VARIoT IoT vulnerabilities database
| VAR-202206-0172 | CVE-2022-22556 | Dell's powerstoreos Resource exhaustion vulnerability in |
CVSS V2: 7.8 CVSS V3: 7.5 Severity: HIGH |
Dell PowerStore contains an Uncontrolled Resource Consumption Vulnerability in PowerStore User Interface. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the Denial of Service. Dell's powerstoreos Exists in a resource exhaustion vulnerability.Service operation interruption (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
| VAR-202206-0005 | CVE-2022-31462 | Owl Labs Meeting Owl Trust Management Issue Vulnerability (CNVD-2022-64973) |
CVSS V2: 5.4 CVSS V3: 8.8 Severity: HIGH |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to control the device via a backdoor password (derived from the serial number) that can be found in Bluetooth broadcast data. Owl Labs Meeting Owl is a video conferencing device from Owl Labs in the United States. Equipped with an array of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive
| VAR-202206-0370 | CVE-2022-26869 | Dell's powerstoreos Vulnerability in leaking resources to the wrong area in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Dell PowerStore versions 2.0.0.x, 2.0.1.x and 2.1.0.x contains an open port vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and arbitrary code execution. Dell's powerstoreos Exists in a vulnerability related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Dell PowerStore all-flash data storage appliances use a data-centric, highly adaptable intelligent infrastructure to deliver AppsON capabilities to transform traditional and modern workloads
| VAR-202206-0406 | CVE-2022-29780 | nginx of njs Vulnerability in |
CVSS V2: 2.1 CVSS V3: 5.5 Severity: MEDIUM |
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_array_prototype_sort at src/njs_array.c. nginx of njs Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state
| VAR-202206-0056 | CVE-2022-31459 | Owl Labs Meeting Owl Information Disclosure Vulnerability |
CVSS V2: 3.3 CVSS V3: 6.5 Severity: MEDIUM |
Owl Labs Meeting Owl 5.2.0.15 allows attackers to retrieve the passcode hash via a certain c 10 value over Bluetooth. Owl Labs Meeting Owl is a video conferencing device from Owl Labs in the United States. Equipped with an array of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive
| VAR-202206-0282 | CVE-2022-30521 | of D-Link Japan Co., Ltd. dir-890l Out-of-bounds write vulnerability in firmware |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152. of D-Link Japan Co., Ltd. dir-890l An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. D-Link DIR-890L is a wireless router.
The D-Link DIR-890L has a binary vulnerability that an attacker can exploit to gain control of the server
| VAR-202206-0060 | CVE-2021-45983 | netscout of nGeniusONE Vulnerability in |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
NetScout nGeniusONE 6.3.2 allows Java RMI Code Execution. netscout of nGeniusONE Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-0213 | CVE-2022-1968 | vim/vim Vulnerability in using free memory in |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
Use After Free in GitHub repository vim/vim prior to 8.2. vim/vim Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Vim is a cross-platform text editor. There is a memory misreference vulnerability in versions before Vim 8.2. The vulnerability is caused by the confusion of the program's instructions responsible for releasing memory. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202208-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Low
Title: Vim, gVim: Multiple Vulnerabilities
Date: August 21, 2022
Bugs: #811870, #818562, #819528, #823473, #824930, #828583, #829658, #830106, #830994, #833572, #836432, #851231
ID: 202208-32
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been discovered in Vim, the worst of which
could result in denial of service.
Background
=========
Vim is an efficient, highly configurable improved version of the classic
‘vi’ text editor. gVim is the GUI version of Vim.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-editors/gvim < 9.0.0060 >= 9.0.0060
2 app-editors/vim < 9.0.0060 >= 9.0.0060
3 app-editors/vim-core < 9.0.0060 >= 9.0.0060
Description
==========
Multiple vulnerabilities have been discovered in Vim and gVim. Please
review the CVE identifiers referenced below for details.
Impact
=====
Please review the referenced CVE identifiers for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Vim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/vim-9.0.0060"
All gVim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/gvim-9.0.0060"
All vim-core users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/vim-core-9.0.0060"
References
=========
[ 1 ] CVE-2021-3770
https://nvd.nist.gov/vuln/detail/CVE-2021-3770
[ 2 ] CVE-2021-3778
https://nvd.nist.gov/vuln/detail/CVE-2021-3778
[ 3 ] CVE-2021-3796
https://nvd.nist.gov/vuln/detail/CVE-2021-3796
[ 4 ] CVE-2021-3872
https://nvd.nist.gov/vuln/detail/CVE-2021-3872
[ 5 ] CVE-2021-3875
https://nvd.nist.gov/vuln/detail/CVE-2021-3875
[ 6 ] CVE-2021-3927
https://nvd.nist.gov/vuln/detail/CVE-2021-3927
[ 7 ] CVE-2021-3928
https://nvd.nist.gov/vuln/detail/CVE-2021-3928
[ 8 ] CVE-2021-3968
https://nvd.nist.gov/vuln/detail/CVE-2021-3968
[ 9 ] CVE-2021-3973
https://nvd.nist.gov/vuln/detail/CVE-2021-3973
[ 10 ] CVE-2021-3974
https://nvd.nist.gov/vuln/detail/CVE-2021-3974
[ 11 ] CVE-2021-3984
https://nvd.nist.gov/vuln/detail/CVE-2021-3984
[ 12 ] CVE-2021-4019
https://nvd.nist.gov/vuln/detail/CVE-2021-4019
[ 13 ] CVE-2021-4069
https://nvd.nist.gov/vuln/detail/CVE-2021-4069
[ 14 ] CVE-2021-4136
https://nvd.nist.gov/vuln/detail/CVE-2021-4136
[ 15 ] CVE-2021-4166
https://nvd.nist.gov/vuln/detail/CVE-2021-4166
[ 16 ] CVE-2021-4173
https://nvd.nist.gov/vuln/detail/CVE-2021-4173
[ 17 ] CVE-2021-4187
https://nvd.nist.gov/vuln/detail/CVE-2021-4187
[ 18 ] CVE-2021-4192
https://nvd.nist.gov/vuln/detail/CVE-2021-4192
[ 19 ] CVE-2021-4193
https://nvd.nist.gov/vuln/detail/CVE-2021-4193
[ 20 ] CVE-2021-46059
https://nvd.nist.gov/vuln/detail/CVE-2021-46059
[ 21 ] CVE-2022-0128
https://nvd.nist.gov/vuln/detail/CVE-2022-0128
[ 22 ] CVE-2022-0156
https://nvd.nist.gov/vuln/detail/CVE-2022-0156
[ 23 ] CVE-2022-0158
https://nvd.nist.gov/vuln/detail/CVE-2022-0158
[ 24 ] CVE-2022-0213
https://nvd.nist.gov/vuln/detail/CVE-2022-0213
[ 25 ] CVE-2022-0261
https://nvd.nist.gov/vuln/detail/CVE-2022-0261
[ 26 ] CVE-2022-0318
https://nvd.nist.gov/vuln/detail/CVE-2022-0318
[ 27 ] CVE-2022-0319
https://nvd.nist.gov/vuln/detail/CVE-2022-0319
[ 28 ] CVE-2022-0351
https://nvd.nist.gov/vuln/detail/CVE-2022-0351
[ 29 ] CVE-2022-0359
https://nvd.nist.gov/vuln/detail/CVE-2022-0359
[ 30 ] CVE-2022-0361
https://nvd.nist.gov/vuln/detail/CVE-2022-0361
[ 31 ] CVE-2022-0368
https://nvd.nist.gov/vuln/detail/CVE-2022-0368
[ 32 ] CVE-2022-0392
https://nvd.nist.gov/vuln/detail/CVE-2022-0392
[ 33 ] CVE-2022-0393
https://nvd.nist.gov/vuln/detail/CVE-2022-0393
[ 34 ] CVE-2022-0407
https://nvd.nist.gov/vuln/detail/CVE-2022-0407
[ 35 ] CVE-2022-0408
https://nvd.nist.gov/vuln/detail/CVE-2022-0408
[ 36 ] CVE-2022-0413
https://nvd.nist.gov/vuln/detail/CVE-2022-0413
[ 37 ] CVE-2022-0417
https://nvd.nist.gov/vuln/detail/CVE-2022-0417
[ 38 ] CVE-2022-0443
https://nvd.nist.gov/vuln/detail/CVE-2022-0443
[ 39 ] CVE-2022-0554
https://nvd.nist.gov/vuln/detail/CVE-2022-0554
[ 40 ] CVE-2022-0629
https://nvd.nist.gov/vuln/detail/CVE-2022-0629
[ 41 ] CVE-2022-0685
https://nvd.nist.gov/vuln/detail/CVE-2022-0685
[ 42 ] CVE-2022-0714
https://nvd.nist.gov/vuln/detail/CVE-2022-0714
[ 43 ] CVE-2022-0729
https://nvd.nist.gov/vuln/detail/CVE-2022-0729
[ 44 ] CVE-2022-0943
https://nvd.nist.gov/vuln/detail/CVE-2022-0943
[ 45 ] CVE-2022-1154
https://nvd.nist.gov/vuln/detail/CVE-2022-1154
[ 46 ] CVE-2022-1160
https://nvd.nist.gov/vuln/detail/CVE-2022-1160
[ 47 ] CVE-2022-1381
https://nvd.nist.gov/vuln/detail/CVE-2022-1381
[ 48 ] CVE-2022-1420
https://nvd.nist.gov/vuln/detail/CVE-2022-1420
[ 49 ] CVE-2022-1616
https://nvd.nist.gov/vuln/detail/CVE-2022-1616
[ 50 ] CVE-2022-1619
https://nvd.nist.gov/vuln/detail/CVE-2022-1619
[ 51 ] CVE-2022-1620
https://nvd.nist.gov/vuln/detail/CVE-2022-1620
[ 52 ] CVE-2022-1621
https://nvd.nist.gov/vuln/detail/CVE-2022-1621
[ 53 ] CVE-2022-1629
https://nvd.nist.gov/vuln/detail/CVE-2022-1629
[ 54 ] CVE-2022-1674
https://nvd.nist.gov/vuln/detail/CVE-2022-1674
[ 55 ] CVE-2022-1720
https://nvd.nist.gov/vuln/detail/CVE-2022-1720
[ 56 ] CVE-2022-1733
https://nvd.nist.gov/vuln/detail/CVE-2022-1733
[ 57 ] CVE-2022-1735
https://nvd.nist.gov/vuln/detail/CVE-2022-1735
[ 58 ] CVE-2022-1769
https://nvd.nist.gov/vuln/detail/CVE-2022-1769
[ 59 ] CVE-2022-1771
https://nvd.nist.gov/vuln/detail/CVE-2022-1771
[ 60 ] CVE-2022-1785
https://nvd.nist.gov/vuln/detail/CVE-2022-1785
[ 61 ] CVE-2022-1796
https://nvd.nist.gov/vuln/detail/CVE-2022-1796
[ 62 ] CVE-2022-1851
https://nvd.nist.gov/vuln/detail/CVE-2022-1851
[ 63 ] CVE-2022-1886
https://nvd.nist.gov/vuln/detail/CVE-2022-1886
[ 64 ] CVE-2022-1897
https://nvd.nist.gov/vuln/detail/CVE-2022-1897
[ 65 ] CVE-2022-1898
https://nvd.nist.gov/vuln/detail/CVE-2022-1898
[ 66 ] CVE-2022-1927
https://nvd.nist.gov/vuln/detail/CVE-2022-1927
[ 67 ] CVE-2022-1942
https://nvd.nist.gov/vuln/detail/CVE-2022-1942
[ 68 ] CVE-2022-1968
https://nvd.nist.gov/vuln/detail/CVE-2022-1968
[ 69 ] CVE-2022-2000
https://nvd.nist.gov/vuln/detail/CVE-2022-2000
[ 70 ] CVE-2022-2042
https://nvd.nist.gov/vuln/detail/CVE-2022-2042
[ 71 ] CVE-2022-2124
https://nvd.nist.gov/vuln/detail/CVE-2022-2124
[ 72 ] CVE-2022-2125
https://nvd.nist.gov/vuln/detail/CVE-2022-2125
[ 73 ] CVE-2022-2126
https://nvd.nist.gov/vuln/detail/CVE-2022-2126
[ 74 ] CVE-2022-2129
https://nvd.nist.gov/vuln/detail/CVE-2022-2129
[ 75 ] CVE-2022-2175
https://nvd.nist.gov/vuln/detail/CVE-2022-2175
[ 76 ] CVE-2022-2182
https://nvd.nist.gov/vuln/detail/CVE-2022-2182
[ 77 ] CVE-2022-2183
https://nvd.nist.gov/vuln/detail/CVE-2022-2183
[ 78 ] CVE-2022-2206
https://nvd.nist.gov/vuln/detail/CVE-2022-2206
[ 79 ] CVE-2022-2207
https://nvd.nist.gov/vuln/detail/CVE-2022-2207
[ 80 ] CVE-2022-2208
https://nvd.nist.gov/vuln/detail/CVE-2022-2208
[ 81 ] CVE-2022-2210
https://nvd.nist.gov/vuln/detail/CVE-2022-2210
[ 82 ] CVE-2022-2231
https://nvd.nist.gov/vuln/detail/CVE-2022-2231
[ 83 ] CVE-2022-2257
https://nvd.nist.gov/vuln/detail/CVE-2022-2257
[ 84 ] CVE-2022-2264
https://nvd.nist.gov/vuln/detail/CVE-2022-2264
[ 85 ] CVE-2022-2284
https://nvd.nist.gov/vuln/detail/CVE-2022-2284
[ 86 ] CVE-2022-2285
https://nvd.nist.gov/vuln/detail/CVE-2022-2285
[ 87 ] CVE-2022-2286
https://nvd.nist.gov/vuln/detail/CVE-2022-2286
[ 88 ] CVE-2022-2287
https://nvd.nist.gov/vuln/detail/CVE-2022-2287
[ 89 ] CVE-2022-2288
https://nvd.nist.gov/vuln/detail/CVE-2022-2288
[ 90 ] CVE-2022-2289
https://nvd.nist.gov/vuln/detail/CVE-2022-2289
[ 91 ] CVE-2022-2304
https://nvd.nist.gov/vuln/detail/CVE-2022-2304
[ 92 ] CVE-2022-2343
https://nvd.nist.gov/vuln/detail/CVE-2022-2343
[ 93 ] CVE-2022-2344
https://nvd.nist.gov/vuln/detail/CVE-2022-2344
[ 94 ] CVE-2022-2345
https://nvd.nist.gov/vuln/detail/CVE-2022-2345
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202208-32
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
. =========================================================================
Ubuntu Security Notice USN-5995-1
April 04, 2023
vim vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 14.04 ESM
Summary:
Several security issues were fixed in Vim.
Software Description:
- vim: Vi IMproved - enhanced vi editor
Details:
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
and Ubuntu 22.04 LTS. (CVE-2022-0413, CVE-2022-1629, CVE-2022-1674,
CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796, CVE-2022-1851,
CVE-2022-1898, CVE-2022-1942, CVE-2022-1968, CVE-2022-2124, CVE-2022-2125,
CVE-2022-2126, CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304, CVE-2022-2345, CVE-2022-2581)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04
LTS. (CVE-2022-1720, CVE-2022-2571, CVE-2022-2845, CVE-2022-2849,
CVE-2022-2923)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-1927,
CVE-2022-2344)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,
and Ubuntu 22.10. (CVE-2022-2946)
It was discovered that Vim incorrectly handled memory when opening certain
files. If an attacker could trick a user into opening a specially crafted
file, it could cause Vim to crash, or possible execute arbitrary code. This
issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 22.10.
(CVE-2022-2980)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.10:
vim 2:9.0.0242-1ubuntu1.3
vim-athena 2:9.0.0242-1ubuntu1.3
vim-gtk3 2:9.0.0242-1ubuntu1.3
vim-motif 2:9.0.0242-1ubuntu1.3
vim-nox 2:9.0.0242-1ubuntu1.3
vim-tiny 2:9.0.0242-1ubuntu1.3
Ubuntu 22.04 LTS:
vim 2:8.2.3995-1ubuntu2.5
vim-athena 2:8.2.3995-1ubuntu2.5
vim-gtk 2:8.2.3995-1ubuntu2.5
vim-gtk3 2:8.2.3995-1ubuntu2.5
vim-nox 2:8.2.3995-1ubuntu2.5
vim-tiny 2:8.2.3995-1ubuntu2.5
Ubuntu 20.04 LTS:
vim 2:8.1.2269-1ubuntu5.13
vim-athena 2:8.1.2269-1ubuntu5.13
vim-gtk 2:8.1.2269-1ubuntu5.13
vim-gtk3 2:8.1.2269-1ubuntu5.13
vim-nox 2:8.1.2269-1ubuntu5.13
vim-tiny 2:8.1.2269-1ubuntu5.13
Ubuntu 18.04 LTS:
vim 2:8.0.1453-1ubuntu1.12
vim-athena 2:8.0.1453-1ubuntu1.12
vim-gnome 2:8.0.1453-1ubuntu1.12
vim-gtk 2:8.0.1453-1ubuntu1.12
vim-gtk3 2:8.0.1453-1ubuntu1.12
vim-nox 2:8.0.1453-1ubuntu1.12
vim-tiny 2:8.0.1453-1ubuntu1.12
Ubuntu 14.04 ESM:
vim 2:7.4.052-1ubuntu3.1+esm8
vim-athena 2:7.4.052-1ubuntu3.1+esm8
vim-gnome 2:7.4.052-1ubuntu3.1+esm8
vim-gtk 2:7.4.052-1ubuntu3.1+esm8
vim-nox 2:7.4.052-1ubuntu3.1+esm8
vim-tiny 2:7.4.052-1ubuntu3.1+esm8
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-5995-1
CVE-2022-0413, CVE-2022-1629, CVE-2022-1674, CVE-2022-1720,
CVE-2022-1733, CVE-2022-1735, CVE-2022-1785, CVE-2022-1796,
CVE-2022-1851, CVE-2022-1898, CVE-2022-1927, CVE-2022-1942,
CVE-2022-1968, CVE-2022-2124, CVE-2022-2125, CVE-2022-2126,
CVE-2022-2129, CVE-2022-2175, CVE-2022-2183, CVE-2022-2206,
CVE-2022-2304, CVE-2022-2344, CVE-2022-2345, CVE-2022-2571,
CVE-2022-2581, CVE-2022-2845, CVE-2022-2849, CVE-2022-2923,
CVE-2022-2946, CVE-2022-2980
Package Information:
https://launchpad.net/ubuntu/+source/vim/2:9.0.0242-1ubuntu1.3
https://launchpad.net/ubuntu/+source/vim/2:8.2.3995-1ubuntu2.5
https://launchpad.net/ubuntu/+source/vim/2:8.1.2269-1ubuntu5.13
https://launchpad.net/ubuntu/+source/vim/2:8.0.1453-1ubuntu1.12
| VAR-202206-0169 | CVE-2022-29085 | Insufficient Credential Protection Vulnerability in Multiple Dell Products |
CVSS V2: 4.6 CVSS V3: 6.7 Severity: MEDIUM |
Dell Unity, Dell UnityVSA, and Dell Unity XT versions prior to 5.2.0.0.5.173 contain a plain-text password storage vulnerability when certain off-array tools are run on the system. The credentials of a user with high privileges are stored in plain text. A local malicious user with high privileges may use the exposed password to gain access with the privileges of the compromised user. Dell's unity operating environment , unity xt operating environment , unityvsa operating environment There are vulnerabilities in inadequate protection of credentials.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-0221 | CVE-2021-45982 | netscout of nGeniusONE Vulnerability in unlimited upload of dangerous types of files in |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
NetScout nGeniusONE 6.3.2 allows Arbitrary File Upload by a privileged user. netscout of nGeniusONE Contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-0190 | CVE-2022-28702 | ABB of e-design Vulnerability regarding improper default permissions in |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. ABB of e-design There is a vulnerability in improper default permissions.Service operation interruption (DoS) It may be in a state. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of ABB e-Design. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the installer. By creating a symbolic link, an attacker can abuse the installer to create a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system
| VAR-202206-0272 | CVE-2022-29483 | ABB of e-design Vulnerability regarding improper default permissions in |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Incorrect Default Permissions vulnerability in ABB e-Design allows attacker to install malicious software executing with SYSTEM permissions violating confidentiality, integrity, and availability of the target machine. ABB of e-design There is a vulnerability in improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows local attackers to escalate privileges on affected installations of ABB e-Design. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the e-Design installer. By creating a symbolic link, an attacker can abuse the installer to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM
| VAR-202206-0265 | CVE-2021-45981 | netscout of nGeniusONE In XML External entity vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
NetScout nGeniusONE 6.3.2 allows an XML External Entity (XXE) attack. netscout of nGeniusONE for, XML There is a vulnerability in an external entity.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-0382 | CVE-2022-29084 | Multiple Dell Products Improperly Limiting Excessive Authentication Attempts Vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Dell Unity, Dell UnityVSA, and Dell Unity XT versions before 5.2.0.0.5.173 do not restrict excessive authentication attempts in Unisphere GUI. A remote unauthenticated attacker may potentially exploit this vulnerability to brute-force passwords and gain access to the system as the victim. Account takeover is possible if weak passwords are used by users. Dell's unity operating environment , unity xt operating environment , unityvsa operating environment Is vulnerable to improper restrictions on excessive authentication attempts.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
| VAR-202206-0033 | CVE-2022-29718 | Light Code Labs of Caddy Open redirect vulnerability in |
CVSS V2: 5.8 CVSS V3: 6.1 Severity: MEDIUM |
Caddy v2.4 was discovered to contain an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links. Light Code Labs of Caddy Exists in an open redirect vulnerability.Information may be obtained and information may be tampered with
| VAR-202206-0324 | CVE-2022-31463 | Owl Labs Meeting Owl Authorization Issue Vulnerability |
CVSS V2: 4.3 CVSS V3: 7.1 Severity: HIGH |
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only client-side authentication is used. Equipped with an array of cameras and microphones that capture 360-degree video and audio and automatically focus on the speaker, making meetings more dynamic and inclusive. No detailed vulnerability details are currently provided
| VAR-202206-2414 | No CVE | An information leakage vulnerability exists in the RG-NBR700G of Beijing Star Network Ruijie Network Technology Co., Ltd. |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
RG-NBR700GW is a gigabit enterprise router.
An information disclosure vulnerability exists in the RG-NBR700G of Beijing Star Network Ruijie Network Technology Co., Ltd., and attackers can exploit the vulnerability to obtain sensitive information.
| VAR-202206-0348 | CVE-2022-32144 | Huawei of cv81-wdm Firmware Input Validation Vulnerability |
CVSS V2: 9.0 CVSS V3: 8.6 Severity: HIGH |
There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. Huawei of cv81-wdm The firmware contains vulnerabilities related to input validation and violation of the same origin policy.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei CV81-WDM FW is a laser multifunction printer produced by Huawei, China
| VAR-202206-0168 | CVE-2022-29098 | Dell's powerscale onefs Vulnerability in requesting weak passwords in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Dell PowerScale OneFS versions 8.2.0.x through 9.3.0.x, contain a weak password requirement vulnerability. An administrator may create an account with no password. A remote attacker may potentially exploit this leading to a user account compromise. Dell EMC PowerScale OneFS is the Isilon OneFS operating system of Dell (Dell) for scale-out NAS. The vulnerability is caused by not restricting the password strength when creating an account
| VAR-202206-0248 | CVE-2020-26185 | Dell BSAFE Micro Edition Suite Out-of-bounds read vulnerability in |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability