• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-668

CVE-2022-36780

February 23, 2023 by godfreyd94

Avdor CIS – crystal quality Credentials Management Errors. The product is phone call recorder, you can hear all the recorded calls without authenticate to the system. Attacker sends crafted URL to the system: ip:port//V=2;ChannellD=number;Ext=number;Command=startLM;Client=number;Request=number;R=number number – id of the recorded number.

CVE-2022-36226

February 23, 2023 by godfreyd94

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx.

CVE-2022-36074

February 23, 2023 by godfreyd94

Nextcloud server is an open source personal cloud product. Affected versions of this package are vulnerable to Information Exposure which fails to strip the Authorization header on HTTP downgrade. This can lead to account access exposure and compromise. It is recommended that the Nextcloud Server is upgraded to 23.0.7 or 24.0.3. It is recommended that the Nextcloud Enterprise Server is upgraded to 22.2.11, 23.0.7 or 24.0.3. There are no known workarounds for this issue.

CVE-2022-35936

February 23, 2023 by godfreyd94

Ethermint is an Ethereum library. In Ethermint running versions before `v0.17.2`, the contract `selfdestruct` invocation permanently removes the corresponding bytecode from the internal database storage. However, due to a bug in the `DeleteAccount`function, all contracts that used the identical bytecode (i.e shared the same `CodeHash`) will also stop working once one contract invokes `selfdestruct`, even though the other contracts did not invoke the `selfdestruct` OPCODE. This vulnerability has been patched in Ethermint version v0.18.0. The patch has state machine-breaking changes for applications using Ethermint, so a coordinated upgrade procedure is required. A workaround is available. If a contract is subject to DoS due to this issue, the user can redeploy the same contract, i.e. with identical bytecode, so that the original contract’s code is recovered. The new contract deployment restores the `bytecode hash -> bytecode` entry in the internal state.

CVE-2022-35837

February 23, 2023 by godfreyd94

Windows Graphics Component Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-34728, CVE-2022-38006.

CVE-2022-35716

February 23, 2023 by godfreyd94

IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. IBM X-Force ID: 231360.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 62
  • Go to page 63
  • Go to page 64
  • Go to page 65
  • Go to page 66
  • Interim pages omitted …
  • Go to page 101
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE