CVE-2021-30065

On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.

Source: CVE-2021-30065

CVE-2022-28388

usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.

Source: CVE-2022-28388

CVE-2022-28389

mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.

Source: CVE-2022-28389

CVE-2022-28391

BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record’s value to a VT compatible terminal. Alternatively, the attacker could choose to change the terminal’s colors.

Source: CVE-2022-28391

CVE-2022-28390

ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.

Source: CVE-2022-28390

CVE-2022-28381

Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.

Source: CVE-2022-28381

CVE-2022-0406

Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.

Source: CVE-2022-0406

CVE-2022-0405

Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.

Source: CVE-2022-0405

CVE-2022-28380

The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory traversal if serve-static is used.

Source: CVE-2022-28380

CVE-2022-28378

Craft CMS before 3.7.29 allows XSS.

Source: CVE-2022-28378