• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-732

CVE-2022-37458

February 23, 2023 by godfreyd94

Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.

CVE-2022-37190

February 23, 2023 by godfreyd94

CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both parameters (action and function) from “/api/index.php.

CVE-2022-36670

February 23, 2023 by godfreyd94

PCProtect Endpoint prior to v5.17.470 for Microsoft Windows lacks tamper protection, allowing authenticated attackers with Administrator privileges to modify processes within the application and escalate privileges to SYSTEM via a crafted executable.

CVE-2022-36687

February 23, 2023 by godfreyd94

Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.

CVE-2022-36103

February 23, 2023 by godfreyd94

Talos Linux is a Linux distribution built for Kubernetes deployments. Talos worker nodes use a join token to get accepted into the Talos cluster. Due to improper validation of the request while signing a worker node CSR (certificate signing request) Talos control plane node might issue Talos API certificate which allows full access to Talos API on a control plane node. Accessing Talos API with full level access on a control plane node might reveal sensitive information which allows full level access to the cluster (Kubernetes and Talos PKI, etc.). Talos API join token is stored in the machine configuration on the worker node. When configured correctly, Kubernetes workloads don’t have access to the machine configuration, but due to a misconfiguration workload might access the machine configuration and reveal the join token. This problem has been fixed in Talos 1.2.2. Enabling the Pod Security Standards mitigates the vulnerability by denying hostPath mounts and host networking by default in the baseline policy. Clusters that don’t run untrusted workloads are not affected. Clusters with correct Pod Security configurations which don’t allow hostPath mounts, and secure access to cloud metadata server (or machine configuration is not supplied via cloud metadata server) are not affected.

CVE-2022-36122

February 23, 2023 by godfreyd94

The Automox Agent before 40 on Windows incorrectly sets permissions on key files.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 125
  • Go to page 126
  • Go to page 127
  • Go to page 128
  • Go to page 129
  • Interim pages omitted …
  • Go to page 144
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE