Vulnerabilities

  

CVE-2022-26532

A argument injection vulnerability in the ‘packet-trace’ CLI command of Zyxel USG/ZyWALL series firmware versions 4.09 through 4.71, USG FLEX

  

CVE-2022-1840

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects

  

CVE-2022-1839

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php.

  

SUSE: 2022:1150-1 suse/rmt-mariadb Security Update>

The container suse/rmt-mariadb was updated. The following patches have been included in this update:LinuxSecurity – Security AdvisoriesRead More

  

CVE-2022-1838

A vulnerability classified as critical has been found in Home Clean Services Management System 1.0. This affects an unknown part

  

SUSE: 2022:1151-1 suse/rmt-server Security Update>

The container suse/rmt-server was updated. The following patches have been included in this update:LinuxSecurity – Security AdvisoriesRead More

  

CVE-2022-29377 | TOTOLINK A3600R 4.1.2cu.5182_B20201102 infostat.cgi fread CONTENT_LENGTH stack-based overflow

A vulnerability has been found in TOTOLINK A3600R 4.1.2cu.5182_B20201102 and classified as critical. Affected by this vulnerability is the function

  

CVE-2022-1467 | AVEVA InTouch Access Anywhere on Windows Language Bar exposure of resource (icsa-22-130-05)

A vulnerability, which was classified as critical, was found in AVEVA InTouch Access Anywhere and Plant SCADA Access Anywhere. Affected

  

CVE-2022-29309 | mysiteforme 2.2.1 server-side request forgery (ID 43)

A vulnerability was found in mysiteforme 2.2.1. It has been classified as critical. This affects an unknown part. The manipulation

  

CVE-2022-29305 | imgurl 2.31 /upload/localhost sql injection (ID 75)

A vulnerability was found in imgurl 2.31 and classified as critical. Affected by this issue is some unknown functionality of

  

CVE-2022-28999 | Dev-CPP 4.9.9.2 devcpp.exe permission

A vulnerability was found in Dev-CPP 4.9.9.2. It has been declared as critical. This vulnerability affects unknown code of the

  

CVE-2022-31263 | Mastodon up to 3.4.x Email app/models/user.rb access control

A vulnerability classified as critical has been found in Mastodon up to 3.4.x. Affected is an unknown function of the

  

CVE-2022-0910 | ZyXEL USG/ZyWALL Two-Factor Authentication improper authentication

A vulnerability was found in ZyXEL USG and ZyWALL. It has been rated as critical. This issue affects some unknown

  

CVE-2022-30017 | SourceCodester Rescue Dispatch Management System 1.0 cross site scripting

A vulnerability, which was classified as problematic, has been found in SourceCodester Rescue Dispatch Management System 1.0. Affected by this

  

CVE-2022-30016 | SourceCodester Rescue Dispatch Management System 1.0 admin/ access control

A vulnerability classified as critical was found in SourceCodester Rescue Dispatch Management System 1.0. Affected by this vulnerability is an

  

CVE-2022-30014 | Lumidek Simple Food Website 1.0 cross-site request forgery

A vulnerability has been found in Lumidek Simple Food Website 1.0 and classified as problematic. This vulnerability affects unknown code.

  

CVE-2022-0734 | ZyXEL USG/ZyWALL CGI Program cross site scripting

A vulnerability, which was classified as problematic, was found in ZyXEL USG and ZyWALL. This affects an unknown part of

  

CVE-2021-42233 | WonderCMS 3.4.1 Simple Blog Plugin cross site scripting

A vulnerability was found in WonderCMS 3.4.1. It has been classified as problematic. Affected is an unknown function of the

  

CVE-2022-29002 | XXL-Job 2.3.0 /gaia-job-admin/user/add cross-site request forgery (ID 2821)

A vulnerability was found in XXL-Job 2.3.0 and classified as problematic. This issue affects some unknown processing of the file

  

CVE-2022-1840 | Home Clean Services Management System 1.0 register.php cross site scripting

A vulnerability, which was classified as problematic, has been found in Home Clean Services Management System 1.0. This issue affects

  

CVE-2022-29004 | Diary Management System 1.0 search-result.php Name cross site scripting

A vulnerability has been found in Diary Management System 1.0 and classified as problematic. Affected by this vulnerability is an

  

CVE-2022-1819 | Student Information System 1.0 Student Roll Module admin/ cross site scripting

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is an unknown function of

  

CVE-2022-31488 | Inout Blockchain AltExchanger 1.2.1 update_marketboxslider marketcurrency sql injection

A vulnerability was found in Inout Blockchain AltExchanger 1.2.1. It has been classified as critical. This affects an unknown part

  

CVE-2022-31487 | Inout Blockchain AltExchanger master.php symbol sql injection

A vulnerability was found in Inout Blockchain AltExchanger and Inout Blockchain FiatExchanger and classified as critical. Affected by this issue

  

CVE-2022-31489 | Inout Blockchain AltExchanger 1.2.1 index.php/home/about cookie sql injection

A vulnerability was found in Inout Blockchain AltExchanger 1.2.1. It has been declared as critical. This vulnerability affects unknown code

  

CVE-2022-29005 | Online Birth Certificate System 1.2 /obcs/user/profile.php fname/lname cross site scripting

A vulnerability classified as problematic has been found in Online Birth Certificate System 1.2. Affected is an unknown function of

  

CVE-2022-20821 | Cisco IOS XR 7.3.3 Health Check access control (cisco-sa-iosxr-redis-ABJyE5xK)

A vulnerability was found in Cisco IOS XR 7.3.3. It has been rated as critical. This issue affects some unknown

  

CVE-2021-32941 | Annke N48PBB up to 3.4.106 Build 200422 stack-based overflow (icsa-21-238-02)

A vulnerability, which was classified as very critical, has been found in Annke N48PBB up to 3.4.106 Build 200422. Affected

  

CVE-2022-30015 | SourceCodester Simple Food Website 1.0/127.0.0.1 all_users.php Full Username cross site scripting

A vulnerability classified as problematic was found in SourceCodester Simple Food Website 1.0/127.0.0.1. Affected by this vulnerability is an unknown

  

CVE-2022-28944 | EMCO Products Installation code download

A vulnerability, which was classified as problematic, was found in EMCO Products. This affects an unknown part of the component

  

CVE-2022-28932 | D-Link DSL-G2452DG 2.00 permission

A vulnerability has been found in D-Link DSL-G2452DG 2.00 and classified as critical. This vulnerability affects unknown code. The manipulation

  

CVE-2022-0910

Latest articles about FirmwareRead More

  

CVE-2021-32935 | Cognex In-Sight OPC Server up to 5.7.4 deserialization (icsa-21-224-01)

A vulnerability was found in Cognex In-Sight OPC Server up to 5.7.4. It has been classified as critical. Affected is

  

CVE-2022-29376 | Xampp up to 8.1.4 on Windows Installation default permission

A vulnerability was found in Xampp up to 8.1.4 and classified as critical. This issue affects some unknown processing of

  

CVE-2021-41714 | Tipask up to 3.5.8 Attachment path information disclosure

A vulnerability was found in Tipask up to 3.5.8. It has been rated as problematic. Affected by this issue is

  

CVE-2021-32958 | Claroty Secure Remote Access Site 3.0/3.1/3.2 Command Line Interface authentication bypass (icsa-21-180-06)

A vulnerability was found in Claroty Secure Remote Access Site 3.0/3.1/3.2. It has been declared as critical. Affected by this

  

CVE-2022-31466 | Quick Heal Total Security prior 12.1.1.27 toctou

A vulnerability classified as critical was found in Quick Heal Total Security. This vulnerability affects unknown code. The manipulation leads

  

CVE-2022-1811 | publify up to 9.2.8 unrestricted upload

A vulnerability classified as critical has been found in publify up to 9.2.8. This affects an unknown part. The manipulation

  

CVE-2022-31467 | Quick Heal Total Security prior 12.1.1.27 Installation uncontrolled search path

A vulnerability, which was classified as critical, has been found in Quick Heal Total Security. This issue affects some unknown

  

CVE-2022-1837 | Home Clean Services Management System 1.0 register.php unrestricted upload

A vulnerability was found in Home Clean Services Management System 1.0. It has been rated as critical. Affected by this

  

Fedora 34: curl 2022-8277bef335>

– fix too eager reuse of TLS and SSH connections (CVE-2022-27782) —- – fix credential leak on redirect (CVE-2022-27774) –

  

Ubuntu 5438-1: HTMLDOC vulnerability>

HTMLDOC could be made to crash or run programs if it received specially crafted HTML files.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2021-32958

Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions 3.0 through 3.2 allows an attacker with

  

Ubuntu 5437-1: libXfixes vulnerability>

libXfixes could be made to crash or run programs if it received specially crafted input.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2022-31487

Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.National Vulnerability DatabaseRead More

  

CVE-2022-1467

Windows OS can be configured to overlay a “language bar� on top of any application. When this OS functionality is

  

CVE-2022-31489

Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.National Vulnerability DatabaseRead More

  

CVE-2022-31488

Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.National Vulnerability DatabaseRead More

  

CVE-2022-29002

A Cross-Site Request Forgery (CSRF) in XXL-Job v2.3.0 allows attackers to arbitrarily create administrator accounts via the component /gaia-job-admin/user/add.National Vulnerability

  

CVE-2022-28999

Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the

  

CVE-2022-29376

Xampp for Windows v8.1.4 and below was discovered to contain insecure permissions for its install directory, allowing attackers to execute

  

CVE-2022-30015

In Simple Food Website 1.0, a moderation can put the Cross Site Scripting Payload in any of the fields on

  

CVE-2021-32935

The affected Cognex product, the In-Sight OPC Server versions v5.7.4 (96) and prior, deserializes untrusted data, which could allow a

  

CVE-2022-28944

Certain EMCO Software products are affected by: CWE-494: Download of Code Without Integrity Check. This affects MSI Package Builder for

  

CVE-2022-31466

Quick Heal Total Security before 12.1.1.27 has a TOCTOU race condition that leads to privilege escalation. It may follow a

  

CVE-2021-32941

Annke N48PBB (Network Video Recorder) products of version 3.4.106 build 200422 and prior are vulnerable to a stack-based buffer overflow,

  

CVE-2022-31467

Quick Heal Total Security before 12.1.1.27 allows DLL hijacking during installation.National Vulnerability DatabaseRead More

  

CVE-2021-42233

The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a

  

Ubuntu 5436-1: libXrender vulnerabilities>

Several security issues were fixed in libXrender.LinuxSecurity – Security AdvisoriesRead More

  

SUSE: 2022:1818-1 important: MozillaFirefox>

An update that fixes two vulnerabilities is now available.LinuxSecurity – Security AdvisoriesRead More

  

SUSE: 2022:1815-1 important: slurm_20_11>

An update that fixes two vulnerabilities is now available.LinuxSecurity – Security AdvisoriesRead More

  

SUSE: 2022:1796-1 important: the Linux Kernel (Live Patch 29 for SLE 12 SP5)>

An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More

  

SUSE: 2022:1819-1 moderate: python-requests>

An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More

  

SUSE: 2022:1817-1 important: rsyslog>

An update that fixes one vulnerability is now available.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2022-1811

Unrestricted Upload of File with Dangerous Type in GitHub repository publify/publify prior to 9.2.9.National Vulnerability DatabaseRead More

  

CVE-2021-41714

In Tipask < 3.5.9, path parameters entered by the user are not validated when downloading attachments, a registered user can

  

CVE-2022-30014

Lumidek Associates Simple Food Website 1.0 is vulnerable to Cross Site Request Forgery (CSRF) which allows anyone to takeover admin/moderater

  

CVE-2022-28932

D-Link DSL-G2452DG HW:T1\tFW:ME_2.00 was discovered to contain insecure permissions.National Vulnerability DatabaseRead More

  

CVE-2022-29004

Diary Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Name parameter in search-result.php.National Vulnerability

  

CVE-2022-30017

Rescue Dispatch Management System 1.0 suffers from Stored XSS, leading to admin account takeover via cookie stealing.National Vulnerability DatabaseRead More

  

CVE-2022-29005

Multiple cross-site scripting (XSS) vulnerabilities in the component /obcs/user/profile.php of Online Birth Certificate System v1.2 allows attackers to execute arbitrary

  

CVE-2022-30016

Rescue Dispatch Management System 1.0 is vulnerable to Incorrect Access Control via http://localhost/rdms/admin/?page=system_info.National Vulnerability DatabaseRead More

  

CVE-2022-28998 | Xlight FTP 3.9.3.2 stack-based overflow (ID 166381)

A vulnerability has been found in Xlight FTP 3.9.3.2 and classified as critical. This vulnerability affects unknown code. The manipulation

  

Ubuntu 5432-1: libpng vulnerabilities>

Several security issues were fixed in libpng.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2022-0900 | DivvyDrive aciklama cross site scripting (tr-22-0375)

A vulnerability was found in DivvyDrive. It has been classified as problematic. Affected is an unknown function. The manipulation of

  

CVE-2022-1810 | publify up to 9.2.8 access control

A vulnerability was found in publify up to 9.2.8 and classified as critical. This issue affects some unknown processing. The

  

CVE-2022-28997 | CSZCMS 1.3.0 server-side request forgery (ID 166613)

A vulnerability was found in CSZCMS 1.3.0. It has been declared as critical. Affected by this vulnerability is an unknown

  

Ubuntu 5435-1: Thunderbird vulnerabilities>

Several security issues were fixed in Thunderbird.LinuxSecurity – Security AdvisoriesRead More

  

Ubuntu 5434-1: Firefox vulnerabilities>

Firefox could be made to execute JavaScript in a privileged context if it opened a malicious website.LinuxSecurity – Security AdvisoriesRead

  

CVE-2022-28997

CSZCMS v1.3.0 allows attackers to execute a Server-Side Request Forgery (SSRF) which can be leveraged to leak sensitive data via

  

CVE-2022-28998

Xlight FTP v3.9.3.2 was discovered to contain a stack-based buffer overflow which allows attackers to leak sensitive information via crafted

  

CVE-2022-0900

A Stored Cross-Site Scripting (XSS) vulnerability in DivvyDrive’s “aciklama” parameter could allow anyone to gain users’ session informations.National Vulnerability DatabaseRead

  

CVE-2022-1810

Improper Access Control in GitHub repository publify/publify prior to 9.2.9.National Vulnerability DatabaseRead More

  

CVE-2022-1816

A vulnerability, which was classified as problematic, has been found in Zoo Management System 1.0. Affected by this issue is

  

CVE-2022-1817

A vulnerability, which was classified as problematic, was found in Badminton Center Management System. This affects the userlist module at

  

CVE-2022-28874 | F-Secure Endpoint Protection PE32-Bit File heap-based overflow

A vulnerability classified as critical has been found in F-Secure Endpoint Protection. Affected is an unknown function of the component

  

CVE-2022-29599 | Apache maven-shared-utils up to 3.3.2 Quoted String Commandline command injection

A vulnerability was found in Apache maven-shared-utils up to 3.3.2. It has been rated as critical. This issue affects the

  

CVE-2021-42586 | LibreDWG up to 0.12.3 dwg File decode_r2007.c copy_bytes heap-based overflow (ID 350)

A vulnerability, which was classified as critical, has been found in LibreDWG up to 0.12.3. Affected by this issue is

  

CVE-2021-42585 | LibreDWG up to 0.12.3 dwg File decode_r2007.c copy_compressed_bytes heap-based overflow (ID 351)

A vulnerability classified as critical was found in LibreDWG up to 0.12.3. Affected by this vulnerability is the function copy_compressed_bytes

  

CVE-2022-1825 | collectiveaccess providence up to 1.7 cross site scripting

A vulnerability, which was classified as problematic, was found in collectiveaccess providence up to 1.7. This affects an unknown part.