CVE-2022-1074
published 2022-03-29CVE-2022-1074: A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input HTML Injection in the WiFi settings of the dashboard leads…
PriorityP425medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.42%
34.0th percentile
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input HTML Injection in the WiFi settings of the dashboard leads to html injection.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tem | flex-1085 | — | — |
| tem | flex-1085_firmware | — | — |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv5.5MEDIUM
vendor_redhat5.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-oem-6.0 vulnerabilities
osv·2023-04-19·CVSS 5.5
CVE-2022-36280 linux-oem-6.0 vulnerabilities
linux-oem-6.0 vulnerabilities
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability in some situations. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-4382)
It was discovered that a memory leak existed in the SCTP protocol
implementation in the Linux kernel. A local attacker could use this to
cause a denial of service (memory exhaustion). (CVE-2023-1074)
It was discovered that the RNDIS U
GHSA
Cross-site Scripting in Jenkins Credentials Plugin
ghsa·2022-04-13
CVE-2022-29036 [MEDIUM] CWE-79 Cross-site Scripting in Jenkins Credentials Plugin
Cross-site Scripting in Jenkins Credentials Plugin
Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
GHSA
GHSA-5j37-xpr8-f7hr: A vulnerability has been found in TEM FLEX-1085 1
ghsa_unreviewed·2022-03-30
CVE-2022-1074 [MEDIUM] CWE-79 GHSA-5j37-xpr8-f7hr: A vulnerability has been found in TEM FLEX-1085 1
A vulnerability has been found in TEM FLEX-1085 1.6.0 and classified as problematic. Using the input HTML Injection in the WiFi settings of the dashboard leads to html injection.
Red Hat
credentials: Stored XSS vulnerabilities in jenkins plugin
vendor_redhat·2022-04-12·CVSS 5.4
CVE-2022-29036 [MEDIUM] CWE-79 credentials: Stored XSS vulnerabilities in jenkins plugin
credentials: Stored XSS vulnerabilities in jenkins plugin
Jenkins Credentials Plugin 1111.v35a_307992395 and earlier, except 1087.1089.v2f1b_9a_b_040e4, 1074.1076.v39c30cecb_0e2, and 2.6.1.1, does not escape the name and description of Credentials parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
A flaw was found in the Jenkins credentials plugin. The Jenkins credentials plugin does not escape the name and description of Credentials parameters on views displaying parameters. This issue results in a stored Cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-29
Published