CVE-2022-36617
Arq Backup 7.19.5.0 and below stores backup encryption passwords using reversible encryption. This issue allows attackers with administrative privileges to recover cleartext passwords.
Source: CVE-2022-36617
[월:] 2022년 09월
CVE-2022-34165
CVE-2022-34165
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.9 are vulnerable to HTTP header injection, caused by improper validation. This could allow an attacker to conduct various attacks against the vulnerable system, including cache poisoning and cross-site scripting. IBM X-Force ID: 229429.
Source: CVE-2022-34165
CVE-2022-28741
CVE-2022-28741
aEnrich a+HRD 5.x Learning Management Key Performance Indicator System has a local file inclusion (LFI) vulnerability that occurs due to missing input validation in v5.x
Source: CVE-2022-28741
CVE-2022-3169
CVE-2022-3169
A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVME_IOCTL_RESET and the NVME_IOCTL_SUBSYS_RESET through the device file of the driver, resulting in a PCIe link disconnect.
Source: CVE-2022-3169
CVE-2022-3147
CVE-2022-3147
Mattermost version 7.0.x and earlier fails to sufficiently limit the in-memory sizes of concurrently uploaded JPEG images, which allows authenticated users to cause resource exhaustion on specific system configurations, resulting in server-side Denial of Service.
Source: CVE-2022-3147
CVE-2022-40133
CVE-2022-40133
A use-after-free(UAF) vulnerability was found in function ‘vmw_execbuf_tie_context’ in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in Linux kernel’s vmwgfx driver with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Source: CVE-2022-40133
CVE-2022-40191
CVE-2022-40191
Authenticated (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Ali Khallad’s Contact Form By Mega Forms plugin <= 1.2.4 at WordPress.
Source: CVE-2022-40191
CVE-2022-38096
CVE-2022-38096
A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file ‘/dev/dri/renderD128 (or Dxxx)’. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).
Source: CVE-2022-38096
CVE-2022-38144
CVE-2022-38144
Cross-Site Request Forgery (CSRF) vulnerability in gVectors Team wpForo Forum plugin <= 2.0.5 at WordPress.
Source: CVE-2022-38144
CVE-2022-38070
CVE-2022-38070
Privilege Escalation (subscriber+) vulnerability in Pop-up plugin <= 1.1.5 at WordPress.
Source: CVE-2022-38070