2022-3469 The WP Attachments plugin before 5.0.5 has an unsafe setting that could allow high-privilege users to do Stored Cross-site Scripting.
CVE-2022-45183 Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID.
CVE-2022-3979 NagVis up to 1.9.33 is vulnerable to a problem in the function checkAuthCookie of the file share/server/core/classes/CoreLogonMultisite.php. This could lead to an authentication bypass.
CVE-2022-3978 A vulnerability was found in NodeBB up to 2.5.7, which can be exploited to make remote requests forgery.
CVE-2022-3976 An exploit has been found in MZ Automation 1.4 and classified as critical. This vulnerability affects MMS File Services.
CVE-2022-3974 A critical vulnerability was found in Axiomatic Bento4. The affected function is AP4_StdcFileByteStream::ReadPartial of the mp4info component.
CVE-2022-3975 A vulnerability in NukeViet CMS's Data URL Handler is the function filterAttr. It's affected by the issue.
CVE-2022-3965 An issue was found in ffmpeg's smc_encode_stream function. This vulnerability affects the QuickTime Graphics Video Encoder component.
CVE-2022-3963 An issue was found in gnuboard5, a component of FAQ Key ID Handler. The fm_id argument can be manipulated to perform a cross-site scripting attack.
CVE-2022-45196 An attacker can cause a denial of service by sending a crafted Fabric 2.3 channel tx with the same name.
CVE-2022-45195 The key derivation function in SimpleXMQ before 3.4.0 is not applied to data, which can impact forward secrecy and if there is a compromise of a single private key.
CVE-2022-38651 An attacker can exploit a security filter misconfiguration in VMware Hyperic Server 5.8.6 to bypass authentication requirements.
CVE-2022-41339 In MDM Plus, user privileges can be escalated.
CVE-2022-41905 WebDAV server WSGI is vulnerable to XSS attacks, which has been patched in version 4.1.0.
CVE-2022-45182 Pi-Star_DV_Dash (for Pi-Star DV) before 5aa194d mishandles the module parameter.
CVE-2022-41906 OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc.
CVE-2021-33064 An uncontrolled search path in the software installer for Intel System Studio may allow for privilege escalation.
CVE-2022-26367 Buffer restrictions in Intel XMM 7560 modem software before M2_7560_R_01.2146.00 may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-29515 Memory release in Intel SPS firmware may be exploited to cause denial of service.
CVE-2022-30548 An attacker can control a local search path element to escalate privilege.
CVE-2021-33159 An improper authentication in subsystem may allow privilege escalation.
CVE-2022-27499 The Intel(R) SGX SDK premature release may allow a privileged user to potentially enable information disclosure.
CVE-2021-33164 An improper BIOS access control may allow a privileged user to enable escalation of privilege via local access.
CVE-2022-29486 The Intel Hyperscan library had buffer restrictions that could be abused by an unauthenticated user. This could lead to privilege escalation.
CVE-2022-26508 Inauthentic authentication in the SDP Tool may allow disclosure of information via network access.
CVE-2022-33176 In BIOS firmware for some Intel NUC 11 Performance kits and mini PCs, improper input validation may allow a privileged user to enable escalation of privilege via local access.
CVE-2021-0185 In early Intel Server Board M10JNP Family firmware, improper input validation may allow a privileged user to enable an escalation of privilege.
CVE-2022-40981 Remote Access Server 4.5.0 and earlier is vulnerable to malicious file upload.
CVE-2022-3703 The ETIC Telecom RAS 4.5.0 and earlier is vulnerable to accepting malicious firmware packages that could provide a backdoor to an attacker and privilege escalation.
CVE-2022-42460 An access control vulnerability in the Traffic Manager plugin = 1.4.5 on WordPress allows for XSS.
CVE-2022-43679 OwnCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless.
CVE-2022-41879 Parse Server is an open source backend that runs on Node.js.
CVE-2022-39392 Wasmtime's pooling allocator has a bug when the allocator is configured to give WebAssembly instances 0 pages of memory.
CVE-2022-39393 Wasmtime is a standalone runtime for WebAssembly
CVE-2021-40226 xpdfreader 4.03 is vulnerable to Buffer Overflow.
CVE-2022-36022 Deeplearning4J is a suite of tools for deploying and training deep learning models using the JVM
CVE-2022-45063 In older versions of tmux, there was a font operation vulnerability that allowed command execution. This is no longer the case.
CVE-2022-39038 Agentflow BPM enterprise management system has improper authentication
CVE-2022-39037 Agentflow BPM file download function has a path traversal vulnerability
CVE-2022-38119 - UPSMON Pro Login Function Vulnerability: Insufficient Authentication Exploit
CVE-2022-42786 Multiple W&T Products of the ComServer Series are prone to an XSS attack
CVE-2022-3819: GitLab Improper Authorization in Emoji Reactions Leads to Unauthorized Access to Internal Notes
CVE-2022-3818: Uncontrolled Resource Consumption Puts GitLab Instances at Risk
CVE-2022-3706 - Vulnerability in GitLab CE/EE Allows Unauthorized Users to Take Ownership of Retried Jobs in Upstream Pipelines
CVE-2022-39307 Grafana is an open-source monitoring platform. The password forgotten page sends a POST request to the /api/user/password/sent-reset-email URL.
CVE-2022-3486 An open redirect vulnerability in GitLab EE/CE older than 15.3.5, 15.4.4, and 15.5.2 allows attackers to redirect users to an arbitrary location if they trust the URL.
CVE-2022-39887 An access control vulnerability in MiscPolicy prior to SMR Nov-2022 Release 1 allows a local attacker to configure EDM settings.
CVE-2022-41047 Microsoft ODBC Driver Remote Code Execution Vulnerability
CVE-2022-39881 In-bound SIB12 PDU can be read out of bounds memory in Exynos modems prior to SMR Sep-2022 release.
CVE-2022-39890 In Samsung Billing 5.0.56.0, improper authorization allows attacker to get sensitive information.
CVE-2022-29836 In 2018, a Path Traversal vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi devices. This could allow attackers to abuse certain parameters to access the device's files.
CVE-2022-31685 VMware Workspace ONE Assist prior to 22.10 contains an Authentication Bypass vulnerability
CVE-2022-27674 An attacker may be able to bypass bounds checks and crash the Windows kernel, resulting in denial of service.
CVE-2022-44550 The graphics display module has a UAF vulnerability when traversing graphic layers
CVE-2022-44552 The lock screen module has defects introduced in the design process
CVE-2022-31687 VMware Workspace ONE Assist prior to 22.10 contains a Broken Access Control vulnerability
CVE-2022-27673 Inadequate access controls in the AMD Link Android app may result in information disclosure.
CVE-2022-44560 The launcher module has an Intent redirection vulnerability
CVE-2022-44561 The preset launcher module has a permission verification vulnerability
CVE-2022-31688 Assist prior to 22.10 contains a Reflected XSS vulnerability.
CVE-2022-25932 InHand Networks InRouter302 V3.5.45 fixes TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete
CVE-2022-43118 An XSS vulnerability in flatCore-CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-43119 An XSS vulnerability in Clansphere CMS v2011.4 allows attackers to execute arbitrary web scripts or HTML.
CVE-2021-34567 WAGO I/O-Check Service can be abused to send malicious packets and provoke a denial of service and an out-of-bounds read.
CVE-2021-34568 In WAGO I/O-Check Service, an unauthenticated remote attacker can send a packet to cause a denial of service.
CVE-2021-34566 An attacker can send a malicious packet to crash the iocheck process and write memory to DoS WAGO I/O-Check Service.
CVE-2021-34569 In WAGO I/O-Check Service, an attacker can crash the diagnostic tool and write memory.
CVE-2022-43320 FeehiCMS v2.1.1 has a reflected XSS vulnerability via the id parameter.
CVE-2022-39328 Grafana is an open-source platform for monitoring and observability
CVE-2022-41214 An attacker with high privileges can delete a file which is otherwise restricted.
CVE-2022-3821 An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c
CVE-2021-1050 In MMU_UnmapPages of the PowerVR kernel driver, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20462 phNxpNciHal has an out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2022-20446: The Android Vulnerability That Allows Unwanted Access to Your Microphone
CVE-2022-26446 Modem 4G RRC has a possible system crash due to improper input validation. This could lead to remote denial of service.
CVE-2022-32618 In typec, there is a possible out-of-bounds write due to an incorrect calculation of buffer size, which could lead to local escalation of privilege, with no additional execution privileges needed.
CVE-2022-33322 Mitsubishi Electric products contain cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform a MITM attack and inject malicious script codes.
CVE-2022-44316 PicoC 3.2.2 had a buffer overflow in the LexGetStringConstant function when called from LexScanGetToken.
CVE-2022-44314 PicoC 3.2.2 had a buffer overflow in the StringStrncpy function in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44315 PicoC Version 3.2.2 had a heap buffer overflow in ExpressionAssign when called from ExpressionParseFunctionCall.
CVE-2022-44318 PicoC Version 3.2.2 had a buffer overflow in cstdlib/string.c when called from ExpressionParseFunctionCall.
CVE-2022-44320 PicoC Version 3.2.2 had a buffer overflow in ExpressionCoerceFP in expression.c when called from ExpressionParseFunctionCall.
CVE-2022-43397: Critical Vulnerability in Parasolid Library Leads to Potential Code Execution
CVE-2022-41432 The EyesOfNetwork web interface had a reflected XSS vulnerability.
CVE-2022-41433 The EyesOfNetwork Web Interface v5.3 had a reflected XSS vulnerability.
CVE-2022-41434 The EyesOfNetwork Web Interface v5.3 has an XSS vulnerability.
CVE-2022-43359 Gifdec commit 1dcbae19363597314f6623010cc80abad4e47f7c had an out-of-bounds read in the function read_image_data.
CVE-2022-3878 A critical vulnerability has been found in Maxon ERP. Manipulation of the argument tb_search leads to sql injection.
CVE-2022-44048 The d8s-urls for python included a backdoor inserted by a third party. This is the democritus-domains package.
CVE-2022-43319 An information disclosure vulnerability in the component vcs/downloadFiles.php of Simple E-Learning System v1.0 allows attackers to read arbitrary files.
CVE-2022-44050
CVE-2022-44795 Object First 1.0.7.712 has a Web Service flaw that could lead to local information disclosure. The command that creates the support bundle's URL uses an insecure RNG.
CVE-2022-44796 Object First's authorization service has a flow that allows getting access to the Web UI without knowing credentials.
CVE-2022-44797 For older versions of lnd and other Bitcoin-related products, forgets to check witness size.
CVE-2022-44793 Net-SNMP 5.4.3 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to cause the instance to crash.
CVE-2022-44792 Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker to crash the instance.
CVE-2022-42905 WOLFSSL before 5.5.2 had a potential buffer over-read issue if callback functions were enabled.
CVE-2022-37710 Dental Eaglesoft 21 has AES-256 encryption with key backup/retrieval or DbEncryptKeyPrimary > Encryption Key.
CVE-2022-44544 Ghostscript could potentially be exploited to trigger a remote shell. This is the case if the site is running on Ubuntu and the flag -dSAFER isn't set.
CVE-2022-42707 Mahara 21.04, 21.10, 22.04, and 22.10 has embedded images accessible without a sufficient permission check if certain conditions are met.
CVE-2022-38660 HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability
CVE-2022-41669 An improper verification of cryptographic signature vulnerability exists in the SGIUtility component. This could lead to the execution of malicious code if a malicious DLL is loaded.
CVE-2022-41667 An adversary with local user privileges can load a malicious DLL to execute malicious code. This is a CWE-22 vulnerability.
CVE-2022-42743 deep-parse-json version 1.0.2 allows an external attacker to edit or add new properties to an object
CVE-2022-42746 The 3.0.0 version of the CandidATS API allows an attacker to steal cookies of arbitrary users.
CVE-2022-42749 An attacker in the 'page' of the 'ajax.php' resource can steal cookies of other users.
CVE-2022-43102 Tenda AC23 V16.03.07.45_cn had a stack overflow vulnerability that could be exploited via the timeZone parameter in fromSetSysTime.
CVE-2022-44624 In JetBrains TeamCity before 2022.10, password parameters with special characters could be exposed in the build log.
CVE-2022-43101: Exploring the Stack Overflow Vulnerability in Tenda AC23 V16.03.07.45_cn
CVE-2022-43106: Tenda AC23 Router Stack Overflow Vulnerability in setSchedWifi Function - Exploit Details, Affected Models, and Mitigation Measures
CVE-2022-41435 An open source router's SSH keys vulnerability contains XSS.
CVE-2021-46853 Before 2.25, an attack on LIST or LSUB can cause a denial of service.
CVE-2022-24936 GBL parser out-of-bounds error allows attacker to overwrite flash Sign key and OTA decryption key.
CVE-2022-39353 Xmldom is a standard-based XML DOM parser and serializer module.
CVE-2022-43239 Discovered that the Lide265 v1.0.8 had a heap buffer overflow vulnerability.
CVE-2022-38380 An access control vulnerability in FortiOS 7.2 and earlier may allow a remote read-only user to modify the interface settings via the API.
CVE-2022-26122 FortiGate versions prior to 6.4.274 and FortiClient, FortiMail may have insufficient data authenticity verification, which may allow attackers to bypass the AV engine.
CVE-2022-26730: Memory Corruption Issue in ICC Profile Processing Leads to Arbitrary Code Execution in macOS Ventura 13
CVE-2022-32862: A Deep Dive Into macOS Root Privilege Exploitation and How Improved Data Protection Resolved It
CVE-2022-3602 - Buffer Overflow Vulnerability in X.509 Certificate Verification within OpenSSL
CVE-2022-42312 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42311 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2022-42318 Guests can cause xenstored to allocate vast amounts of memory and eventually crash.
CVE-2020-36605 Inappropriate default permissions allow attackers to run malicious code on the Hitachi AI Analytics Advisor, Ops Center Analyzer, and Ops Center Viewpoint components.
CVE-2022-40289 The application was vulnerable to Stored XSS and could be used to escalate privileges or compromise accounts.
CVE-2022-39016 Injection in PDFtron allows attackers to takeover user account.
CVE-2022-40294 An application was found to have a CSV injection vulnerability, allowing malicious code to be embedded in exported data.
CVE-2022-39018 PDFtron data in M-Files Hubshare before 3.3.11.3 was accessed by unauthenticated attackers if they know the URL.
CVE-2022-41688 SEI's Device Master versions 00.00.01a and earlier lack proper authentication for user group functions.
CVE-2022-41629 The 00.00.01a versions of the Device Master from DEI allow unauthenticated users to access the endpoint, which could allow an attacker to retrieve any file from the "RunningConfigs" directory.
CVE-2022-31692 An earlier version of Spring Security was vulnerable to authorization rule bypass. END>
CVE-2021-40241 - xfig 3.2.7 Buffer Overflow Vulnerability in `LoadFIG` Function
CVE-2022-3770 An critical vulnerability was found in Yunjing CMS. The file /index/user/upload_img.html can be manipulated to upload files without restrictions. The attack can be initiated remotely.
CVE-2022-40617 The strongSwan revocation plugin can be compromised when an attacker sends a crafted end-entity certificate that contains a CRL/OCSP URL pointing to a controlled server.
CVE-2022-41974: A Deep Dive into Multipath-Tools Privilege Escalation Exploit
CVE-2022-42916: Security Vulnerability in Curl, HSTS Check Bypassed to Use HTTP Instead of HTTPS
CVE-2022-2826 An issue has been discovered in GitLab starting from 10.0 before 12.9.8, 12.10 before 12.10.7, 13.0 before 13.0.1.
CVE-2022-41648 The HEROS 5.08.3 controller is vulnerable to improper authentication, which may allow an attacker to deny service to the production line or steal sensitive data.
CVE-2022-43165 An XSS vulnerability in the Global Variables feature of Rukovoditel v3.2.1 allows attackers to execute arbitrary web scripts or HTML.
CVE-2022-37426 File upload with OpenNebula's core on Linux can be disabled by injection of harmful file content.
CVE-2022-3697 amazon.aws flaw: amazon.aws uses tower_callback parameter from amazon.aws.ec2_instance module when using amazon.aws collection.
CVE-2022-39367 The QTIWorks Engine allows users to upload content packages as ZIP files before version 1.0-beta15.
CVE-2022-2882 An issue has been found in GitLab CE/EE prior to 15.3.4, 15.4.1, and 12.6.5.1.
CVE-2022-3730 A critical vulnerability was found in seccome Ehoney. The manipulated Payload argument leads to sql injection.
CVE-2022-0072 - Directory Traversal vulnerability in LiteSpeed Technologies OpenLiteSpeed Web Server Dashboard allows Path Traversal in Multiple Versions
CVE-2022-42055 - Multiple Command Injection Vulnerabilities in GL.iNet GoodCloud IoT Device Management System
CVE-2022-3725 An OPUS protocol crash in Wireshark 3.6.0 to 3.6.8 allows denial of service.
CVE-2022-40184 JavaScript code in the video jet multi 4000 web interface is not being filtered properly, allowing an attacker with admin credentials to store code and execute it for all admins.
CVE-2021-45476 Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability.
CVE-2022-3705 An issue was found in vim's qf_update_buffer function, which is used for the quickfix autocmd handler. This vulnerability allows for use after free.
CVE-2022-39286 Jupyter Core is a package for core common functionality of Jupyter projects. Jupyter Core contains an arbitrary code execution vulnerability in jupyter_core that stems from jupyter_core executing untrusted files in CWD.
CVE-2022-20933 The vulnerability in Cisco AnyConnect VPN server could cause a DoS on an affected device.
CVE-2022-20954 Cisco TelePresence Collaboration Endpoint (CE) and RoomOS Software could be vulnerable to path traversal, sensitive data viewing, and write arbitrary files attacks.
CVE-2022-43749 In Synology Presto File Server before 2.1.2-1601, improper privilege management can be bypassed via unspecified vectors.
CVE-2022-33182 Brocade Fabric OS CLI privilege escalation vulnerability could let a local user escalate their privileges to root using 'supportlink' and 'firmwaredownload' commands.
CVE-2022-38181 An Arm product family through 2022. GPU kernel driver allows non-privileged users to make improper GPU processing operations to gain access to already freed memory.
CVE-2022-27912 An issue was discovered in Joomla! 4.0.0 through 4.2.3
CVE-2022-31468 An attacker can XSS the OX App Suite through 8.2 when a client uses the len or off parameter.
CVE-2022-39322 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js
CVE-2022-33204 Abode Systems Inc. iota All-In-One Security Kit 6.9X and 6.9Z has 2 command injection vulnerabilities. An attacker can execute commands on the system
CVE-2022-39349 The Tasks.org app uses the ShareLinkActivity to handle to-do lists and reminders.
CVE-2022-3391 The Retain Live Chat plugin doesn't sanitise its settings, which could allow high privilege users to perform stored XSS attacks.
CVE-2022-35876 There are 3 format string vulnerabilities in the XCMD testWifiAP functionality of the Abode Systems, Inc. iota All-In-One Security Kit.
CVE-2022-34845 An update vulnerability exists in Robustel R1510's sysupgrade functionality. A specially crafted packet can lead to arbitrary firmware update.
CVE-2022-39836 COVESA dlt-daemon through 2.18.8 has a file parser bug that can be exploited to crash the process.
CVE-2022-39342 OpenFGA is an authorization/permission engine. Versions prior to v0.2.4 are vulnerable to authorization bypass under certain conditions
CVE-2022-35268 Web_server hashFirst vulnerability can lead to denial of service.
CVE-2022-27804 - Uncovering an OS Command Injection Vulnerability in Abode Systems iota All-In-One Security Kit
CVE-2022-43677 In free5GC 3.2.1, an index-out-of-range panic in aper.GetBitString can crash the AMF and NGAP decoders.
CVE-2021-44769 An input validation vulnerability in TLS certificate generation can cause a DoS condition. This is mitigated by a factory reset.
CVE-2021-44467 An access control vulnerability in spx_restservice's KillDupUsr_func function allows an attacker to terminate active sessions of other users. This causes a DoS condition.
CVE-2022-39313 Parse Server is an open source backend that runs on Node.js.
CVE-2021-45925 An attacker can guess legitimate user names registered in the BMC.
CVE-2022-40690 An attacker can inject arbitrary scripts in BookStack versions prior to v22.09.
CVE-2021-42010 Heron versions 0.20.4 incubated with CRLF injection vulnerability.
CVE-2021-26733 The FirstReset_handler_func function in spx_restservice has a broken access control vulnerability that allows an attacker to send reboot commands and cause a DoS.
CVE-2021-26729 Injection and buffer overflow vulnerabilities in the Login_handler_func function of spx_restservice allows attacker to execute arbitrary code with server user privileges.
CVE-2021-26727 Injection flaws in SubNet_handler_func allow attacker to execute code with root privileges.
CVE-2021-26730: Uncovering a Stack-Based Buffer Overflow Vulnerability in Lanner IAC-AST250A Firmware
CVE-2022-39272: Denial of Service Vulnerability in Flux Prior to Version .35.
CVE-2020-5355 Dell Isilon versions 8.2.2 and earlier SSHD process improperly allows TCP and stream forwarding.
CVE-2022-34438 Dell PowerScale OneFS versions 8.2.x-9.4.0 contain a privilege context switching error. A local authenticated malicious user with high privileges could potentially exploit this vulnerability, leading to system compromise.
CVE-2022-31239 Dell PowerScale OneFS versions 9.0.0 to 9.1.0.19, 9.2.1.12, and 9.3.0.6 have a sensitive data in log files vulnerability.
CVE-2022-34437 Dell PowerScale OneFS versions 8.2.2-9.3 have an OS command injection vulnerability that a malicious local user can exploit to compromise the system.
CVE-2022-3646 A vulnerability was found in the Linux kernel, which affects the function nilfs_attach_log_writer of BPF component. The manipulation leads to memory leak.
CVE-2022-1059 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3597 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemcpy that can be used to cause a denial of service. Attackers can exploit this vulnerability to cause a DoS.
CVE-2022-3570 In libtiff library 4.4.0, heap buffer overflows could lead to application crash, potential information disclosure.
CVE-2022-3598 Script in LibTIFF 4.4.0 has an out-of-bounds write, allowing attackers to cause a denial-of-service.
CVE-2022-3626 LibTIFF 4.4.0 has a buffer overflow in _TIFFmemset that can be exploited by attackers to cause a denial-of-service.
CVE-2022-3599 LibTIFF 4.4.0 has an out-of-bounds read in writeSingleSection, which can be used to cause a denial-of-service.
CVE-2022-3627 libTIFF 4.4.0 has an out-of-bounds write in _TIFFmemcpy when called from extractImageSection, tools/tiffcrop.c:6860, allowing attackers to cause a denial-of-service.
CVE-2022-42944 Malicious .dwf or .pct file could lead to memory corruption vulnerability by read access violation.
CVE-2022-3639 A DOS vulnerability was discovered in GitLab CE/EE affecting versions 10.8-15.3.
CVE-2022-1066 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-1070 TUG server versions before 24 are affected by an unauthenticated attacker who can access hashed user credentials.
CVE-2022-3642 A vulnerability in the Linux Kernel affects the function rtl8188f_spur_calibration of the Wireless component.
CVE-2022-43400 V2022 R2 has a vulnerability. V22.2a>
CVE-2022-3633 A problem with the function j1939_session_destroy of the IPsec component net/can/j1939/transport.c leads to a memory leak.
CVE-2021-42553 An attacker can exploit a buffer overflow vulnerability in stm32_mw_usb_host of STMicroelectronics to execute arbitrary code.
CVE-2022-37454 Keccak XKCP SHA3 has an integer overflow and buffer overflow that allows attackers to execute arbitrary code or eliminate cryptographic properties.
CVE-2022-3624 An issue with the IPsec function rlb_arp_xmit was found and is considered problematic. The vulnerability causes a memory leak.
CVE-2022-3629 A vulnerability was found in the IPsec component of Linux Kernel. It's been declared as problematic due to memory leak.
CVE-2022-3630 A vulnerability was found in IPsec that leads to memory leak.
CVE-2022-36958 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-36957 SolarWinds Platform was susceptible to the Deserialization of Untrusted Data
CVE-2022-39823 An issue was discovered in Softing OPC UA C++ SDK 5.66 through 6.x before 6.10
CVE-2022-37453 An issue was discovered in Softing OPC UA C++ SDK before 6.10
CVE-2022-36966 Node Management users had access to all nodes due to an Insufficient control on URL parameter causing IDOR vulnerability in SolarWinds Platform.
CVE-2022-3621 A vulnerability was found in the Linux kernel. It is considered problematic due to the function nilfs_bmap_lookup_at_level of the file fs/nilfs2/inode. The manipulation leads to a null pointer dereference.
CVE-2022-3623 A vulnerability was found in the Linux Kernel. It is problematic due to a race condition.
CVE-2022-3620 Vulnerability in Exim was found, it's a dmarc_dns_lookup issue. Remote attack is possible.
CVE-2022-3577 An out-of-bounds memory write flaw was found in the Kid-friendly Wired Controller driver. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVE-2022-2069 The APDFL.dll in Siemens JT2Go V13.3.0.5 and Siemens Teamcenter Visualization V14.0.0.2 contains a heap-based write that wrote past the buffer.
CVE-2022-42233 Tenda 11N with firmware version V5.07.33_cn suffers from an Authentication Bypass vulnerability.
CVE-2022-42344 Adobe Commerce versions 2.4.3-p2, 2.3.7-p3, and 2.4.4 are affected by a validation vulnerability.
CVE-2022-42176 Hard-coded admin panel access in PCTechSoft PCSecure V5.0.8.xw using use of Hard-coded Credentials.
CVE-2022-42200 The Exam Reviewer Management System v1.0 is vulnerable to Stored XSS.
CVE-2022-42198 The User List function suffers from insecure file upload in Simple Exam Reviewer Management System v1.0.
CVE-2022-26954 Multiple open redirect vulnerabilities in NopCommerce 4.10 through 4.50.1 allow attackers to conduct phishing attacks. The ChangePassword function is affected.
CVE-2021-33231 EasyVista Service Manager 2018.1.181.1 has an XSS vulnerability that allows attackers to run arbitrary code.
CVE-2022-37298 Shinken Monitoring 2.4.3 is vulnerable to Incorrect Access Control.
CVE-2022-37598 Prototype pollution vulnerability in ast.js with the name variable in UglifyJS 3.13.2.
CVE-2022-27624 A memory buffer vulnerability affects OOB Management packet decryption.
CVE-2022-27626 Vulnerability found in session processing of OOB management.
CVE-2022-27625 An issue with memory buffer operations, OOB Management, is found.
CVE-2022-3327 Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6
CVE-2022-41743 Before R27 P1 and R26 P1, the ngx_http_hls_module has a vulnerability that might allow a local attacker to corrupt NGINX worker memory, resulting in its crash or potential other impact.
CVE-2022-36795 LTM TCP profile with Auto Receive Window enabled on a virtual server can be vulnerable to undisclosed traffic. This can lead to a vulnerability.
CVE-2022-41780 An directory traversal vulnerability in F5OS-A and F5OS-C before 1.4.0 allows attackers to read arbitrary files.
CVE-2022-41787 DNS Express is enabled on a virtual server with DNS profile and undisclosed DNS queries can be sent to the internal DNS. This might lead to information disclosure. END>
CVE-2022-41770 An authenticated iControl REST user can increase memory consumption.
CVE-2022-41983 Hardware platforms on BIG-IP versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.7, 14.1.x before 14.1.5.1, and 13.1.x can have undisclosed conditions when Intel QAT and AES-GCM/CCM are used.
CVE-2022-41833 An iRule containing the HTTP::collect command can cause TMM to terminate.
CVE-2022-41832 An undisclosed message can cause an increase in memory consumption in BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x when a SIP profile is configured on a virtual server.
CVE-2022-31684 Reactor Netty HTTP Server may log request headers in some cases of invalid HTTP requests. This may reveal valid access tokens to those with access to server logs.
CVE-2022-41806 An undisclosed request can cause an increase in memory resource utilization when BIG-IP AFM Network Address Translation with IPv6/IPv4 translation rules is configured on a virtual server.
CVE-2022-41836 An 'Attack Signature False Positive Mode' on a virtual server can cause the bd process to terminate.
CVE-2022-41694 An SSL key was imported on a BIG-IP or BIG-IQ system, but undisclosed input was used. This could lead to a security vulnerability.
CVE-2022-41691 When a BIG-IP Advanced WAF/ASM security policy is configured, undisclosed requests can cause the bd process to terminate.
CVE-2022-41624 Unclosed traffic can cause an increase in memory resou END> The BIG-IP versions 17.0.x, 16.1.x, 15.1.x, 14.1.x, and 13.1.x have undisclosed traffic that can cause an increase in memory resou.
CVE-2022-38107 Sensitive information could be displayed when a detailed technical error message is posted
CVE-2022-41813 Traffic Management Microkernel (TMM) can terminate when a certain input is provided to PEM or AFM module in certain versions of BIG-IP.
CVE-2022-43024 Tenda TX3 US_TX3V1.0 was discovered to have a stack overflow vulnerability with the list parameter.
CVE-2022-43026 Tenda TX3 US_TX3V1.0 br_V16.03.13.11_multi_TDE01 contains a stack overflow via the endIp parameter.
CVE-2022-43027 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 was discovered to have a stack overflow via the firewallEn parameter.
CVE-2022-43029 Tenda TX3 US_TX3V1.0br_V16.03.13.11_multi_TDE01 stack overflow was discovered via the time parameter.
CVE-2013-4253 The deployment script in the unsupported "OpenShift Extras" add-on scripts installs a default public key in the root user's authorized_keys file.
CVE-2013-4281 In Red Hat Openshift 1, the /etc/openshift/server_priv.pem file has weak default permissions, which could allow users with local access to read it.
CVE-2022-1523 An earlier version of Fuji Electric D300win is vulnerable to a write-what-where condition, which could allow an attacker to manipulate the flow of information.
CVE-2022-43016 OpenCATS v0.9.6 had a XSS vulnerability in the callback component.
CVE-2022-23241 Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock enabled are vulnerable to an authenticated remote attack which could allow arbitrary modification or deletion of WORM data.
CVE-2022-2805 An otapi-style flaw in ovirt-engine can log passwords in the log file.
CVE-2022-41707 An attacker can access data of any user of the Messenger application.
Notag posts