Pydio Cells version 2.0.4 suffers from cross site scripting, file write, code execution, and various other vulnerabilities.
ec35943a76a3c284d24b95110cd826800beebfcbda0fb782c4dc64877ec72836CipherMail Community Virtual Appliance version 4.6.2 suffers from remote command execution and file injection vulnerabilities.
8f19790f62e3ddd9f325c2b8bdab7552d76c9c096306b5c140c6286c884f3672Open-AudIT version 3.2.2 suffers from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities.
d8e9402b9604c3706a2115909b60726c461d0262c2196626918539a2164e5352A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. Cisco Webex Meetings Desktop App versions 33.6.4.15, 33.6.5.2, 33.7.0.694, 33.7.1.15, 33.7.2.24, 33.7.3.7, 33.8.0.779, 33.8.1.13, and 33.8.2.7 are affected.
9d1274a1cd79b05c5388dac3dae49ae0bd47e790ca5b08b896914d7cc2998ca8Multiple vulnerabilities were found in the GPCIDrv and GDrv drivers as bundled with several GIGABYTE and AORUS branded motherboard and graphics card utilities, which could allow a local attacker to elevate privileges. Affected versions include GIGABYTE APP Center 1.05.21 and below, AORUS GRAPHICS ENGINE 1.33 and below, XTREME GAMING ENGINE 1.25 and below, and OC GURU II 2.08.
48d96c0c3430d878112464f31d6eeadae2c2f83b0d2533746e74c9f17d8e0f36Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected.
255511782c79945ab6f218abd699801864552a7945b1791b84b548a8c0971a6aA vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior to 33.6.4 and Cisco Webex Productivity Tools releases 32.6.0 and later prior to 33.0.6.
8a6363eac36d1c77af2c188b62cc8afc4fb79e8cc7205275d6c75b242a765b2aASRock offers several utilities designed to give the user with an ASRock motherboard more control over certain settings and functions. These utilities include various features like the RGB LED control, hardware monitor, fan controls, and overclocking/voltage options. Multiple vulnerabilities were found in AsrDrv101.sys and AsrDrv102.sys low level drivers, installed by ASRock RGBLED and other ASRock branded utilities, which could allow a local attacker to elevate privileges. Vulnerable packages include ASRock RGBLED before version 1.0.35.1, A-Tuning before version 3.0.210, F-Stream before version 3.0.210, and RestartToUEFI before version 1.0.6.2.
3b57e1d843a64059edf1200acba22a276913db2838fb449328d307badda0ce0eD-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected.
0c727854c4a3a6e628258dcc738184e2861e8c1ad5dbd247e1a3630b27db5115Opsview Monitor versions 5.2, 5.3, and 5.4 suffer from cross site scripting and multiple remote command execution vulnerabilities.
953c9d49a6ad47c20e9a9acc6d55ebbeea2a239ede57f492f4be332d89519ed1SoftNAS Cloud versions prior to 4.0.3 suffers from an OS command injection vulnerability.
b79184adec75f473b47197947faff63cfba84edcfe7f5a771347dd49fb829b26QNAP Qcenter Virtual Appliance versions 1.6.1056 (20170825) and 1.6.1075 (20171123) suffer from information disclosure and command injection vulnerabilities.
d468f350b0e3bb3d4bd9bf10b3b49470163d611522cabc435f5fd39081341998Quest KACE System Management Appliance version 8.0 (Build 8.0.318) suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities.
fd18c79b0364edc307ae0073788f224ea5fd016ba9223e6018267eb9911d3f41Quest DR Series Disk Backup Software version 4.0.3 suffers from multiple code execution vulnerabilities.
e313c1bcf4d85337e78155dc912283a22293cddaadd03f8b4acb51929c7e6e8cTP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities.
c5187235d9542ea658539bfb88cc9cb5ce9f82fc8cafd49e9eb8cb63664932dbA buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. The overflow occurs before authentication takes place, so it is possible for an unauthenticated remote attacker to exploit it.
f596977ec0c838a1e24c8e7b3ba40756d8c45733524c4820e426799d27f008d3Trend Micro Email Encryption Gateway suffers from cleartext transmission of sensitive information, missing authentication, cross site request forgery, cross site scripting, and various other vulnerabilities.
5c0882e4ec54030fb98c7a6e8448db8a4938d363d703cac4986200aed680c428Dell EMC Isilon OneFS suffers from code execution, cross site request forgery, and cross site scripting vulnerabilities.
59ab98938a25d8249efefd24dd954dee7bc863a7a6ee5476a2d7d2db32b025baKaspersky Secure Mail Gateway version 1.1.0.379 suffers from code execution and cross site request forgery vulnerabilities.
1b0dff497ed1d448eeffc8af638a0c8fcc1b7926b370e7184cbf5c1126f956f6Trend Micro Smart Protection Server version 3.2 suffers from access control bypass, cross site scripting, information disclosure, and various other vulnerabilities.
149823a62c0b55b825b4c969054429d6a9537f6a010bb018f45e836ab0ce649fKaspersky Anti-Virus for Linux File Server version 8.0.3.297 suffers from remote code execution, cross site request forgery, cross site scripting, security bypass, information disclosure, and path traversal vulnerabilities.
1011f2188afe2cfa015134b365c225eb892ed298b59a2beb4cc63a8e09cdc1b0Trend Micro ServerProtect suffers from information disclosure, manipulation, cross site request forgery, cross site scripting, and various other vulnerabilities.
8e879696170b8b1f6b2ecc8c0d882967bb47bb12e348f1e061c984909eef85dfCore Security Technologies Advisory - SAP distributes software and packages using an archive program called SAPCAR. This program uses a custom archive file format. A memory corruption vulnerability was found in the parsing of specially crafted archive files, that could lead to local code execution scenarios. Version 721.510 is affected.
a3d3c8ab85600ad227bf0c9e7815c6b6891b9a726516893c8a904650f83bd791Core Security Technologies Advisory - TP-LINK TDDP suffers from buffer overflow and missing authentication vulnerabilities.
8e640691cd560b9d8302f132c35c2970fee8d3dd24deecaf9bd5bc9e5f327fb7Core Security Technologies Advisory - SAP CAR archive tool suffers from security bypass and denial of service vulnerabilities.
e526bc68dd7fc857147e1bbe8e921f1d4110eece04020dc4932d94850a062701
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed