Kategori: Güvenlik Açıkları

CVE-2022-31765

Affected devices do not properly authorize the change password function of the web interface. This could allow low privileged users to escalate their privileges. Zafiyet…

Devamını oku

CVE-2022-31766

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.1.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.1.2), SCALANCE M804PB (All…

Devamını oku

CVE-2022-36360

A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Affected devices load firmware updates without checking the authenticity.…

Devamını oku

CVE-2022-37616

A prototype pollution vulnerability exists in the function copy in dom.js in the xmldom (published as @xmldom/xmldom) package before 0.8.3 for Node.js via the p…

Devamını oku

CVE-2022-35289

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note…

Devamını oku

CVE-2022-32234

An out of bounds write in hermes, while handling large arrays, prior to commit 06eaec767e376bfdb883d912cb15e987ddf2bda1 allows attackers to potentially execute arbitrary code via crafted JavaScript.…

Devamını oku

CVE-2021-35226

An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated…

Devamını oku

CVE-2022-3136

The Social Rocket WordPress plugin before 1.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin…

Devamını oku

CVE-2022-3137

The Taskbuilder WordPress plugin before 1.0.8 does not validate and sanitise task’s attachments, which could allow any authenticated user (such as subscriber) creating a task…

Devamını oku