Back

Blogs - Security

RSS National Vulnerability Database

  • CVE-2022-44930 2022-12-02
    D-Link DHP-W310AV 3.10EU was discovered to contain a command injection vulnerability via the System Checks function.
  • CVE-2022-44929 2022-12-02
    An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to escalate privileges via arbitrarily editing VoIP SIB profiles.
  • CVE-2022-45562 2022-12-02
    Insecure permissions in Telos Alliance Omnia MPX Node v1.0.0 to v1.4.9 allow attackers to manipulate and access system settings with backdoor account low privilege, this can lead to change hardware settings and execute arbitrary commands in vulnerable system functions that is requires high privilege to access.
  • CVE-2022-43325 2022-12-02
    An unauthenticated command injection vulnerability in the product license validation function of Telos Alliance Omnia MPX Node 1.3.* - 1.4.* allows attackers to execute arbitrary commands via a crafted payload injected into the license input.
  • CVE-2022-44928 2022-12-02
    D-Link DVG-G5402SP GE_1.03 was discovered to contain a command injection vulnerability via the Maintenance function.
  • CVE-2022-35120 2022-12-01
    IXPdata EasyInstall 6.6.14725 contains an access control issue.
  • CVE-2022-44211 2022-12-01
    In GL.iNet Goodcloud 1.1 Incorrect access control allows a remote attacker to access/change devices' settings.
  • CVE-2022-43333 2022-12-01
    Telenia Software s.r.l TVox before v22.0.17 was discovered to contain a remote code execution (RCE) vulnerability in the component action_export_control.php.
  • CVE-2022-44212 2022-12-01
    In GL.iNet Goodcloud 1.0, insecure design allows remote attacker to access devices' admin panel.
  • CVE-2022-23737 2022-12-01
    An improper privilege management vulnerability was identified in GitHub Enterprise Server that allowed users with improper privileges to create or delete pages via the API. To exploit this vulnerability, an attacker would need to be added to an organization's repo with write permissions. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.7 […]
  • CVE-2022-41971 2022-12-01
    Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from […]
  • CVE-2022-41970 2022-12-01
    Nextcloud Server is an open source personal cloud server. Prior to versions 24.0.7 and 25.0.1, disabled download shares still allow download through preview images. Images could be downloaded and previews of documents (first page) can be downloaded without being watermarked. Versions 24.0.7 and 25.0.1 contain a fix for this issue. No known workarounds are available.
  • CVE-2022-41969 2022-12-01
    Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.11, 24.0.7, and 25.0.0, there is no password length limit when creating a user as an administrator. An administrator can cause a limited DoS attack against their own server. Versions 23.0.11, 24.0.7, and 25.0.0 contain a fix for the issue. As a workaround, […]
  • CVE-2022-41968 2022-12-01
    Nextcloud Server is an open source personal cloud server. Prior to versions 23.0.10 and 24.0.5, calendar name lengths are not validated before writing to a database. As a result, an attacker can send unnecessary amounts of data against the database. Version 23.0.10 and 24.0.5 contain patches for the issue. No known workarounds are available.
  • CVE-2022-42718 2022-12-01
    Incorrect default permissions in the installation folder for NI LabVIEW Command Line Interface (CLI) may allow an authenticated user to potentially enable escalation of privilege via local access.
  • CVE-2022-43901 2022-12-01
    IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.
  • CVE-2022-43900 2022-12-01
    IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.2 could provide a weaker than expected security. A local attacker can create an outbound network connection to another system. IBM X-Force ID: 240827.
  • CVE-2022-3226 2022-12-01
    An OS command injection vulnerability allows admins to execute code via SSL VPN configuration uploads in Sophos Firewall older than version 19.5 GA.
  • CVE-2022-3710 2022-12-01
    A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall older than version 19.5 GA.
  • CVE-2022-3696 2022-12-01
    A post-auth code injection vulnerability allows admins to execute code in Webadmin of Sophos Firewall older than version 19.5 GA.