CVE-2022-29516

The web console of FUJITSU Network IPCOM series (IPCOM EX2 IN(3200, 3500), IPCOM EX2 LB(1100, 3200, 3500), IPCOM EX2 SC(1100, 3200, 3500), IPCOM EX2 NW(1100, 3200, 3500), IPCOM EX2 DC, IPCOM EX2 DC, IPCOM EX IN(2300, 2500, 2700), IPCOM EX LB(1100, 1300, 2300, 2500, 2700), IPCOM EX SC(1100, 1300, 2300, 2500, 2700), and IPCOM EX NW(1100, 1300, 2300, 2500, 2700)) allows a remote attacker to execute an arbitrary OS command via unspecified vectors.

Source: CVE-2022-29516

CVE-2022-30065

A use-after-free in Busybox 1.35-x’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the copyvar function.

Source: CVE-2022-30065

CVE-2022-1795

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV.

Source: CVE-2022-1795

CVE-2021-27548

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.

Source: CVE-2021-27548

CVE-2022-1782

Cross-site Scripting (XSS) – Generic in GitHub repository erudika/para prior to v1.45.11.

Source: CVE-2022-1782

CVE-2022-1432

Cross-site Scripting (XSS) – Generic in GitHub repository octoprint/octoprint prior to 1.8.0.

Source: CVE-2022-1432

CVE-2022-1727

Improper Input Validation in GitHub repository jgraph/drawio prior to 18.0.6.

Source: CVE-2022-1727

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using these tokens the attacker can access the user’s account.

Source: CVE-2022-23067

CVE-2022-1430

Cross-site Scripting (XSS) – DOM in GitHub repository octoprint/octoprint prior to 1.8.0.

Source: CVE-2022-1430

CVE-2022-23068

ToolJet versions v0.6.0 to v1.10.2 are vulnerable to HTML injection where an attacker can inject malicious code inside the first name and last name field while inviting a new user which will be reflected in the invitational e-mail.

Source: CVE-2022-23068