CVE-2022-39187

Rumpus – FTP server version 9.0.7.1 has a Reflected cross-site scripting (RXSS) vulnerability through unspecified vectors.

Source: CVE-2022-39187

CVE-2022-39186

EXFO – BV-10 Performance Endpoint Unit misconfiguration. System configuration file has misconfigured permissions

Source: CVE-2022-39186

CVE-2022-3341

A null pointer dereference issue was discovered in ‘FFmpeg’ in decode_main_header() function of libavformat/nutdec.c file. The flaw occurs because the function lacks check of the return value of avformat_new_stream() and triggers the null pointer dereference error, causing an application to crash.

Source: CVE-2022-3341

CVE-2022-3592

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make ‘smbd’ escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the ‘smbd’ configured share path and gain access to another restricted server’s filesystem.

Source: CVE-2022-3592

CVE-2023-0246

A vulnerability, which was classified as problematic, was found in earclink ESPCMS P8.21120101. Affected is an unknown function of the component Content Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-218154 is the identifier assigned to this vulnerability.

Source: CVE-2023-0246

CVE-2022-3515

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment.

Source: CVE-2022-3515

CVE-2023-0244

A vulnerability classified as critical was found in TuziCMS 2.0.6. This vulnerability affects the function delall of the file AppManageControllerKefuController.class.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-218152.

Source: CVE-2023-0244

CVE-2023-0243

A vulnerability classified as critical has been found in TuziCMS 2.0.6. This affects the function index of the file AppManageControllerArticleController.class.php of the component Article Module. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-218151.

Source: CVE-2023-0243

CVE-2022-3437

A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.

Source: CVE-2022-3437

CVE-2022-46503

A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.

Source: CVE-2022-46503