In which type of attack does a UDP packet sent by an attacker consume 100% of CPU usage on a remote Windows NT machine?

CVE NumberDescriptionBase ScoreReferenceCVE-2021-35652 Vulnerability in the Essbase Administration Services product of Oracle Essbase (component: EAS Console). The supported versions that are affected are Prior to 11.1.2.4.046 and Prior to 21.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Essbase Administration Services. While the vulnerability is in Essbase Administration Services, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Essbase Administration Services. CVSS 3.1 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). 10 https://nvd.nist.gov/vuln/detail/CVE-2021-35652 CVE-2022-0543 It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-0543 CVE-2021-26622 An remote code execution vulnerability due to SSTI vulnerability and insufficient file name parameter validation was discovered in Genian NAC. Remote attackers are able to execute arbitrary malicious code with SYSTEM privileges on all connected nodes in NAC through this vulnerability. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-26622 CVE-2022-24783 Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in a Deno runtime could bypass all permission checks and execute arbitrary shell code. This vulnerability does not affect users of Deno Deploy. The vulnerability has been patched in Deno 1.20.3. There is no workaround. All users are recommended to upgrade to 1.20.3 immediately. 10 https://nvd.nist.gov/vuln/detail/CVE-2022-24783 CVE-2021-46433 In fenom 2.12.1 and before, there is a way in fenom/src/Fenom/Template.php function getTemplateCode()to bypass sandbox to execute arbitrary PHP code when disable_native_funcs is true. 10 https://nvd.nist.gov/vuln/detail/CVE-2021-46433 CVE-2021-3589 An authorization flaw was found in Foreman Ansible. An authenticated attacker with certain permissions to create and run Ansible jobs can access hosts through job templates. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 9.9 https://nvd.nist.gov/vuln/detail/CVE-2021-3589 CVE-2016-1453 Buffer overflow in the Overlay Transport Virtualization (OTV) GRE feature in Cisco NX-OS 5.0 through 7.3 on Nexus 7000 and 7700 devices allows remote attackers to execute arbitrary code via long parameters in a packet header, aka Bug ID CSCuy95701. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-1453 CVE-2016-9427 Integer overflow vulnerability in bdwgc before 2016-09-27 allows attackers to cause client of bdwgc denial of service (heap buffer overflow crash) and possibly execute arbitrary code via huge allocation. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2016-9427 CVE-2017-5645 In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-5645 CVE-2018-18408 A use-after-free was discovered in the tcpbridge binary of Tcpreplay 4.3.0 beta1. The issue gets triggered in the function post_args() at tcpbridge.c, causing a denial of service or possibly unspecified other impact. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-18408 CVE-2018-20019 LibVNC before commit a83439b9fbe0f03c48eb94ed05729cb016f8b72f contains multiple heap out-of-bound write vulnerabilities in VNC client code that can result remote code execution 9.8 https://nvd.nist.gov/vuln/detail/CVE-2018-20019 CVE-2019-9641 An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_TIFF. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9641 CVE-2019-0160 Buffer overflow in system firmware for EDK II may allow unauthenticated user to potentially enable escalation of privilege and/or denial of service via network access. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-0160 CVE-2019-6140 A configuration issue has been discovered in Forcepoint Email Security 8.4.x and 8.5.x: the product is left in a vulnerable state if the hybrid registration process is not completed. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-6140 CVE-2019-9788 Mozilla developers and community members reported memory safety bugs present in Firefox 65, Firefox ESR 60.5, and Thunderbird 60.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9788 CVE-2019-9791 The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time (JIT) compiler and when the constructor function is entered through on-stack replacement (OSR). This allows for possible arbitrary reading and writing of objects during an exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9791 CVE-2019-9792 The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9792 CVE-2019-8352 By default, BMC PATROL Agent through 11.3.01 uses a static encryption key for encrypting/decrypting user credentials sent over the network to managed PATROL Agent services. If an attacker were able to capture this network traffic, they could decrypt these credentials and use them to execute code or escalate privileges on the network. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-8352 CVE-2019-16928 Exim 4.92 through 4.92.2 allows remote code execution, a different vulnerability than CVE-2019-15846. There is a heap-based buffer overflow in string_vformat in string.c involving a long EHLO command. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16928 CVE-2019-17124 Kramer VIAware 2.5.0719.1034 has Incorrect Access Control. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17124 CVE-2019-17545 GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-17545 CVE-2019-16672 An issue was discovered on Weidmueller IE-SW-VL05M 3.6.6 Build 16102415, IE-SW-VL08MT 3.5.2 Build 16102415, and IE-SW-PL10M 3.3.16 Build 16102416 devices. Sensitive Credentials data is transmitted in cleartext. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-16672 CVE-2019-0219 A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-0219 CVE-2020-10108 In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10108 CVE-2020-10109 In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with a content-length and a chunked encoding header, the content-length took precedence and the remainder of the request body was interpreted as a pipelined request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-10109 CVE-2020-9760 An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9760 CVE-2020-1957 Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-1957 CVE-2020-11651 An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly validate method calls. This allows a remote user to access some methods without authentication. These methods can be used to retrieve user tokens from the salt master and/or run arbitrary commands on salt minions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-11651 CVE-2020-8159 There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-8159 CVE-2020-9850 A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. A remote attacker may be able to cause arbitrary code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9850 CVE-2017-18922 It was discovered that websockets.c in LibVNCServer prior to 0.9.12 did not properly decode certain WebSocket frames. A malicious attacker could exploit this by sending specially crafted WebSocket frames to a server, causing a heap-based buffer overflow. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2017-18922 CVE-2020-15851 Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-15851 CVE-2020-17510 Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a specially crafted HTTP request may cause an authentication bypass. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-17510 CVE-2020-35847 Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35847 CVE-2020-35848 Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-35848 CVE-2021-21783 A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-21783 CVE-2020-9493 A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-9493 CVE-2021-30116 Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. By default Kaseya VSA on premise offers a download page where the clients for the installation can be downloaded. The default URL for this page is https://x.x.x.x/dl.asp When an attacker download a client for Windows and installs it, the file KaseyaD.ini is generated (C:\\Program Files (x86)\\Kaseya\\XXXXXXXXXX\\KaseyaD.ini) which contains an Agent_Guid and AgentPassword This Agent_Guid and AgentPassword can be used to log in on dl.asp (https://x.x.x.x/dl.asp?un=840997037507813&pw=113cc622839a4077a84837485ced6b93e440bf66d44057713cb2f95e503a06d9) This request authenticates the client and returns a sessionId cookie that can be used in subsequent attacks to bypass authentication. Security issues discovered --- * Unauthenticated download page leaks credentials * Credentials of agent software can be used to obtain a sessionId (cookie) that can be used for services not intended for use by agents * dl.asp accepts credentials via a GET request * Access to KaseyaD.ini gives an attacker access to sufficient information to penetrate the Kaseya installation and its clients. Impact --- Via the page /dl.asp enough information can be obtained to give an attacker a sessionId that can be used to execute further (semi-authenticated) attacks against the system. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30116 CVE-2021-30118 An attacker can upload files with the privilege of the Web Server process for Kaseya VSA Unified Remote Monitoring & Management (RMM) 9.5.4.2149 and subsequently use these files to execute asp commands The api /SystemTab/uploader.aspx is vulnerable to an unauthenticated arbitrary file upload leading to RCE. An attacker can upload files with the privilege of the Web Server process and subsequently use these files to execute asp commands. Detailed description --- Given the following request: ``` POST /SystemTab/uploader.aspx?Filename=shellz.aspx&PathData=C%3A%5CKaseya%5CWebPages%5C&__RequestValidationToken=ac1906a5-d511-47e3-8500-47cc4b0ec219&qqfile=shellz.aspx HTTP/1.1 Host: 192.168.1.194 Cookie: sessionId=92812726; %5F%5FRequestValidationToken=ac1906a5%2Dd511%2D47e3%2D8500%2D47cc4b0ec219 Content-Length: 12 <%@ Page Language="C#" Debug="true" validateRequest="false" %> <%@ Import namespace="System.Web.UI.WebControls" %> <%@ Import namespace="System.Diagnostics" %> <%@ Import namespace="System.IO" %> <%@ Import namespace="System" %> <%@ Import namespace="System.Data" %> <%@ Import namespace="System.Data.SqlClient" %> <%@ Import namespace="System.Security.AccessControl" %> <%@ Import namespace="System.Security.Principal" %> <%@ Import namespace="System.Collections.Generic" %> <%@ Import namespace="System.Collections" %> <script runat="server"> private const string password = "pass"; // The password ( pass ) private const string style = "dark"; // The style ( light / dark ) protected void Page_Load(object sender, EventArgs e) { //this.Remote(password); this.Login(password); this.Style(); this.ServerInfo(); <snip> ``` The attacker can control the name of the file written via the qqfile parameter and the location of the file written via the PathData parameter. Even though the call requires that a sessionId cookie is passed we have determined that the sessionId is not actually validated and any numeric value is accepted as valid. Security issues discovered --- * a sessionId cookie is required by /SystemTab/uploader.aspx, but is not actually validated, allowing an attacker to bypass authentication * /SystemTab/uploader.aspx allows an attacker to create a file with arbitrary content in any place the webserver has write access * The web server process has write access to the webroot where the attacker can execute it by requesting the URL of the newly created file. Impact --- This arbitrary file upload allows an attacker to place files of his own choosing on any location on the hard drive of the server the webserver process has access to, including (but not limited to) the webroot. If the attacker uploads files with code to the webroot (e.g. aspx code) he can then execute this code in the context of the webserver to breach either the integrity, confidentiality, or availability of the system or to steal credentials of other users. In other words, this can lead to a full system compromise. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-30118 CVE-2020-36239 Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17.0 exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011[0][1], could execute arbitrary code of their choice in Jira through deserialization due to a missing authentication vulnerability. While Atlassian strongly suggests restricting access to the Ehcache ports to only Data Center instances, fixed versions of Jira will now require a shared secret in order to allow access to the Ehcache service. [0] In Jira Data Center, Jira Core Data Center, and Jira Software Data Center versions prior to 7.13.1, the Ehcache object port can be randomly allocated. [1] In Jira Service Management Data Center versions prior to 3.16.1, the Ehcache object port can be randomly allocated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-36239 CVE-2021-3711 In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3711 CVE-2021-26084 In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26084 CVE-2021-36260 A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-36260 CVE-2021-38297 Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-38297 CVE-2021-3907 OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-3907 CVE-2021-42377 An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42377 CVE-2021-29114 A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-29114 CVE-2021-43882 Microsoft Defender for IoT Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-41365, CVE-2021-42310, CVE-2021-42311, CVE-2021-42313, CVE-2021-42314, CVE-2021-42315, CVE-2021-43889. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43882 CVE-2022-21724 pgjdbc is the offical PostgreSQL JDBC Driver. A security hole was found in the jdbc driver for postgresql database while doing security research. The system using the postgresql library will be attacked when attacker control the jdbc url or properties. pgjdbc instantiates plugin instances based on class names provided via `authenticationPluginClassName`, `sslhostnameverifier`, `socketFactory`, `sslfactory`, `sslpasswordcallback` connection properties. However, the driver did not verify if the class implements the expected interface before instantiating the class. This can lead to code execution loaded via arbitrary classes. Users using plugins are advised to upgrade. There are no known workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-21724 CVE-2022-0582 Unaligned access in the CSN.1 protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0582 CVE-2022-23608 PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23608 CVE-2022-24724 cmark-gfm is GitHub's extended version of the C reference implementation of CommonMark. Prior to versions 0.29.0.gfm.3 and 0.28.3.gfm.21, an integer overflow in cmark-gfm's table row parsing `table.c:row_from_string` may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16_MAX columns. The impact of this heap corruption ranges from Information Leak to Arbitrary Code Execution depending on how and where `cmark-gfm` is used. If `cmark-gfm` is used for rendering remote user controlled markdown, this vulnerability may lead to Remote Code Execution (RCE) in applications employing affected versions of the `cmark-gfm` library. This vulnerability has been patched in the following cmark-gfm versions 0.29.0.gfm.3 and 0.28.3.gfm.21. A workaround is available. The vulnerability exists in the table markdown extensions of cmark-gfm. Disabling the table extension will prevent this vulnerability from being triggered. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24724 CVE-2022-0730 Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0730 CVE-2021-42171 Zenario CMS 9.0.54156 is vulnerable to File Upload. The web server can be compromised by uploading and executing a web-shell which can run commands, browse system files, browse local resources, attack other servers, and exploit the local vulnerabilities, and so forth. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42171 CVE-2022-25487 Atom CMS v2.0 was discovered to contain a remote code execution (RCE) vulnerability via /admin/uploads.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25487 CVE-2022-0757 Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code. This issue was fixed in Rapid7 Nexpose version 6.6.129. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0757 CVE-2020-25176 Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer (IXL) protocol perform various file operations in the file system. Since the parameter pointing to the file name is not checked for reserved characters, it is possible for a remote, unauthenticated attacker to traverse an application’s directory, which could lead to remote code execution. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-25176 CVE-2022-27250 The UNISOC chipset through 2022-03-15 allows attackers to obtain remote control of a mobile phone, e.g., to obtain sensitive information from text messages or the device's screen, record video of the device's physical environment, or modify data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27250 CVE-2021-45809 Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=--redacted-- versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI Application. The way GlobalProtect-Openconnect is set up enables arbitrary users to execute commands as root by submitting the `--script=<script>` parameter 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45809 CVE-2021-27426 GE UR IED firmware versions prior to version 8.1x with “Basic” security variant does not allow the disabling of the “Factory Mode,” which is used for servicing the IED by a “Factory” user. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27426 CVE-2021-27428 GE UR IED firmware versions prior to version 8.1x supports upgrading firmware using UR Setup configuration tool – Enervista UR Setup. This UR Setup tool validates the authenticity and integrity of firmware file before uploading the UR IED. An illegitimate user could upgrade firmware without appropriate privileges. The weakness is assessed, and mitigation is implemented in firmware Version 8.10. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27428 CVE-2021-27476 A vulnerability exists in the SaveConfigFile function of the RACompare Service, which may allow for OS command injection. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary commands in Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-27476 CVE-2022-22819 NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22819 CVE-2022-24934 wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-24934 CVE-2021-31326 D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-31326 CVE-2022-27811 GNOME OCRFeeder before 0.8.4 allows OS command injection via shell metacharacters in a PDF or image filename. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27811 CVE-2022-26249 Survey King v0.3.0 does not filter data properly when exporting excel files, allowing attackers to execute arbitrary code or access sensitive information via a CSV injection attack. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26249 CVE-2022-26279 EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26279 CVE-2022-22687 Buffer copy without checking size of input ('Classic Buffer Overflow') vulnerability in Authentication functionality in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22687 CVE-2022-1040 An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5 MR3 and older. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1040 CVE-2021-43090 An XML External Entity (XXE) vulnerability exists in all versions of soa-model (as of 11.01/2021) in the WSDLParser function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43090 CVE-2021-43636 Two Buffer Overflow vulnerabilities exists in T10 V2_Firmware V4.1.8cu.5207_B20210320 in the http_request_parse function when processing host data in the HTTP request process. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43636 CVE-2021-26621 An Buffer Overflow vulnerability leading to remote code execution was discovered in MEX01. Remote attackers can use this vulnerability by using the property that the target program copies parameter values to memory through the strcpy() function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26621 CVE-2022-27919 Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27919 CVE-2022-22274 A Stack-based buffer overflow vulnerability in the SonicOS via HTTP request allows a remote unauthenticated attacker to cause Denial of Service (DoS) or potentially results in code execution in the firewall. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22274 CVE-2022-22995 The combination of primitives offered by SMB and AFP in their default configuration allows the arbitrary writing of files. By exploiting these combination of primitives, an attacker can execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-22995 CVE-2022-26198 Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26198 CVE-2022-26205 Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26205 CVE-2022-26245 Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26245 CVE-2021-44127 In DLink DAP-1360 F1 firmware version <=v6.10 in the "webupg" binary, an attacker can use the "file" parameter to execute arbitrary system commands when the parameter is "name=deleteFile" after being authorized. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44127 CVE-2022-26255 Clash for Windows v0.19.8 was discovered to allow arbitrary code execution via a crafted payload injected into the Proxies name column. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26255 CVE-2022-26258 D-Link DIR-820L 1.05B03 was discovered to contain a remote command execution (RCE) vulnerability via the Device Name parameter in /lan.asp. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26258 CVE-2021-26599 ImpressCMS before 1.4.3 allows include/findusers.php groups SQL Injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26599 CVE-2021-26600 ImpressCMS before 1.4.3 has plugins/preloads/autologin.php type confusion with resultant Authentication Bypass (!= instead of !==). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-26600 CVE-2022-26268 Xiaohuanxiong v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /app/controller/Books.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26268 CVE-2021-44617 A SQL Injection vulnerability exits in the Ramo plugin for GLPI 9.4.6 via the idu parameter in plugins/ramo/ramoapirest.php/getOutdated. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-44617 CVE-2022-26273 EyouCMS v1.5.4 was discovered to lack parameter filtering in \\user\\controller\\shop.php, leading to payment logic vulnerabilities. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26273 CVE-2022-25757 In Apache APISIX before 2.13.0, when decoding JSON with duplicate keys, lua-cjson will choose the last occurred value as the result. By passing a JSON with a duplicate key, the attacker can bypass the body_schema validation in the request-validation plugin. For example, `{"string_payload":"bad","string_payload":"good"}` can be used to hide the "bad" input. Systems satisfy three conditions below are affected by this attack: 1. use body_schema validation in the request-validation plugin 2. upstream application uses a special JSON library that chooses the first occurred value, like jsoniter or gojay 3. upstream application does not validate the input anymore. The fix in APISIX is to re-encode the validated JSON input back into the request body at the side of APISIX. Improper Input Validation vulnerability in __COMPONENT__ of Apache APISIX allows an attacker to __IMPACT__. This issue affects Apache APISIX Apache APISIX version 2.12.1 and prior versions. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25757 CVE-2022-23882 TuziCMS 2.0.6 is affected by SQL injection in \\App\\Manage\\Controller\\BannerController.class.php. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23882 CVE-2022-0342 An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versions 4.20 through 4.70, USG FLEX series firmware versions 4.50 through 5.20, ATP series firmware versions 4.32 through 5.20, VPN series firmware versions 4.30 through 5.20, and NSG series firmware versions V1.20 through V1.33 Patch 4, which could allow an attacker to bypass the web authentication and obtain administrative access of the device. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0342 CVE-2022-23884 Mojang Bedrock Dedicated Server 1.18.2 is affected by an integer overflow leading to a bound check bypass caused by PurchaseReceiptPacket::_read (packet deserializer). 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23884 CVE-2021-25070 The Block Bad Bots WordPress plugin before 6.88 does not properly sanitise and escape the User Agent before using it in a SQL statement to record logs, leading to an SQL Injection issue 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-25070 CVE-2022-0479 The Popup Builder WordPress plugin before 4.1.1 does not sanitise and escape the sgpb-subscription-popup-id parameter before using it in a SQL statement in the All Subscribers admin dashboard, leading to a SQL injection, which could also be used to perform Reflected Cross-Site Scripting attack against a logged in admin opening a malicious link 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0479 CVE-2022-0679 The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path parameter before it is passed into a call to require() via the narnoo_distributor_lib_request AJAX action (available to both unauthenticated and authenticated users) which results in the disclosure of arbitrary files as the content of the file is then displayed in the response as JSON data. This could also lead to RCE with various tricks but depends on the underlying system and it's configuration. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0679 CVE-2022-0784 The Title Experiments Free WordPress plugin before 9.0.1 does not sanitise and escape the id parameter before using it in a SQL statement via the wpex_titles AJAX action (available to unauthenticated users), leading to an unauthenticated SQL injection 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0784 CVE-2022-0787 The Limit Login Attempts (Spam Protection) WordPress plugin before 5.1 does not sanitise and escape some parameters before using them in SQL statements via AJAX actions (available to unauthenticated users), leading to SQL Injections 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0787 CVE-2022-0846 The SpeakOut! Email Petitions WordPress plugin before 2.14.15.1 does not sanitise and escape the id parameter before using it in a SQL statement via the dk_speakout_sendmail AJAX action, leading to an SQL Injection exploitable by unauthenticated users 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0846 CVE-2022-0735 An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.6.5, all versions starting from 14.7 before 14.7.4, all versions starting from 14.8 before 14.8.2. An unauthorised user was able to steal runner registration tokens through an information disclosure vulnerability using quick actions commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0735 CVE-2022-26278 Tenda AC9 v15.03.2.21_cn was discovered to contain a stack overflow via the time parameter in the PowerSaveSet function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26278 CVE-2022-26639 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the DNSServers parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26639 CVE-2022-26640 TP-LINK TL-WR840N(ES)_V6.20 was discovered to contain a buffer overflow via the minAddress parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26640 CVE-2021-45865 A File Upload vulnerability exists in Sourcecodester Student Attendance Manageent System 1.0 via the file upload functionality. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45865 CVE-2022-25521 UNNO v03.11.00 was discovered to contain access control issue. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25521 CVE-2022-25420 NTT Resonant Incorporated goo blog App Web Application 1.0 is vulnerable to CLRF injection. This vulnerability allows attackers to execute arbitrary code via a crafted HTTP request. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25420 CVE-2022-1073 A vulnerability was found in Automatic Question Paper Generator 1.0. It has been declared as critical. An attack leads to privilege escalation. The attack can be launched remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1073 CVE-2022-1078 A vulnerability was found in SourceCodester College Website Management System 1.0. It has been classified as critical. Affected is the file /cwms/admin/?page=articles/view_article/. The manipulation of the argument id with an unknown input leads to sql injection. It is possible to launch the attack remotely and without authentication. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1078 CVE-2022-1080 A vulnerability was found in SourceCodester One Church Management System 1.0. It has been declared as critical. This vulnerability affects code of the file attendancy.php as the manipulation of the argument search2 leads to sql injection. The attack can be initiated remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1080 CVE-2022-1082 A vulnerability was found in SourceCodester Microfinance Management System 1.0. It has been rated as critical. This issue affects the file /mims/login.php of the Login Page. The manipulation of the argument username/password with the input '||1=1# leads to sql injection. The attack may be initiated remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1082 CVE-2022-1083 A vulnerability classified as critical has been found in Microfinance Management System. The manipulation of arguments like customer_type_number/account_number/account_status_number/account_type_number with the input ' and sql statement leads to sql injection in multiple files. It is possible to launch the attack remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1083 CVE-2022-1084 A vulnerability classified as critical was found in SourceCodester One Church Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /one_church/userregister.php. The manipulation leads to authentication bypass. The attack can be launched remotely. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1084 CVE-2022-23901 A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23901 CVE-2022-0923 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialog_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-0923 CVE-2022-25880 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25880 CVE-2022-25980 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerCommon.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-25980 CVE-2022-26013 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_dmdsetHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26013 CVE-2022-26059 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetQueryData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26059 CVE-2022-26065 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetLatestDemandNode and GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26065 CVE-2022-26069 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerPage_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26069 CVE-2022-26338 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_hierarchyHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26338 CVE-2022-26349 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_eccoefficientHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26349 CVE-2022-26514 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_tagHandler.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26514 CVE-2022-26666 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerDialogECC.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26666 CVE-2022-26667 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetDemandAnalysisData. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26667 CVE-2022-26836 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in HandlerExport.ashx/Calendar. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26836 CVE-2022-26887 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in DIAE_HandlerTag_KID.ashx. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26887 CVE-2022-27175 Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) has a blind SQL injection vulnerability that exists in GetCalcTagList. This allows an attacker to inject arbitrary SQL queries, retrieve and modify database contents, and execute system commands. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-27175 CVE-2021-42911 A Format String vulnerability exists in DrayTek Vigor 2960 <= 1.5.1.3, DrayTek Vigor 3900 <= 1.5.1.3, and DrayTek Vigor 300B <= 1.5.1.3 in the mainfunction.cgi file via a crafted HTTP message containing malformed QUERY STRING, which could let a remote malicious user execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-42911 CVE-2021-43118 A Remote Command Injection vulnerability exists in DrayTek Vigor 2960 1.5.1.3, DrayTek Vigor 3900 1.5.1.3, and DrayTek Vigor 300B 1.5.1.3 via a crafted HTTP message containing malformed QUERY STRING in mainfunction.cgi, which could let a remote malicious user execute arbitrary code. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-43118 CVE-2020-24769 SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the classes parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24769 CVE-2020-24770 SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2020-24770 CVE-2022-28205 An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a ttl issue for groups expiring in the future. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28205 CVE-2022-28206 An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the FileImporter extension mishandles the check for edit rights. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28206 CVE-2022-28209 An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof permission in the AntiSpoof extension is incorrect. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-28209 CVE-2022-1154 Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-1154 CVE-2022-23795 An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not bound to a specific authentication mechanism which could under very special circumstances allow an account takeover. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23795 CVE-2022-23797 An issue was discovered in Joomla! 3.0.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate filtering on the selected Ids on an request could resulted into an possible SQL injection. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23797 CVE-2022-23799 An issue was discovered in Joomla! 4.0.0 through 4.1.0. Under specific circumstances, JInput pollutes method-specific input bags with $_REQUEST data. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-23799 CVE-2019-12266 Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12266 CVE-2019-9564 A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices.\nThis issue affects:\nWyze Cam Pan v2\nversions prior to 4.49.1.47.\nWyze Cam v2\nversions prior to 4.9.8.1002.\nWyze Cam v3\nversions prior to 4.36.8.32. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2019-9564 CVE-2021-45031 A vulnerability in MEPSAN's USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-45031 CVE-2021-46007 totolink a3100r V5.9c.4577 is vulnerable to os command injection. The backend of a page is executing the "ping" command, and the input field does not adequately filter special symbols. This can lead to command injection attacks. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46007 CVE-2021-46009 In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without authentication. Additionally, admin configurations can be set without cookies. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-46009 CVE-2022-26645 A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26645 CVE-2022-26646 Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. 9.8 https://nvd.nist.gov/vuln/detail/CVE-2022-26646 CVE-2021-37973 Use after free in Portals in Google Chrome prior to 94.0.4606.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2021-37973 CVE-2022-0290 Use after free in Site isolation in Google Chrome prior to 97.0.4692.99 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 9.6 https://nvd.nist.gov/vuln/detail/CVE-2022-0290 CVE-2021-23017 A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. 9.4 https://nvd.nist.gov/vuln/detail/CVE-2021-23017 CVE-2020-12740 tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-12740 CVE-2020-1963 Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2020-1963 CVE-2021-28918 Improper input validation of octal strings in netmask npm package v1.0.6 and below allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many of the dependent packages. A remote unauthenticated attacker can bypass packages relying on netmask to filter IPs and reach critical VPN or LAN hosts. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-28918 CVE-2021-29102 A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-29102 CVE-2021-33701 DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 2011_1_731, 710, 2011_1_752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain access to Superuser account, leading to SQL Injection vulnerability, that highly impacts systems Confidentiality, Integrity and Availability. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-33701 CVE-2021-43816 containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-43816 CVE-2022-0860 Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0860 CVE-2022-26960 connector.minimal.php in std42 elFinder through 2.1.60 is affected by path traversal. This allows unauthenticated remote attackers to read, write, and browse files outside the configured document root. This is due to improper handling of absolute file paths. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26960 CVE-2022-22952 VMware Carbon Black App Control (8.5.x prior to 8.5.14, 8.6.x prior to 8.6.6, 8.7.x prior to 8.7.4 and 8.8.x prior to 8.8.2) contains a file upload vulnerability. A malicious actor with administrative access to the VMware App Control administration interface may be able to execute code on the Windows instance where AppC Server is installed by uploading a specially crafted file. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22952 CVE-2022-26629 An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen Security Feature function due to insufficient permissions and privileges, which allows a malicious attacker bypass the lock screen function. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26629 CVE-2022-22374 The BMC (IBM Power 9 AC922 OP910, OP920, OP930, and OP940) may be subject to a firmware downgrade attack which may affect its ability to operate its host. IBM X-Force ID: 221442. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-22374 CVE-2022-25577 ALF-BanCO v8.2.5 and below was discovered to use a hardcoded password to encrypt the SQLite database containing the user's data. Attackers who are able to gain remote or local access to the system are able to read and modify the data. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-25577 CVE-2022-1106 use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-1106 CVE-2021-45490 The client applications in 3CX on Windows, the 3CX app for iOS, and the 3CX application for Android through 2022-03-17 lack SSL certificate validation. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2021-45490 CVE-2022-24303 Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames are mishandled. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-24303 CVE-2022-0249 A vulnerability was discovered in GitLab starting with version 12. GitLab was vulnerable to a blind SSRF attack since requests to shared address space were not blocked. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-0249 CVE-2022-26280 Libarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-26280 CVE-2022-27815 SWHKD 1.1.5 unsafely uses the /tmp/swhkd.pid pathname. There can be an information leak or denial of service. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27815 CVE-2022-27816 SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. 9.1 https://nvd.nist.gov/vuln/detail/CVE-2022-27816

What is DoS and DDoS attack?

What is DoS fin attack?

In which type of attack an echo packet is sent that is larger than the maximum allowable size 65535 bytes?

What is DDoS attack example?