Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-32428PUBLISHED: 2022-07-01SQL Injection vulnerability in viaviwebtech Android EBook App (Books App, PDF, ePub, Online Book Reading, Download Books) 10 via the author_id parameter to api.php.
CVE-2022-27904PUBLISHED: 2022-07-01The Automox Agent installation package before 37 on macOS allows an unprivileged user to obtain root access because of incorrect access control on a file used within the PostInstall script.
CVE-2022-32295PUBLISHED: 2022-07-01On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI accesses allows insecure access to SPI-NOR by the OS/hypervisor component.
CVE-2022-32988PUBLISHED: 2022-07-01
Cross Site Scripting (XSS) vulnerability in router Asus DSL-N14U-B1 1.1.2.3_805 via the "*list" parameters (e.g. filter_lwlist, keyword_rulelist, etc) in every ".asp" page containing a list of stored strings. The following asp files are affected: (1) cgi-bin/APP_Installation.asp,...
CVE-2022-33085PUBLISHED: 2022-06-30ESPCMS P8 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the fetch_filename function at \espcms_public\espcms_templates\ESPCMS_Templates.
User Rank: Ninja
5/31/2019 | 3:08:59 PM