CVE-2022-29558

Realtek rtl819x-SDK before v3.6.1 allows command injection over the web interface.

Source: CVE-2022-29558

CVE-2022-30287

Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects.

Source: CVE-2022-30287

CVE-2022-34568

SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c.

Source: CVE-2022-34568

CVE-2022-29360

The Email Viewer in RainLoop through 1.6.0 allows XSS via a crafted email message.

Source: CVE-2022-29360

CVE-2021-41556

sqclass.cpp in Squirrel through 2.2.5 and 3.x through 3.1 allows an out-of-bounds read (in the core interpreter) that can lead to Code Execution. If a victim executes an attacker-controlled squirrel script, it is possible for the attacker to break out of the squirrel script sandbox even if all dangerous functionality such as File System functions has been disabled. An attacker might abuse this bug to target (for example) Cloud services that allow customization via SquirrelScripts, or distribute malware through video games that embed a Squirrel Engine.

Source: CVE-2021-41556

CVE-2022-34578

Open Source Point of Sale v3.3.7 was discovered to contain an arbitrary file upload vulnerability via the Update Branding Settings page.

Source: CVE-2022-34578

CVE-2022-34593

DPTech VPN v8.1.28.0 was discovered to contain an arbitrary file read vulnerability.

Source: CVE-2022-34593

CVE-2022-2564

Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.

Source: CVE-2022-2564

CVE-2016-4426

In zulip before 1.3.12, bot API keys were accessible to other users in the same realm.

Source: CVE-2016-4426

CVE-2016-5428

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2016. Notes: none.

Source: CVE-2016-5428