NVD: fully analised CVE

Subscribe to NVD: fully analised CVE hírcsatorna
This feed contains the most recent CVE cyber vulnerabilities published within the National Vulnerability Database.
Frissítve: 6 perc 6 másodperc
2023. január 30.

CVE-2022-27596 (qts, quts_hero)

A vulnerability has been reported to affect QNAP device running QuTS hero, QTS. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QuTS hero, QTS: QuTS hero h5.0.1.2248 build 20221215 and later QTS 5.0.1.2234 build 20221201 and later
2023. január 26.

CVE-2022-38459 (quartz-gold_firmware)

A stack-based buffer overflow vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
2023. január 26.

CVE-2022-38715 (quartz-gold_firmware)

A leftover debug code vulnerability exists in the httpd shell.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
2023. január 26.

CVE-2022-39045 (quartz-gold_firmware)

A file write vulnerability exists in the httpd upload.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can send an HTTP request to trigger this vulnerability.
2023. január 26.

CVE-2022-38066 (quartz-gold_firmware)

An OS command injection vulnerability exists in the httpd SNMP functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP response can lead to arbitrary command execution. An attacker can send a network request to trigger this vulnerability.
2023. január 26.

CVE-2022-38088 (quartz-gold_firmware)

A directory traversal vulnerability exists in the httpd downfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to arbitrary file read. An attacker can send an HTTP request to trigger this vulnerability.
2023. január 26.

CVE-2022-36279 (quartz-gold_firmware)

A stack-based buffer overflow vulnerability exists in the httpd delfile.cgi functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted HTTP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
2023. január 26.

CVE-2022-4054 (gitlab)

An issue has been discovered in GitLab affecting all versions starting from 9.3 before 15.4.6, all versions starting from 15.5 before 15.5.5, all versions starting from 15.6 before 15.6.1. It was possible for a project maintainer to leak a webhook secret token by changing the webhook URL to an endpoint that allows them to capture request headers.
2023. január 26.

CVE-2022-4092 (gitlab)

An issue has been discovered in GitLab EE affecting all versions starting from 15.6 before 15.6.1. It was possible to create a malicious README page due to improper neutralisation of user supplied input.
2023. január 26.

CVE-2022-45820 (learnpress)

SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
2023. január 26.

CVE-2022-45920 (uatoolkit_embedded)

In Softing uaToolkit Embedded before 1.41, a malformed CreateMonitoredItems request may cause a memory leak.
2023. január 26.

CVE-2022-45808 (learnpress)

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
2023. január 26.

CVE-2022-45730 (doctor_appointment_management_system)

A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.
2023. január 26.

CVE-2022-44297 (siteserver_cms)

SiteServer CMS 7.1.3 has a SQL injection vulnerability the background.
2023. január 26.

CVE-2022-44018 (uatoolkit_embedded)

In Softing uaToolkit Embedded before 1.40.1, a malformed PubSub discovery announcement message can cause a NULL pointer dereference or out-of-bounds memory access in the subscriber application.
2023. január 26.

CVE-2022-43917 (websphere_application_server)

IBM WebSphere Application Server 8.5 and 9.0 traditional container uses weaker than expected cryptographic keys that could allow an attacker to decrypt sensitive information. This affects only the containerized version of WebSphere Application Server traditional. IBM X-Force ID: 241045.
2023. január 26.

CVE-2022-43864 (business_automation_workflow, business_monitor)

IBM Business Automation Workflow 22.0.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 239427.
2023. január 26.

CVE-2022-41941 (glpi)

GLPI is a Free Asset and IT Management Software package. Versions 10.0.0 and above, prior to 10.0.6, are subject to Cross-site Scripting. An administrator may store malicious code in help links. This issue is patched in 10.0.6.
2023. január 26.

CVE-2022-40036 (blog-ssm)

An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component.
2023. január 26.

CVE-2022-40035 (blog-ssm)

File Upload Vulnerability found in Rawchen Blog-ssm v1.0 allowing attackers to execute arbitrary commands and gain escalated privileges via the /uploadFileList component.