Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-31836PUBLISHED: 2022-07-05The leafInfo.match() function in Beego v2.0.3 and below uses path.join() to deal with wildcardvalues which can lead to cross directory risk.
CVE-2021-43116PUBLISHED: 2022-07-05An Access Control vulnerability exists in Nacos 2.0.3 in the access prompt page; enter username and password, click on login to capture packets and then change the returned package, which lets a malicious user login.
CVE-2022-2304PUBLISHED: 2022-07-05Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.
CVE-2022-26365PUBLISHED: 2022-07-05
Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33...
CVE-2022-30290PUBLISHED: 2022-07-05
In OpenCTI through 5.2.4, a broken access control vulnerability has been identified in the profile endpoint. An attacker can abuse the identified vulnerability in order to arbitrarily change their registered e-mail address as well as their API key, even though such action is not possible through the...
User Rank: Apprentice
5/3/2020 | 10:26:42 AM