Category: Vulnerabilities

CVE-2022-23463

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java...

CVE-2022-23464

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery (SSRF). RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting...

CVE-2022-2070

In Grandstream GSD3710 in its 1.0.11.13 version, it’s possible to overflow the stack since it doesn’t check the param length before using the sscanf instruction. Because of that, an attacker could create a socket...

CVE-2022-2785

There exists an arbitrary memory read within the Linux Kernel BPF – Constants provided to fill pointers in structs passed in to bpf_sys_bpf are not verified and can point anywhere, including memory not owned...

CVE-2022-32227

A cleartext transmission of sensitive information exists in Rocket.Chat

CVE-2022-32792

An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in iOS 15.6 and iPadOS 15.6, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Safari 15.6. Processing maliciously crafted web content...

CVE-2022-32821

A memory corruption issue was addressed with improved validation. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary...

CVE-2022-32852

An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.5. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory....

CVE-2022-35246

A NoSQL-Injection information disclosure vulnerability vulnerability exists in Rocket.Chat

CVE-2022-36417

Multiple Stored Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) vulnerability in 3D Tag Cloud plugin

CVE-2022-38454

Cross-Site Request Forgery (CSRF) vulnerability in Kraken.io Image Optimizer plugin