CVE-2021-32824 : APACHE DUBBO UP TO 2.6.9/2.7.9 TELNET DESERIALIZATION
Description Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to
CVE-2022-23555 : AUTHENTIK PRIOR 2022.10.4/2022.11.4/2022.12.0 IMPROPER AUTHENTICATION
Description authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable
CVE-2022-3183 : DATAPROBE IBOOT-PDU PRIOR 1.42.06162022 OS COMMAND INJECTION
Description Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input
CVE-2022-27625 : SYNOLOGY DSM/DS3622XS+/FS3410/HD6500 PRIOR 7.1.1-42962-2 MESSAGE MEMORY CORRUPTION
Description A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message
CVE-2022-3569 : SYNACOR ZIMBRA COLLABORATION SUITE UP TO 9.0.0 POSTFIX PRIVILEGE DROPPING / LOWERING ERRORS
Description Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite (ZCS) suffers from a local privilege escalation issue
CVE-2022-39266 : ISOLATED-VM UP TO 4.3.6 API PROTECTION MECHANISM
Description isolated-vm is a library for nodejs which gives the user access to v8’s Isolate interface. In versions 4.3.6 and
CVE-2022-39243 : NUPROCESS UP TO 2.0.4 COMMAND LINE ARGUMENT JAVA_JAVA_LANG_UNIXPROCESS_FORKANDEXEC COMMAND INJECTION
Description NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes
CVE-2022-21941 : SENSORMATIC ISTAR ULTRA UP TO 6.8.9 COMMAND INJECTION
Description All versions of iSTAR Ultra prior to version 6.8.9.CU01are vulnerable to a command injection that could allow an unauthenticated
CVE-2022-34668 : NVIDIA NVFLARE UP TO 2.1.3 PICKLE DESERIALIZATION
Description NVFLARE, versions prior to 2.1.4, contains a vulnerability that deserialization of Untrusted Data due to Pickle usage may allow
CVE-2022-1401 : DEVICE42 ASSET MANAGEMENT APPLIANCE PRIOR 18.01.00 WRIMAGERESOURCE.ADX ACCESS CONTROL
Description Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker
CVE-2022-28750 : ZOOM ON-PREMISE MEETING CONNECTOR ZONE CONTROLLER PRIOR 4.8.20220419.112 STUN ERROR CODE STACK-BASED OVERFLOW
Description Zoom On-Premise Meeting Connector Zone Controller (ZC) before version 4.8.20220419.112 fails to properly parse STUN error codes, which can
CVE-2022-24294 : APACHE MXNET UP TO 1.9.0 OPERATOR NAME RESOURCE CONSUMPTION
Description A regular expression used in Apache MXNet (incubating) is vulnerable to a potential denial-of-service by excessive resource consumption. The
CVE-2022-32481 : DELL EMC POWERPROTECT CYBER RECOVERY UP TO 19.10 ACCESS CONTROL
Description Dell PowerProtect Cyber Recovery, versions prior to 19.11, contain a privilege escalation vulnerability on virtual appliance deployments. A lower-privileged
CVE-2021-4234 : OPENVPN ACCESS SERVER UP TO 2.10 AMPLIFICATION
Description OpenVPN Access Server 2.10 and prior versions are susceptible to resending multiple packets in a response to a reset
CVE-2022-33146 : WEB2PY UP TO 2.22.4 URL REDIRECT
Description Open redirect vulnerability in web2py versions prior to 2.22.5 allows a remote attacker to redirect a user to an
CVE-2022-29225 : Denial Of Service Vulnerability In Envoy Proxy
Description Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 secompressors accumulate decompressed data into an intermediate buffer
CVE-2021-44228 – Apache log4j up to 2.14.1 JNDI LDAP Server Lookup format string
Zero-Day RCE Vulnerability CVE-2021-44228 aka Critical Apache Log4j Remote Code Execution Vulnerability(Log4Shell)Affects Java Background on Apache log4j Apache log4j 2
CVE-2021-32713
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability.
ZOLL Defibrillator Dashboard up to 2.1 cross site scripting [CVE-2021-27479]
A vulnerability has been found in ZOLL Defibrillator Dashboard up to 2.1 (Forum Software) and classified as problematic. Affected by
Apache Chainsaw up to 2.0.x deserialization [CVE-2020-9493]
A vulnerability, which was classified as critical, has been found in Apache Chainsaw up to 2.0.x. Affected by this issue
EMQ X Broker up to 4.2.7 memory allocation [CVE-2021-33175]
A vulnerability classified as problematic has been found in EMQ X Broker up to 4.2.7. Affected is an unknown code.
NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user.
Overview : NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. Security Advisory
Security Advisory for Post-Authentication Command Injection on Some Routers and Gateways, PSV-2018-0352
Overview : Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6220 before 1.0.0.52, D6400
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
[vc_row][vc_column][vc_column_text] Overview : Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer