Waaxe.com - Security Site waaxe.com - In memory of Ponca Chief Standing Bear waaxe.com - Chief Standing Bear In memory of Ponca Chief Standing Bear  

RSS CVE - US National Vulnerability Database

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20227 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20227

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20228 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20228

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20229 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20229

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20230 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20230

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20231 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20231

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20232 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20232

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20233 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20233

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20234 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20234

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20235 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20235

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20236 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20236

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20237 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20237

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20238 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20238

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20239 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20239

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20240 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20240

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20241 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20241

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20242 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20242

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20243 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20243

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20244 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20244

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20245 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20245

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20246 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20246

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20247 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20247

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20248 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20248

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20249 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20249

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20250 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20250

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20251 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20251

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20252 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20252

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20253 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20253

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20254 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20254

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20255 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20255

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20256 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20256

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20257 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20257

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20258 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20258

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20259 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20259

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20260 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20260

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20261 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20261

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20262 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20262

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20263 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20263

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20264 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20264

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20265 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20265

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20266 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20266

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20267 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20267

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20268 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20268

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20269 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20269

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20270 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20270

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20271 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20271

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20272 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20272

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20273 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20273

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20274 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20274

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20275 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20275

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20276 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20276

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20277 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20277

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20278 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20278

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20279 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20279

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20280 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20280

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20281 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20281

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20282 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20282

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20283 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20283

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20284 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20284

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20285 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20285

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20286 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20286

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20287 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20287

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20288 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20288

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20289 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20289

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20290 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20290

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20291 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20291

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20292 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20292

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20293 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20293

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20294 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20294

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20295 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20295

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20296 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20296

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20297 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20297

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20298 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20298

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20299 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20299

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20300 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20300

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20301 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20301

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20302 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20302

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20303 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20303

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20304 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20304

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20305 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20305

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20306 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20306

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20307 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20307

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20308 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20308

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20309 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20309

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20310 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20310

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20311 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20311

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20312 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20312

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20313 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20313

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20314 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20314

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20315 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20315

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20316 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20316

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20317 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20317

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20318 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20318

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20319 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20319

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20320 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20320

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20321 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20321

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20322 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20322

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20323 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20323

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20324 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20324

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during the year 2019. Notes: none.

CVE-2019-20325 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-20325

Directory Traversal vulnerability in htmly before 2.8.1 allows remote attackers to perform arbitrary file deletions via modified file parameter.

CVE-2021-33354 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-33354

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Comment Guestbook plugin <= 0.8.0 at WordPress.

CVE-2021-36830 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36830

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Social Media Follow Buttons Bar plugin <= 4.73 at WordPress.

CVE-2021-36839 (social_media_follow_buttons_bar) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36839

Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Booking Ultra Pro plugin <= 1.1.4 at WordPress.

CVE-2021-36854 (booking_ultra_pro_appointments_booking_calendar) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36854

Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in Booking Ultra Pro plugin <= 1.1.4 at WordPress.

CVE-2021-36855 (booking_ultra_pro_appointments_booking_calendar) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36855

Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz.

CVE-2021-36865 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-36865

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2022-1480 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1480

AppLock version 7.9.29 allows an attacker with physical access to the device to bypass biometric authentication. This is possible because the application did not correctly implement fingerprint validations.

CVE-2022-1959 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1959

A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an unauthenticated attacker with physical access to bypass authentication. This vulnerability exists because the assigned user of a smart card is not properly matched with the authenticating user. An attacker could exploit this vulnerability by configuring a smart card login to bypass Duo authentication. A successful exploit could allow the attacker to use any personal identity verification (PIV) smart card for authentication, even if the smart card is not assigned to the authenticating user.

CVE-2022-20662 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20662

A vulnerability in the client forwarding code of multiple Cisco Access Points (APs) could allow an unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device. This vulnerability is due to a logic error on the AP that forwards packets that are destined to a wireless client if they are received on the native VLAN. An attacker could exploit this vulnerability by obtaining access to the native VLAN and directing traffic directly to the client through their MAC/IP combination. A successful exploit could allow the attacker to bypass VLAN separation and potentially also bypass any Layer 3 protection mechanisms that are deployed.

CVE-2022-20728 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20728

A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient error validation. An attacker could exploit this vulnerability by sending crafted packets to an affected device. A successful exploit could allow the attacker to cause the wireless LAN controller to crash, resulting in a DoS condition. Note: This vulnerability affects only devices that have Federal Information Processing Standards (FIPS) mode enabled.

CVE-2022-20769 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20769

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

CVE-2022-20775 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20775

A vulnerability in the Simple Network Management Protocol (SNMP) of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an authenticated, remote attacker to access sensitive information. This vulnerability is due to insufficient restrictions that allow a sensitive configuration detail to be disclosed. An attacker could exploit this vulnerability by retrieving data through SNMP read-only community access. A successful exploit could allow the attacker to view Service Set Identifier (SSID) preshared keys (PSKs) that are configured on the affected device.

CVE-2022-20810 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20810

Multiple vulnerabilities in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain elevated privileges. These vulnerabilities are due to improper access controls on commands within the application CLI. An attacker could exploit these vulnerabilities by running a malicious command on the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.

CVE-2022-20818 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20818

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and Control (SD-AVC) on Cisco vManage could allow an unauthenticated, remote attacker to access the GUI of Cisco SD-AVC using a default static username and password combination. This vulnerability exists because the GUI is accessible on self-managed cloud installations or local server installations of Cisco vManage. An attacker could exploit this vulnerability by accessing the exposed GUI of Cisco SD-AVC. A successful exploit could allow the attacker to view managed device names, SD-AVC logs, and SD-AVC DNS server IP addresses.

CVE-2022-20844 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20844

A vulnerability in the DHCP processing functionality of Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of DHCP messages. An attacker could exploit this vulnerability by sending malicious DHCP messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVE-2022-20847 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20847

A vulnerability in the UDP processing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst 9100 Series Access Points could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to the improper processing of UDP datagrams. An attacker could exploit this vulnerability by sending malicious UDP datagrams to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVE-2022-20848 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20848

A vulnerability in the CLI of stand-alone Cisco IOS XE SD-WAN Software and Cisco SD-WAN Software could allow an authenticated, local attacker to delete arbitrary files from the file system of an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary file path information when using commands in the CLI of an affected device. A successful exploit could allow the attacker to delete arbitrary files from the file system of the affected device.

CVE-2022-20850 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20850

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI API. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To exploit this vulnerability, an attacker must have valid Administrator privileges on the affected device.

CVE-2022-20851 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20851

A vulnerability in the self-healing functionality of Cisco IOS XE Software for Embedded Wireless Controllers on Catalyst Access Points could allow an authenticated, local attacker to escape the restricted controller shell and execute arbitrary commands on the underlying operating system of the access point. This vulnerability is due to improper checks throughout the restart of certain system processes. An attacker could exploit this vulnerability by logging on to an affected device and executing certain CLI commands. A successful exploit could allow the attacker to execute arbitrary commands on the underlying OS as root. To successfully exploit this vulnerability, an attacker would need valid credentials for a privilege level 15 user of the wireless controller.

CVE-2022-20855 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20855

A vulnerability in the processing of Control and Provisioning of Wireless Access Points (CAPWAP) Mobility messages in Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error and improper management of resources related to the handling of CAPWAP Mobility messages. An attacker could exploit this vulnerability by sending crafted CAPWAP Mobility packets to an affected device. A successful exploit could allow the attacker to exhaust resources on the affected device. This would cause the device to reload, resulting in a DoS condition.

CVE-2022-20856 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20856

A vulnerability in the processing of malformed Common Industrial Protocol (CIP) packets that are sent to Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to unexpectedly reload, resulting in a denial of service (DoS) condition. This vulnerability is due to insufficient input validation during processing of CIP packets. An attacker could exploit this vulnerability by sending a malformed CIP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to unexpectedly reload, resulting in a DoS condition.

CVE-2022-20919 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20919

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to overwrite and possibly corrupt files on an affected system. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by injecting arbitrary commands that are executed as the root user account. A successful exploit could allow the attacker to overwrite arbitrary system files, which could result in a denial of service (DoS) condition.

CVE-2022-20930 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20930

A vulnerability in the 802.11 association frame validation of Cisco Catalyst 9100 Series Access Points (APs) could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient input validation of certain parameters within association request frames received by the AP. An attacker could exploit this vulnerability by sending a crafted 802.11 association request to a nearby device. An exploit could allow the attacker to unexpectedly reload the device, resulting in a DoS condition.

CVE-2022-20945 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-20945

The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function.

CVE-2022-21222 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21222

Pulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.

CVE-2022-21826 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-21826

PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.

CVE-2022-23726 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-23726

The package react-native-reanimated before 3.0.0-rc.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper usage of regular expression in the parser of Colors.js.

CVE-2022-24373 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-24373

sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.

CVE-2022-2529 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2529

The DSGVO All in one for WP WordPress plugin before 4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-2628 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2628

The WP Socializer WordPress plugin before 7.3 does not sanitise and escape some of its Icons settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-2763 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2763

In affected versions of Octopus Deploy it is possible to bypass rate limiting on login using null bytes.

CVE-2022-2778 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2778

The Zephyr Project Manager WordPress plugin before 3.2.55 does not have any authorisation as well as CSRF in all its AJAX actions, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins.

CVE-2022-2839 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2839

Adobe Experience Manager versions 6.5.13.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Exploitation of this issue requires low-privilege access to AEM.

CVE-2022-28851 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-28851

Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.

CVE-2022-2922 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2922

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.

CVE-2022-29503 (eufy_homebase_2_firmware, uclibc, uclibc-ng) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29503

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2022. Notes: none.

CVE-2022-29504 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-29504

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to rename uploaded files from users. Furthermore, due to the lack of validation in the destination filename, this could allow allow them to change the content of arbitrary files on the web server

CVE-2022-3124 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3124

The Frontend File Manager Plugin WordPress plugin before 21.3 allows any authenticated users, such as subscriber, to rename a file to an arbitrary extension, like PHP, which could allow them to basically be able to upload arbitrary files on the server and achieve RCE

CVE-2022-3125 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3125

The Donation Thermometer WordPress plugin before 2.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2022-3128 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3128

The Goolytics WordPress plugin before 1.1.2 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2022-3132 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3132

In OrchardCore rc1-11259 to v1.2.2 vulnerable to HTML injection, allow an authenticated user with an editor security role to inject a persistent HTML modal dialog component into the dashboard that will affect admin users.

CVE-2022-32173 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32173

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras with platform CPP13 or CPP14 and firmware version 8.x.

CVE-2022-32540 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-32540

Use After Free in GitHub repository vim/vim prior to 9.0.0614.

CVE-2022-3352 (vim) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3352

Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.8.3.

CVE-2022-3355 (inventree) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3355

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.

CVE-2022-3364 (rdiffweb) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3364

Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.

CVE-2022-3371 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3371

hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.

CVE-2022-33880 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33880

Under certain conditions, an attacker could create an unintended sphere of control through a vulnerability present in file delete operation in Autodesk desktop app (ADA). An attacker could leverage this vulnerability to escalate privileges and execute arbitrary code.

CVE-2022-33882 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33882

A malicious crafted file consumed through Moldflow Synergy, Moldflow Adviser, Moldflow Communicator, and Advanced Material Exchange applications could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-33883 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33883

Parsing a maliciously crafted X_B file can force Autodesk AutoCAD 2023 and 2022 to read beyond allocated boundaries. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-33884 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33884

A maliciously crafted X_B, CATIA, and PDF file when parsed through Autodesk AutoCAD 2023 and 2022 can be used to write beyond the allocated buffer. This vulnerability can lead to arbitrary code execution.

CVE-2022-33885 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33885

A maliciously crafted MODEL and SLDPRT file can be used to write beyond the allocated buffer while parsing through Autodesk AutoCAD 2023 and 2022. The vulnerability exists because the application fails to handle crafted MODEL and SLDPRT files, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code.

CVE-2022-33886 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33886

A maliciously crafted PDF file when parsed through Autodesk AutoCAD 2023 causes an unhandled exception. An attacker can leverage this vulnerability to cause a crash or read sensitive data or execute arbitrary code in the context of the current process.

CVE-2022-33887 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33887

A malicious crafted Dwg2Spd file when processed through Autodesk DWG application could lead to memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-33888 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33888

A maliciously crafted GIF or JPEG files when parsed through Autodesk Design Review 2018, and AutoCAD 2023 and 2022 could be used to write beyond the allocated heap buffer. This vulnerability could lead to arbitrary code execution.

CVE-2022-33889 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33889

A maliciously crafted PCT or DWF file when consumed through DesignReview.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-33890 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-33890

Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.

CVE-2022-34428 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34428

Dell Hybrid Client below 1.8 version contains a Zip Slip Vulnerability in UI. A guest privilege attacker could potentially exploit this vulnerability, leading to system files modification.

CVE-2022-34429 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-34429

DGIOT Lightweight industrial IoT v4.5.4 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities.

CVE-2022-35137 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35137

Bus Pass Management System v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the searchdata parameter.

CVE-2022-35155 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35155

Bus Pass Management System 1.0 was discovered to contain a SQL Injection vulnerability via the searchdata parameter at /buspassms/download-pass.php..

CVE-2022-35156 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-35156

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

CVE-2022-36066 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36066

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a moderator can create new and edit existing themes by using the API when they should not be able to do so. The problem is patched in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

CVE-2022-36068 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36068

A Server Side Request Forgery (SSRF) in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling a remote attacker to create a new account and then exploit the SSRF.

CVE-2022-36551 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36551

A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.

CVE-2022-36961 (orion_platform) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36961

Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).

CVE-2022-36965 (solarwinds_platform) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-36965

Multiple cross-site scripting (XSS) vulnerabilities in Canon Medical Vitrea View 7.x before 7.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the input after the error subdirectory to the /vitrea-view/error/ subdirectory, or the (2) groupID, (3) offset, or (4) limit parameter to an Administrative Panel (Group and Users) page. There is a risk of an attacker retrieving patient information.

CVE-2022-37461 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37461

SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.

CVE-2022-38732 (snapcenter) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38732

Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.

CVE-2022-38817 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38817

IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.

CVE-2022-39168 (robotic_process_automation, robotic_process_automation_for_cloud_pak, robotic_process_automation_for_services) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39168

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the `stable` branch and prior to 2.9.0.beta10 on the `beta` and `tests-passed` branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other users when loading that profile. A fix to limit the length of user input for these fields is included in version 2.8.9 on the `stable` branch and version 2.9.0.beta10 on the `beta` and `tests-passed` branches. There are no known workarounds.

CVE-2022-39226 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39226

Discourse is an open source discussion platform. Starting with version 2.9.0.beta5 and prior to version 2.9.0.beta10, an incomplete quote can generate a JavaScript error which will crash the current page in the browser in some cases. Version 2.9.0.beta10 added a fix and tests to ensure incomplete quotes won't break the app. As a workaround, the quote can be fixed via the rails console.

CVE-2022-39232 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39232

Matrix JavaScript SDK is the Matrix Client-Server software development kit (SDK) for JavaScript. Prior to version 19.7.0, an attacker cooperating with a malicious homeserver could interfere with the verification flow between two users, injecting its own cross-signing user identity in place of one of the users’ identities. This would lead to the other device trusting/verifying the user identity under the control of the homeserver instead of the intended one. The vulnerability is a bug in the matrix-js-sdk, caused by checking and signing user identities and devices in two separate steps, and inadequately fixing the keys to be signed between those steps. Even though the attack is partly made possible due to the design decision of treating cross-signing user identities as Matrix devices on the server side (with their device ID set to the public part of the user identity key), no other examined implementations were vulnerable. Starting with version 19.7.0, the matrix-js-sdk has been modified to double check that the key signed is the one that was verified instead of just referencing the key by ID. An additional check has been made to report an error when one of the device ID matches a cross-signing key. As this attack requires coordination between a malicious homeserver and an attacker, those who trust their homeservers do not need a particular workaround.

CVE-2022-39250 (javascript_sdk) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39250

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the request. When the user receives a forwarded room key, the software accepts it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.6 fixes this issue.

CVE-2022-39252 (matrix-rust-sdk) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39252

matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.

CVE-2022-39254 (matrix-nio) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39254

isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. As of time of publication, there are no known fixed versions or workarounds.

CVE-2022-39266 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39266

### Impact In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user's account. ### Patch Upgrade to v2022.09.10 to patch this vulnerability. ### Workarounds Rebuild and redeploy the Orchest `auth-server` with this commit: https://github.com/orchest/orchest/commit/c2587a963cca742c4a2503bce4cfb4161bf64c2d ### References https://en.wikipedia.org/wiki/Cross-site_request_forgery https://cwe.mitre.org/data/definitions/352.html ### For more information If you have any questions or comments about this advisory: * Open an issue in https://github.com/orchest/orchest * Email us at rick@orchest.io

CVE-2022-39268 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39268

mojoPortal v2.7 was discovered to contain a path traversal vulnerability via the "f" parameter at /DesignTools/CssEditor.aspx. This vulnerability allows authenticated attackers to read arbitrary files in the system.

CVE-2022-40123 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40123

A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows attackers to escalate privileges and execute arbitrary commands when Service Mode is activated.

CVE-2022-40126 (clash) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40126

Gridea version 0.9.3 allows an external attacker to execute arbitrary code remotely on any client attempting to view a malicious markdown file through Gridea. This is possible because the application has the 'nodeIntegration' option enabled.

CVE-2022-40274 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40274

Joplin version 2.8.8 allows an external attacker to execute arbitrary commands remotely on any client that opens a link in a malicious markdown file, via Joplin. This is possible because the application does not properly validate the schema/protocol of existing links in the markdown file before passing them to the 'shell.openExternal' function.

CVE-2022-40277 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40277

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

CVE-2022-40313 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40313

A remote code execution risk when restoring backup files originating from Moodle 1.9 was identified.

CVE-2022-40314 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40314

A limited SQL injection risk was identified in the "browse list of users" site administration page.

CVE-2022-40315 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40315

The H5P activity attempts report did not filter by groups, which in separate groups mode could reveal information to non-editing teachers about attempts/users in groups they should not have access to.

CVE-2022-40316 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40316

mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file.

CVE-2022-40341 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40341

A buffer overflow in the component nfc_device_load_mifare_ul_data of Flipper Devices Inc., Flipper Zero before v0.65.2 allows attackers to cause a Denial of Service (DoS) via a crafted NFC file.

CVE-2022-40363 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40363

A zip slip vulnerability in the file upload function of Chamilo v1.11 allows attackers to execute arbitrary code via a crafted Zip file.

CVE-2022-40407 (chamilo) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40407

FeehiCMS v2.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability via a crafted payload injected into the Comment box under the Single Page module.

CVE-2022-40408 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40408

ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text field of the Add New Message module.

CVE-2022-40472 (zkbio_time) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40472

TOTOLINK A860R V4.1.2cu.5182_B20201027 was discovered to contain a command injection via the component /cgi-bin/downloadFile.cgi.

CVE-2022-40475 (a860r_firmware) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40475

Arbitrary file upload vulnerability in php uploader

CVE-2022-40721 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40721

If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database.

CVE-2022-40756 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40756

Snyk CLI before 1.996.0 allows arbitrary command execution, affecting Snyk IDE plugins and the snyk npm package. Exploitation could follow from the common practice of viewing untrusted files in the Visual Studio Code editor, for example. The original demonstration was with shell metacharacters in the vendor.json ignore field, affecting snyk-go-plugin before 1.19.1. This affects, for example, the Snyk TeamCity plugin (which does not update automatically) before 20220930.142957.

CVE-2022-40764 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40764

kkFileView v4.1.0 is vulnerable to Cross Site Scripting (XSS) via the parameter 'errorMsg.'

CVE-2022-40879 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40879

DedeCMS 5.7.98 has a file upload vulnerability in the background.

CVE-2022-40886 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40886

SourceCodester Best Student Result Management System 1.0 is vulnerable to SQL Injection.

CVE-2022-40887 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40887

A vulnerability in /src/amf/amf-context.c in Open5GS 2.4.10 and earlier leads to AMF denial of service.

CVE-2022-40890 (open5gs) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40890

A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.

CVE-2022-40922 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40922

A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.

CVE-2022-40923 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40923

dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).

CVE-2022-40931 (transfer.sh) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40931

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.

CVE-2022-40943 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40943

Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.

CVE-2022-40944 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40944

Microsoft Exchange Server Elevation of Privilege Vulnerability.

CVE-2022-41040 (exchange_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41040

Microsoft Exchange Server Remote Code Execution Vulnerability.

CVE-2022-41082 (exchange_server) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41082

A maliciously crafted PKT file when consumed through SubassemblyComposer.exe application could lead to memory corruption vulnerability. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.

CVE-2022-41301 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41301

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_Processor::Process function in the mp4encrypt binary.

CVE-2022-41419 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41419

nasm v2.16 was discovered to contain a stack overflow in the Ndisasm component

CVE-2022-41420 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41420

Bento4 v1.6.0-639 was discovered to contain a segmentation violation in the mp4fragment component.

CVE-2022-41423 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41423

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_SttsAtom::Create function in mp42hls.

CVE-2022-41424 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41424

Bento4 v1.6.0-639 was discovered to contain a segmentation violation via the AP4_Processor::ProcessFragments function in mp4decrypt.

CVE-2022-41425 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41425

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4_AtomFactory::CreateAtomFromStream function in mp4split.

CVE-2022-41426 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41426

Bento4 v1.6.0-639 was discovered to contain a memory leak in the AP4_AvcFrameParser::Feed function in mp4mux.

CVE-2022-41427 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41427

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBits function in mp4mux.

CVE-2022-41428 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41428

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_Atom::TypeFromString function in mp4tag.

CVE-2022-41429 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41429

Bento4 v1.6.0-639 was discovered to contain a heap overflow via the AP4_BitReader::ReadBit function in mp4mux.

CVE-2022-41430 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41430

Billing System Project v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the component /php_action/createProduct.php.

CVE-2022-41437 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41437

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/edituser.php.

CVE-2022-41439 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41439

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /phpinventory/editcategory.php.

CVE-2022-41440 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41440

phpipam v1.5.0 was discovered to contain a header injection vulnerability via the component /admin/subnets/ripe-query.php.

CVE-2022-41443 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41443

In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.

CVE-2022-41828 (amazon_web_services_redshift_java_database_connectivity_driver) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41828

An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.

CVE-2022-41841 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41841

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

CVE-2022-41842 (xpdf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41842

An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.

CVE-2022-41843 (xpdf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41843

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

CVE-2022-41844 (xpdf) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41844

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.

CVE-2022-41845 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41845

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.

CVE-2022-41846 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41846

An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.

CVE-2022-41847 (bento4) https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41847

drivers/char/pcmcia/synclink_cs.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling ioctl, aka a race condition between mgslpc_ioctl and mgslpc_detach.

CVE-2022-41848 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41848

drivers/video/fbdev/smscufx.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free if a physically proximate attacker removes a USB device while calling open(), aka a race condition between ufx_ops_open and ufx_usb_disconnect.

CVE-2022-41849 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41849

roccat_report_event in drivers/hid/hid-roccat.c in the Linux kernel through 5.19.12 has a race condition and resultant use-after-free in certain situations where a report is received while copying a report->value is in progress.

CVE-2022-41850 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41850

AP Manager in Innovaphone before 13r2 Service Release 17 allows command injection via a modified service ID during app upload.

CVE-2022-41870 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41870

RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode.

CVE-2022-41975 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41975

SonicJS through 0.6.0 allows file overwrite. It has the following mutations that are used for updating files: fileCreate and fileUpdate. Both of these mutations can be called without any authentication to overwrite any files on a SonicJS application, leading to Arbitrary File Write and Delete.

CVE-2022-42002 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42002

In FasterXML jackson-databind before 2.14.0-rc1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled.

CVE-2022-42003 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42003

In FasterXML jackson-databind before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization.

CVE-2022-42004 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42004

pfSense v2.5.2 was discovered to contain a cross-site scripting (XSS) vulnerability in the browser.php component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a file name.

CVE-2022-42247 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42247

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a denial of service attack through the DiscoveryService service.

CVE-2022-42299 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42299

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server nbars process can be crashed resulting in a denial of service. (Note: the watchdog service will automatically restart the process.)

CVE-2022-42300 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42300

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) injection attack through the nbars process.

CVE-2022-42301 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42301

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting the NBFSMCLIENT service.

CVE-2022-42302 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42302

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a second-order SQL Injection attack affecting the NBFSMCLIENT service by leveraging CVE-2022-42302.

CVE-2022-42303 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42303

An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products. The NetBackup Primary server is vulnerable to a SQL Injection attack affecting idm, nbars, and SLP manager code.

CVE-2022-42304 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42304

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to a Path traversal attack through the DiscoveryService service.

CVE-2022-42305 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42305

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can send a crafted packet to pbx_exchange during registration and cause a NULL pointer exception, effectively crashing the pbx_exchange process.

CVE-2022-42306 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42306

An issue was discovered in Veritas NetBackup through 10.0.0.1 and related Veritas products. The NetBackup Primary server is vulnerable to an XML External Entity (XXE) Injection attack through the DiscoveryService service.

CVE-2022-42307 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42307

An issue was discovered in Veritas NetBackup through 8.2 and related Veritas products. An attacker with local access can delete arbitrary files by leveraging a path traversal in the pbx_exchange registration code.

CVE-2022-42308 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-42308

(© 2017 - 2017) by OSI ® ORDENADORES Y SOLUCIONES INFORMÁTICAS , OSIWARE ® - SON MARCAS REGISTRADAS DE ANGEL FRUCTUOSO LASHERAS
OSI Num.: 1.766.464 OEPM - OSIWARE ® US ® (tm)- s/n: 4.903.668 |  ES ® OEPM - Num.: 3.568.893