CVE-2022-27772
** UNSUPPORTED WHEN ASSIGNED ** spring-boot versions prior to version v2.2.11.RELEASE was vulnerable to temporary directory hijacking. This vulnerability impacted the org.springframework.boot.web.server.AbstractConfigurableWebServerFactory.createTempDir method. NOTE: This vulnerability only affects products and/or versions that are no longer supported by the maintainer.
Source: CVE-2022-27772
CVE-2022-28223
Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin.
Source: CVE-2022-28223
CVE-2022-24132
phpshe V1.8 is affected by a denial of service (DoS) attack in the registry’s verification code, which can paralyze the target service.
Source: CVE-2022-24132
CVE-2021-44312
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. Logged in administrators could be targeted by a CSRF attack through visiting a crafted web page.
Source: CVE-2021-44312
CVE-2021-44310
An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality.
Source: CVE-2021-44310
CVE-2022-22772
The cfsend, cfrecv, and CyberResp components of TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX and TIBCO Managed File Transfer Platform Server for z/Linux contain a difficult to exploit Remote Code Execution (RCE) vulnerability that allows a low privileged attacker with network access to execute arbitrary code on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO Managed File Transfer Platform Server for UNIX: versions 8.1.0 and below and TIBCO Managed File Transfer Platform Server for z/Linux: versions 8.1.0 and below.
Source: CVE-2022-22772
CVE-2021-39790
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-186405146
Source: CVE-2021-39790
CVE-2022-23136
There is a stored XSS vulnerability in ZTE home gateway product. An attacker could modify the gateway name by inserting special characters and trigger an XSS attack when the user views the current topology of the device through the management page.
Source: CVE-2022-23136
CVE-2022-23800
An issue was discovered in Joomla! 4.0.0 through 4.1.0. Inadequate content filtering leads to XSS vulnerabilities in various components.
Source: CVE-2022-23800
CVE-2022-23794
An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Uploading a file name of an excess length causes the error. This error brings up the screen with the path of the source code of the web application.
Source: CVE-2022-23794