Vulnerabilities

Vulnerabilities

  

CVE-2022-31738 | Mozilla Firefox up to 100 Fullscreen state issue (Bug 1756388)

A vulnerability was found in Mozilla Firefox up to 100. It has been classified as critical. This affects an unknown

  

CVE-2022-31737 | Mozilla Firefox up to 100 WebGL out-of-bounds write (Bug 1743767)

A vulnerability was found in Mozilla Firefox up to 100 and classified as critical. Affected by this issue is some

  

CVE-2022-31739 | Mozilla Firefox up to 100 on Windows Download escape output (Bug 1765049)

A vulnerability was found in Mozilla Firefox up to 100. It has been declared as critical. This vulnerability affects unknown

  

CVE-2022-31744 | Mozilla Firefox up to 100 CSS Remote Code Execution (Bug 1757604)

A vulnerability, which was classified as critical, was found in Mozilla Firefox up to 100. This affects an unknown part

  

CVE-2022-31743 | Mozilla Firefox up to 100 HTML Comment escape output (Bug 1747388)

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 100. Affected by this issue

  

CVE-2022-31742 | Mozilla Firefox up to 100 allowCredential Entry unknown vulnerability (Bug 1730434)

A vulnerability classified as critical was found in Mozilla Firefox up to 100. Affected by this vulnerability is an unknown

  

CVE-2022-31741 | Mozilla Firefox up to 100 CMS Message memory corruption (Bug 1767590)

A vulnerability classified as problematic has been found in Mozilla Firefox up to 100. Affected is an unknown function of

  

CVE-2022-31740 | Mozilla Firefox up to 100 on ARM64 WASM allocation of resources (Bug 1766806)

A vulnerability was found in Mozilla Firefox up to 100. It has been rated as problematic. This issue affects some

  

CVE-2022-31748 | Mozilla Firefox up to 100 memory corruption

A vulnerability was found in Mozilla Firefox up to 100. It has been declared as critical. Affected by this vulnerability

  

CVE-2022-31747 | Mozilla Firefox up to 100 memory corruption

A vulnerability was found in Mozilla Firefox up to 100. It has been classified as critical. Affected is an unknown

  

CVE-2022-1919 | Mozilla Firefox up to 100 webp Image uninitialized pointer (Bug 1761275)

A vulnerability was found in Mozilla Firefox up to 100 and classified as problematic. This issue affects some unknown processing

  

CVE-2022-31745 | Mozilla Firefox up to 100 Garbage Collector denial of service (Bug 1760944)

A vulnerability has been found in Mozilla Firefox up to 100 and classified as problematic. This vulnerability affects unknown code

  

CVE-2022-31740 | Mozilla Thunderbird up to 91.9 allocation of resources (Bug 1766806)

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 91.9. Affected is an unknown function.

  

CVE-2022-31739 | Mozilla Thunderbird up to 91.9 escape output (Bug 1765049)

A vulnerability, which was classified as critical, has been found in Mozilla Thunderbird up to 91.9. This issue affects some

  

CVE-2022-31738 | Mozilla Thunderbird up to 91.9 Fullscreen Mode state issue (Bug 1756388)

A vulnerability classified as critical was found in Mozilla Thunderbird up to 91.9. This vulnerability affects unknown code of the

  

CVE-2022-31737 | Mozilla Thunderbird up to 91.9 WebGL out-of-bounds write (Bug 1743767)

A vulnerability classified as critical has been found in Mozilla Thunderbird up to 91.9. This affects an unknown part of

  

CVE-2022-31736 | Mozilla Thunderbird up to 91.9 unknown vulnerability (Bug 1735923)

A vulnerability was found in Mozilla Thunderbird up to 91.9. It has been rated as problematic. Affected by this issue

  

CVE-2022-31741 | Mozilla Thunderbird up to 91.9 memory corruption (Bug 1767590)

A vulnerability has been found in Mozilla Thunderbird up to 91.9 and classified as critical. Affected by this vulnerability is

  

CVE-2022-31742 | Mozilla Thunderbird up to 91.9 unknown vulnerability (Bug 1730434)

A vulnerability was found in Mozilla Thunderbird up to 91.9. It has been classified as critical. This affects an unknown

  

CVE-2022-1834 | Mozilla Thunderbird up to 91.9 certificate validation (Bug 1767816)

A vulnerability was found in Mozilla Thunderbird up to 91.9 and classified as critical. Affected by this issue is some

  

CVE-2022-28281 | Mozilla Firefox up to 98 WebAuthN Extension out-of-bounds write (Bug 1755621)

A vulnerability was found in Mozilla Firefox up to 98 and classified as critical. Affected by this issue is some

  

CVE-2022-1097 | Mozilla Firefox up to 98 NSSToken Object use after free (Bug 1745667)

A vulnerability has been found in Mozilla Firefox up to 98 and classified as critical. Affected by this vulnerability is

  

CVE-2022-28287 | Mozilla Firefox up to 98 Select Text denial of service (Bug 1741515)

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 98. Affected by this issue

  

CVE-2022-28286 | Mozilla Firefox up to 98 access control (Bug 1735265)

A vulnerability classified as problematic was found in Mozilla Firefox up to 98. Affected by this vulnerability is an unknown

  

CVE-2022-28285 | Mozilla Firefox up to 98 JIT Code MLoadTypedArrayElementHole out-of-bounds (Bug 1756957)

A vulnerability classified as problematic has been found in Mozilla Firefox up to 98. Affected is the function MLoadTypedArrayElementHole of

  

CVE-2022-28284 | Mozilla Firefox up to 98 SVG cross site scripting (Bug 1754522)

A vulnerability was found in Mozilla Firefox up to 98. It has been rated as problematic. This issue affects some

  

CVE-2022-28283 | Mozilla Firefox up to 98 DevTools access control (Bug 1754066)

A vulnerability was found in Mozilla Firefox up to 98. It has been declared as problematic. This vulnerability affects unknown

  

CVE-2022-28282 | Mozilla Firefox up to 98 rel use after free (Bug 1751609)

A vulnerability was found in Mozilla Firefox up to 98. It has been classified as problematic. This affects an unknown

  

CVE-2022-1097 | Mozilla Thunderbird up to 91.7 NSSToken Object use after free (Bug 1745667)

A vulnerability was found in Mozilla Thunderbird up to 91.7. It has been classified as critical. Affected is an unknown

  

CVE-2022-28288 | Mozilla Firefox up to 98 memory corruption

A vulnerability was found in Mozilla Firefox up to 98 and classified as critical. This issue affects some unknown processing.

  

CVE-2022-28289 | Mozilla Firefox up to 98 memory corruption

A vulnerability has been found in Mozilla Firefox up to 98 and classified as critical. This vulnerability affects unknown code.

  

CVE-2022-24713 | Mozilla Firefox up to 98 Rust Regex Crate incorrect regex (Bug 1758509)

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 98. This affects an unknown part

  

CVE-2022-1197 | Mozilla Thunderbird up to 91.7 OpenPGP Key state issue (Bug 1754985)

A vulnerability was found in Mozilla Thunderbird up to 91.7. It has been rated as problematic. Affected by this issue

  

CVE-2022-28281 | Mozilla Thunderbird up to 91.7 WebAuthN Extension out-of-bounds write (Bug 1755621)

A vulnerability was found in Mozilla Thunderbird up to 91.7. It has been declared as critical. Affected by this vulnerability

  

CVE-2022-28285 | Mozilla Thunderbird up to 91.7 JIT Code MLoadTypedArrayElementHole out-of-bounds (Bug 1756957)

A vulnerability, which was classified as problematic, has been found in Mozilla Thunderbird up to 91.7. This issue affects the

  

CVE-2022-28282 | Mozilla Thunderbird up to 91.7 rel use after free (Bug 1751609)

A vulnerability classified as problematic was found in Mozilla Thunderbird up to 91.7. This vulnerability affects unknown code of the

  

CVE-2022-1196 | Mozilla Thunderbird up to 91.7 VR Process use after free (Bug 1750679)

A vulnerability classified as problematic has been found in Mozilla Thunderbird up to 91.7. This affects an unknown part of

  

CVE-2022-28289 | Mozilla Thunderbird up to 91.7 memory corruption

A vulnerability was found in Mozilla Thunderbird up to 91.7 and classified as critical. Affected by this issue is some

  

CVE-2022-24713 | Mozilla Thunderbird up to 91.7 Rust Regex Crate incorrect regex (Bug 1758509)

A vulnerability has been found in Mozilla Thunderbird up to 91.7 and classified as problematic. Affected by this vulnerability is

  

CVE-2022-28286 | Mozilla Thunderbird up to 91.7 iFrame access control (Bug 1735265)

A vulnerability, which was classified as problematic, was found in Mozilla Thunderbird up to 91.7. Affected is an unknown function

  

CVE-2022-2778

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.National Vulnerability DatabaseRead

  

Fedora 36: bash 2022-4ff296fe8e

Add a null check in parameter_brace_transform() functionLinuxSecurity – Security AdvisoriesRead More

  

Fedora 37: bash 2022-bf387ff344

Add a null check in parameter_brace_transform() functionLinuxSecurity – Security AdvisoriesRead More

  

Debian LTS: DLA-3126-1: libsndfile security update

An issue has been found in libsndfile, a library for reading/writing audio files.LinuxSecurity – Security AdvisoriesRead More

  

Debian LTS: DLA-3125-1: libvncserver security update

Two issues have been found in libvncserver, a library to write one’s own VNC server.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2022-39226

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10

  

CVE-2022-36066

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10

  

CVE-2022-39232

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can

  

CVE-2022-40472

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows

  

CVE-2022-36068

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10

  

CVE-2022-41828

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class

  

CVE-2022-3364

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.National Vulnerability DatabaseRead More

  

SUSE: 2022:3471-1 important: krb5-appl

An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2022-33880

hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.National Vulnerability DatabaseRead More

  

CVE-2022-39266

isolated-vm is a library for nodejs which gives the user access to v8’s Isolate interface. In versions 4.3.6 and prior,

  

CVE-2022-35137

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.National Vulnerability DatabaseRead More

  

CVE-2022-40879

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter ‘errorMsg.’National Vulnerability DatabaseRead More

  

CVE-2022-29503

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead

  

CVE-2022-29504

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate

  

CVE-2022-40931

dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).National Vulnerability DatabaseRead More

  

CVE-2022-39168

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.National Vulnerability

  

Joomla AdsManager 3.2.0 SQL Injection

Topic: Joomla AdsManager 3.2.0 SQL Injection Risk: Medium Text:…CXSECURITY Database RSS Feed – CXSecurity.comRead More

  

Bus Pass Management System 1.0 Cross Site Scripting

Topic: Bus Pass Management System 1.0 Cross Site Scripting Risk: Low Text:# Exploit Title: Bus Pass Management System 1.0 –

  

CVE-2022-40887

SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.National Vulnerability DatabaseRead More

  

Joomla EDocman 1.23.3 Cross Site Scripting

Topic: Joomla EDocman 1.23.3 Cross Site Scripting Risk: Low Text:…CXSECURITY Database RSS Feed – CXSecurity.comRead More

  

Online Examination System 1.0 Cross Site Scripting

Topic: Online Examination System 1.0 Cross Site Scripting Risk: Low Text:# Exploit Title: Online Examination System – Cross site scripting

  

qdPM 9.1 Authenticated Shell Upload

Topic: qdPM 9.1 Authenticated Shell Upload Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-…CXSECURITY Database

  

CVE-2022-39252

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to

  

CVE-2022-38732

SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that

  

CVE-2022-26384 | Mozilla Firefox up to 97 Javascript sandbox (Bug 1744352)

A vulnerability was found in Mozilla Firefox up to 97. It has been rated as critical. This issue affects some

  

CVE-2022-26383 | Mozilla Firefox up to 97 Fullscreen Mode Remote Code Execution (Bug 1742421)

A vulnerability was found in Mozilla Firefox up to 97. It has been declared as critical. This vulnerability affects unknown

  

CVE-2022-0566 | Mozilla Thunderbird up to 91.6.0 Email out-of-bounds write (Bug 1753094)

A vulnerability was found in Mozilla Thunderbird up to 91.6.0. It has been classified as critical. This affects an unknown

  

CVE-2022-39254

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users

  

CVE-2022-26382 | Mozilla Firefox up to 97 Autofill Tooltip observable behavioral discrepancy (Bug 1741888)

A vulnerability, which was classified as problematic, has been found in Mozilla Firefox up to 97. Affected by this issue

  

CVE-2022-26381 | Mozilla Firefox up to 97 SVG Object use after free (Bug 1736243)

A vulnerability classified as problematic was found in Mozilla Firefox up to 97. Affected by this vulnerability is an unknown

  

CVE-2022-26387 | Mozilla Firefox up to 97 Add-On Signature certificate validation (Bug 1752979)

A vulnerability classified as problematic has been found in Mozilla Firefox up to 97. Affected is an unknown function of

  

CVE-2022-26384 | Mozilla Thunderbird up to 91.6 iFrame sandbox (Bug 1744352)

A vulnerability was found in Mozilla Thunderbird up to 91.6. It has been classified as critical. Affected is an unknown

  

CVE-2022-26383 | Mozilla Thunderbird up to 91.6 Fullscreen Mode Remote Code Execution (Bug 1742421)

A vulnerability was found in Mozilla Thunderbird up to 91.6 and classified as critical. This issue affects some unknown processing

  

CVE-2022-0843 | Mozilla Firefox up to 97 memory corruption

A vulnerability has been found in Mozilla Firefox up to 97 and classified as critical. This vulnerability affects unknown code.

  

CVE-2022-26385 | Mozilla Firefox up to 97 Thread use after free (Bug 1747526)

A vulnerability, which was classified as problematic, was found in Mozilla Firefox up to 97. This affects an unknown part

  

CVE-2022-26381 | Mozilla Thunderbird up to 91.6 SVG Object use after free (Bug 1736243)

A vulnerability was found in Mozilla Thunderbird up to 91.6. It has been rated as problematic. Affected by this issue

  

CVE-2022-26387 | Mozilla Thunderbird up to 91.6 Add-On Signature certificate validation (Bug 1752979)

A vulnerability was found in Mozilla Thunderbird up to 91.6. It has been declared as problematic. Affected by this vulnerability

  

CVE-2022-26386 | Mozilla Thunderbird up to 91.6 on Linux/macOS temp file (Bug 1752396)

A vulnerability classified as critical has been found in Mozilla Thunderbird up to 91.6. This affects an unknown part. The

  

Hitachi Energy MicroSCADA Pro X SYS600_8DBD000106

This advisory contains mitigations for Improper Input Validation, Improper Privilege Management, Improper Access Control, and Improper Handling of Unexpected Data

  

Hitachi Energy MicroSCADA Pro X SYS600_8DBD000107

This advisory contains mitigations for NULL Pointer Dereference and Infinite Loop vulnerabilities in Hitachi Energy MicroSCADA Pro/X SYS600 products.CISA ICS

  

CVE-2022-22756 | Mozilla Thunderbird up to 91.5 Remote Code Execution (Bug 1317873)

A vulnerability, which was classified as critical, was found in Mozilla Thunderbird up to 91.5. This affects an unknown part.

  

CVE-2022-22754 | Mozilla Thunderbird up to 91.5 Extension permission (Bug 1750565)

A vulnerability, which was classified as critical, has been found in Mozilla Thunderbird up to 91.5. Affected by this issue

  

CVE-2022-22753 | Mozilla Thunderbird up to 91.5 Maintenance Service toctou (Bug 1732435)

A vulnerability classified as very critical was found in Mozilla Thunderbird up to 91.5. Affected by this vulnerability is an

  

Delta Electronics DOPSoft (Update B)

This updated advisory is a follow-up to the advisory update titled ICSA-21-184-04 Delta Electronics DOPSoft (Update A) that was published

  

CVE-2022-22761 | Mozilla Thunderbird up to 91.5 Content Security Policy access control (Bug 1745566)

A vulnerability was found in Mozilla Thunderbird up to 91.5. It has been classified as critical. Affected is an unknown

  

CVE-2022-22760 | Mozilla Thunderbird up to 91.5 Web Worker information exposure (Bug 1740985)

A vulnerability was found in Mozilla Thunderbird up to 91.5 and classified as problematic. This issue affects some unknown processing

  

CVE-2022-22759 | Mozilla Thunderbird up to 91.5 Javascript sandbox (Bug 1739957)

A vulnerability has been found in Mozilla Thunderbird up to 91.5 and classified as critical. This vulnerability affects unknown code

  

CVE-2022-40126 | Clash for Windows 0.19.9 Service Mode access control (ID 3405)

A vulnerability classified as critical was found in Clash for Windows 0.19.9. This vulnerability affects unknown code of the component

  

CVE-2022-39250 | matrix-js-sdk up to 19.6.x Verification key exchange without entity authentication (GHSA-5w8r-8pgj-5jmf)

A vulnerability classified as critical has been found in matrix-js-sdk up to 19.6.x. This affects an unknown part of the

  

CVE-2022-22764 | Mozilla Thunderbird up to 91.5 memory corruption

A vulnerability was found in Mozilla Thunderbird up to 91.5. It has been rated as critical. Affected by this issue

  

CVE-2022-22763 | Mozilla Thunderbird up to 91.5 Worker access control (Bug 1740534)

A vulnerability was found in Mozilla Thunderbird up to 91.5. It has been declared as critical. Affected by this vulnerability

  

CVE-2022-3352 | vim prior 9.0.0614 use after free

A vulnerability, which was classified as critical, was found in vim. Affected is an unknown function. The manipulation leads to

  

CVE-2022-40475 | TOTOLINK A860R 4.1.2cu.5182_B20201027 downloadFile.cgi command injection

A vulnerability, which was classified as critical, has been found in TOTOLINK A860R 4.1.2cu.5182_B20201027. This issue affects some unknown processing

  

CVE-2022-40363 | Flipper Zero up to 0.65.1 NFC File nfc_device_load_mifare_ul_data buffer overflow

A vulnerability has been found in Flipper Zero up to 0.65.1 and classified as problematic. Affected by this vulnerability is

  

CVE-2022-40890 | Open5GS up to 2.4.10 AMF /src/amf/amf-context.c denial of service

A vulnerability was found in Open5GS up to 2.4.10 and classified as problematic. Affected by this issue is some unknown