CVE-2022-2483 : NOKIA ASIK AIRSCALE SYSTEM MODULE 474021A.101/474021A.102 FIRMWARE VERIFICATION UNKNOWN VULNERABILITY
Description The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification signature. If an attacker modifies the flash contents to corrupt the keys, secure boot could be permanently disabled on a given device. References https://www.cisa.gov/uscert/ics/advisories/icsa-22-307-02 For More Information MITRE
CVE-2022-43535 : ARUBA CLEARPASS POLICY MANAGER UP TO 6.9.12/6.10.7 ON WINDOWS ONGUARD AGENT PRIVILEGE ESCALATION
Description A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with NT AUTHORITY\SYSTEM level privileges on the Windows instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below […]
CVE-2022-25926 : WINDOW-CONTROL UP TO 1.4.4 SENDKEYS COMMAND INJECTION
Description Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. References https://github.com/bruno-robert/window-control/commit/075c854534a749d887655a906759f5a7eee95173 https://github.com/bruno-robert/window-control/releases/tag/v1.4.5 https://security.snyk.io/vuln/SNYK-JS-WINDOWCONTROL-3186345 For More Information MITRE
CVE-2021-32824 : APACHE DUBBO UP TO 2.6.9/2.7.9 TELNET DESERIALIZATION
Description Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to pre-auth remote code execution via arbitrary bean manipulation in the Telnet handler. The Dubbo main service port can be used to access a Telnet Handler which offers some basic methods to collect information about the […]
CVE-2022-42475 : FORTIOS FORTIOS SSL-VPN/FORTIPROXY SSL-VPN REQUESTS HEAP-BASED OVERFLOW
Description A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. References https://fortiguard.com/psirt/FG-IR-22-398 For More Information […]
CVE-2022-43931 : SYNOLOGY VPN PLUS SERVER PRIOR 1.4.3-0534/1.4.4-0635 REMOTE DESKTOP OUT-OF-BOUNDS WRITE
Description Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers to execute arbitrary commands via unspecified vectors. References https://www.synology.com/en-global/security/advisory/Synology_SA_22_26 For More Information MITRE
CVE-2022-47952 : LXC UP TO 5.0.1 LXC-USER-NIC PRIVILEGE ESCALATION
Description lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file exists, even within a protected directory tree, because “Failed to open” often indicates that a file does not exist, whereas “does not refer to a network namespace path” often indicates that a file exists. NOTE: […]
CVE-2022-23555 : AUTHENTIK PRIOR 2022.10.4/2022.11.4/2022.12.0 IMPROPER AUTHENTICATION
Description authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable to Improper Authentication. Token reuse in invitation URLs leads to access control bypass via the use of a different enrollment flow than in the one provided. The vulnerability allows an attacker that knows different invitation […]
CVE-2022-4812 : USEMEMOS UP TO 0.9.0 UNKNOWN VULNERABILITY
Description Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos prior to 0.9.1. References https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 For More Information MITRE
CVE-2022-46764 : TRUECONF SERVER 5.2.0.10225 SQL INJECTION
Description A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary SQL commands, ultimately leading to remote code execution. References https://github.com/sldlb/public_cve_submissions/blob/main/CVE-2022-46764.txt https://solidlab.ru/our-news/145-trueconf.html For More Information MITRE
CVE-2022-24119 : GENERAL ELECTRIC INET/INET II UP TO 8.2.X DEVICE CONFIGURATION SHELL BACKDOOR
Description Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell. This affects iNET and iNET II before 8.3.0. References https://www.cisa.gov/uscert/ics/advisories/icsa-22-090-06 For More Information MITRE
CVE-2022-39165 : IBM AIX/VIOS CAA DENIAL OF SERVICE
Description IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA to cause a denial of service. IBM X-Force ID: 235183. References https://exchange.xforce.ibmcloud.com/vulnerabilities/235183 https://www.ibm.com/support/pages/node/6847947 For More Information MITRE
CVE-2022-3805 : JEG ELEMENTOR KIT PLUGIN UP TO 2.5.6 ON WORDPRESS SETTING AUTHORIZATION
Description The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, […]
CVE-2022-3183 : DATAPROBE IBOOT-PDU PRIOR 1.42.06162022 OS COMMAND INJECTION
Description Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input provided by the user, which may expose the affected to an OS command injection vulnerability. References https://www.cisa.gov/uscert/ics/advisories/icsa-22-263-03 For More Information MITRE
CVE-2022-25893 : VM2 UP TO 3.9.9 WEAKMAP.PROTOTYPE.SET ACCESS CONTROL
Description The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for the WeakMap.prototype.set method. Exploiting this vulnerability leads to access to a host object and a sandbox compromise. References https://github.com/patriksimek/vm2/issues/444 https://github.com/patriksimek/vm2/pull/445 https://github.com/patriksimek/vm2/pull/445/commits/3a9876482be487b78a90ac459675da7f83f46d69 https://security.snyk.io/vuln/SNYK-JS-VM2-2990237 For More Information MITRE
CVE-2022-47577 : ZOHO MANAGEENGINE DEVICE CONTROL PLUS 10.1.2228.15 ENDPOINT PROTECTION AGENT ACCESS CONTROL
Description An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete restrictions on USB pendrives, USB HDD devices, memory cards, USB connections to mobile devices, etc., it is still possible to bypass the USB restrictions by making use of a virtual machine (VM). This allows a […]
CVE-2022-3157 : ROCKWELL AUTOMATION GUARDLOGIX/CONTROLLOGIX CIP REQUEST DENIAL OF SERVICE
Description A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable fault (MNRF) and a denial-of-service condition (DOS). References https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1137757 For More Information MITRE
CVE-2022-47208 : NETGEAR NIGHTHAWK HTTPSNIFF SERVICE COMMAND INJECTION
Description The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An unauthenticated attacker on the same network segment as the router can execute arbitrary commands on the device without authentication. References https://www.tenable.com/security/research/tra-2022-37 For More Information MITRE
CVE-2022-22063 : QUALCOMM WCN3990 CORE MEMORY CORRUPTION
Description Memory corruption in Core due to improper configuration in boot remapper. References https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin For More Information MITRE
CVE-2022-4283 : X.ORG X11 SERVER XKBGETKBDBYNAME REQUEST XKBCOPYNAMES USE AFTER FREE
Description A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to freed memory, resulting in out-of-bounds memory access on subsequent XkbGetKbdByName requests.. This issue can lead to local privileges elevation on systems where the X server is running privileged and remote code execution for ssh X […]
CVE-2022-25698 : QUALCOMM SNAPDRAGON MOBILE/SNAPDRAGON WEARABLES SPI BUS MEMORY CORRUPTION
Description Memory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, Snapdragon Wearables. References https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin For More Information MITRE
CVE-2022-27518 : CITRIX ADC/GATEWAY RESOURCE CONTROL
Description Unauthenticated remote arbitrary code execution. References https://support.citrix.com/article/CTX474995 For More Information MITRE
CVE-2022-37897 : ARUBA NETWORKS ARUBAOS PAPI COMMAND INJECTION
Description There is a command injection vulnerability that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. References […]
CVE-2022-4416 : RAINYGAO DOCSYS GETREPOSALLUSERS.DO GETREPOSALLUSERS SEARCHWORD/REPOSID SQL INJECTION
Description A vulnerability was found in RainyGao DocSys. It has been declared as critical. This vulnerability affects the function getReposAllUsers of the file /DocSystem/Repos/getReposAllUsers.do. The manipulation of the argument searchWord/reposId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-215278 is the […]