CVE-2022-32166
In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks� function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution.
Source: CVE-2022-32166
CVE-2022-32169
The “Bytebase� application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN� and “CLOSED� issues by “Admin� and the affected endpoint is “/issue�.
Source: CVE-2022-32169
CVE-2022-32170
The “Bytebase� application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin� and the affected endpoint is “/api/project?user=${userId}�.
Source: CVE-2022-32170
CVE-2022-32168
Notepad++ versions 8.4.1 and before are vulnerable to DLL hijacking where an attacker can replace the vulnerable dll (UxTheme.dll) with his own dll and run arbitrary code in the context of Notepad++.
Source: CVE-2022-32168
CVE-2022-3348
Just like in the previous report, an attacker could steal the account of different users. But in this case, it’s a little bit more specific, because it is needed to be an editor in the same app as the victim.
Source: CVE-2022-3348
CVE-2022-3333
A vulnerability, which was classified as problematic, was found in Zephyr Project Manager up to 3.2.4. Affected is an unknown function of the file /v1/tasks/create/ of the component REST Call Handler. The manipulation of the argument onanimationstart leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.2.5 is able to address this issue. It is recommended to upgrade the affected component. VDB-209370 is the identifier assigned to this vulnerability.
Source: CVE-2022-3333
CVE-2022-3332
A vulnerability classified as critical has been found in SourceCodester Food Ordering Management System. This affects an unknown part of the file router.php of the component POST Parameter Handler. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-209583.
Source: CVE-2022-3332
CVE-2022-39035
Smart eVision has insufficient filtering for special characters in the POST Data parameter in the specific function. An unauthenticated remote attacker can inject JavaScript to perform XSS (Stored Cross-Site Scripting) attack.
Source: CVE-2022-39035
CVE-2022-39053
Heimavista Rpage has insufficient filtering for platform web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
Source: CVE-2022-39053
CVE-2022-39054
Cowell enterprise travel management system has insufficient filtering for special characters within web URL. An unauthenticated remote attacker can inject JavaScript and perform XSS (Reflected Cross-Site Scripting) attack.
Source: CVE-2022-39054