CVE: CVE-2022-28730 Tested Versions: Latest release v2.11.2 CVSSv3.1 Base Score: 5.4 (Medium) CVSSv3.1 String: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Product URL(s): https://github.com/apache/jspwiki/ Description of the vulnerability Due to the lack of sanitzation before displaying the rendered preview to the user resulted in a Reflected XSS vulnerability at the AJAXPreview.jsp end-point. As a result, an unauthenticated attacker is able to execute arbitrary JavaScript code by deceiving an authenticated Admin user to trigger a specially crafted payload, resulting in potential state-changing actions being carried out....

CVE: CVE-2022-26718 Tested Versions: macOS 11.x.x <= 11.6.4 macOS 12.x.x <= 12.2.1 Product URL(s): https://www.apple.com/ Description of the vulnerability smbfs stands for Samba file system of macOS, which is used for communication and linking with Samba file server. smbfs allows users to connect a remote shared folder to Finder. smbfs is a macOS driver containing two components one is netsmb and the other one is smbfs, this driver also has public open source at this link but it is only available for macOS 11....

Summary Product Storage Spaces Vendor Microsoft Severity Medium Affected Versions spaceport.sys in Windows 10 and Windows Server 2019 Tested Versions spaceport.sys in Windows 10 and Windows Server 2019 CVE Identifier CVE-2022-21877 CVSS3.1 Scoring System Base Score: 5.5 (Medium) Vector String: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) Low User Interaction (UI) None Scope (S) Unchanged Confidentiality (C) High Integrity (I) None Availability (A) None Product Overview Storage Spaces is a technology in Windows and Windows Server that can help protect your data from drive failures....

CVE: CVE-2021-30844 Tested Versions: macOS BigSur 11.0 - 11.2.3 Product URL(s): https://apple.com Description of the vulnerability smbfs is a kext driver which handles SMB connection between the user and SMB Server. This vulnerability occurs in smbfs, which allows an attacker to leak kernel memory to achieve further exploitation. The bug occurs on the SMBIOC_T2RQ ioctl handler. This handler first process user-mode input on function smb_usr_t2request int smb_usr_t2request(struct smb_share *share, struct smbioc_t2rq *dp, vfs_context_t context) { //....

CVE: CVE-2021-30845 Tested Versions: macOS BigSur 11.0 - 11.2.3 Product URL(s): https://apple.com/ Description of the vulnerability smbfs is a kext driver which handles SMB connection between the user and SMB Server. This vulnerability occurs in smbfs, which allows an attacker to leak kernel memory to achieve further exploitation. The vulnerability exists in the smbfs_mount function, which can be triggered via mount syscall. mount syscall will take data from user input and pass it to smbfs_mount....

CVE: CVE-2021-30868 Tested Versions: macOS BigSur 11.0 - 11.2.3 Product URL(s): https://apple.com/ Description of the vulnerability smbfs is a kext driver which handles SMB connection between the user and SMB Server. This vulnerability occurs in smbfs, which allows attacker can escalate from user permission into root privilege. smbfs kext was implemented with chardev device styles. User can interact with smbfs kext via ioctl syscall to do some task....

CVE: CVE-2021-35400 Tested Versions: Prolink PRC2402M 20190909 Product URL(s): https://prolink2u.com/ Description of the vulnerability This vulnerability is present as there are no checks on user input taken by mesh.cgi, which is passed to popen, allowing an attacker to execute arbitrary code in the context of the root user on affected installations of the Prolink PRC2402M router. No authentication is required to exploit this vulnerability. The router makes GET requests to interact with the cgi scripts....