Weekly Vulnerabilities Reports > January 10 to 16, 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22.

Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions.

Discourse is an open source discussion platform.

A limited authentication bypass vulnerability was discovered that could allow an attacker to achieve remote code execution and escalate privileges on the My Cloud devices.

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Jenkins Docker Commons Plugin 1.17 and earlier does not sanitize the name of an image or a tag, resulting in an OS command execution vulnerability exploitable by attackers with Item/Configure permission or able to control the contents of a previously configured job's SCM repository.

Jenkins Debian Package Builder Plugin 1.6.11 and earlier implements functionality that allows agents to invoke command-line `git` at an attacker-specified path on the controller, allowing attackers able to control agent processes to invoke arbitrary OS commands on the controller.

GNOME gdk-pixbuf 2.42.6 is vulnerable to a heap-buffer overflow vulnerability when decoding the lzw compressed stream of image data in GIF files with lzw minimum code size equals to 12.

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability

Remote Desktop Client Remote Code Execution Vulnerability

Active Directory Domain Services Elevation of Privilege Vulnerability

Windows Kerberos Elevation of Privilege Vulnerability

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.

Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic.

lookup in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

nextScaffoldPart in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

storeAtts in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.

The FANUC R-30iA and R-30iB series controllers are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code.

Flatpak is a Linux application sandboxing and distribution framework.

pipenv is a Python development workflow tool.

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20).

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers.

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.78_1.0.1 routers.

A malicious user on the same LAN could use DNS spoofing followed by a command injection attack to trick a NAS device into loading through an unsecured HTTP call.

Z-Wave devices based on Silicon Labs 100, 200, and 300 series chipsets do not support encryption, allowing an attacker within radio range to take control of or cause a denial of service to a vulnerable device.

Tenable.sc versions 5.14.0 through 5.19.1 were found to contain a remote code execution vulnerability which could allow a remote, unauthenticated attacker to execute code under special circumstances.

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files.

The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files.

Jenkins Warnings Next Generation Plugin 9.10.2 and earlier does not restrict the name of a file when configuring custom ID, allowing attackers with Item/Configure permission to write and read specific files with a hard-coded suffix on the Jenkins controller file system.

SpiceDB is a database system for managing security-critical application permissions.

Remote Desktop Protocol Remote Code Execution Vulnerability

Windows Hyper-V Elevation of Privilege Vulnerability

Windows Hyper-V Security Feature Bypass Vulnerability

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.

Open Design Alliance Drawings SDK before 2022.12.1 mishandles the loading of JPG files.

Improper initialization vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.16 and prior, FX3U-ENET-L Firmware version 1.16 and prior and FX3U-ENET-P502 Firmware version 1.16 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product by sending specially crafted packets.

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Arm Mali GPU Kernel Driver (Midgard r26p0 through r30p0, Bifrost r0p0 through r34p0, and Valhall r19p0 through r34p0) allows a non-privileged user to achieve write access to read-only memory, and possibly obtain root privileges, corrupt memory, and modify the memory of other processes.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in arbitrary code execution in the context of the current user.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local users to gain privileges because of the availability of pointer arithmetic via certain *_OR_NULL pointer types.

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

Adobe InCopy version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe InDesign version 16.4 (and earlier) is affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_text_get_utf8_line function in load_text.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

A buffer overflow vulnerability exists in Gpac through 1.0.1 via a malformed MP4 file in the svc_parse_slice function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the avc_compute_poc function in av_parsers.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the ilst_box_read function in box_code_apple.c, which allows attackers to cause a denial of service, even code execution and escalation of privileges.

Possible heap overflow due to lack of index validation before allocating and writing to heap buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

A heap-based buffer overflow vulnerability exists in GPAC v1.0.1 in the gf_isom_dovi_config_get function in MP4Box, which causes a denial of service or execute arbitrary code via a crafted file.

Bytecode Viewer (BCV) is a Java/Android reverse engineering suite.

Virtual Machine IDE Drive Elevation of Privilege Vulnerability

Windows User-mode Driver Framework Reflector Driver Elevation of Privilege Vulnerability

Microsoft Cryptographic Services Elevation of Privilege Vulnerability

Windows Certificate Spoofing Vulnerability

Windows Cleanup Manager Elevation of Privilege Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Word Remote Code Execution Vulnerability

Windows DWM Core Library Elevation of Privilege Vulnerability

Windows Bind Filter Driver Elevation of Privilege Vulnerability

Task Flow Data Engine Elevation of Privilege Vulnerability

Clipboard User Service Elevation of Privilege Vulnerability

Tablet Windows User Interface Application Core Elevation of Privilege Vulnerability

Microsoft Diagnostics Hub Standard Collector Runtime Elevation of Privilege Vulnerability

Windows Event Tracing Elevation of Privilege Vulnerability

Tile Data Repository Elevation of Privilege Vulnerability

Windows Storage Elevation of Privilege Vulnerability

Windows Geolocation Service Remote Code Execution Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Win32k Elevation of Privilege Vulnerability

Windows Modern Execution Server Remote Code Execution Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Windows DWM Core Library Elevation of Privilege Vulnerability

Windows GDI Elevation of Privilege Vulnerability

Windows Installer Elevation of Privilege Vulnerability

Microsoft Cluster Port Driver Elevation of Privilege Vulnerability

DirectX Graphics Kernel Remote Code Execution Vulnerability

Windows Remote Access Connection Manager Elevation of Privilege Vulnerability

Windows Common Log File System Driver Elevation of Privilege Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

There is an Assertion `scaling_list_pred_matrix_id_delta==1' failed at sps.cc:925 in libde265 v1.0.8 when decoding file, which allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file or possibly have unspecified other impact.

A heap-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via the gp_rtp_builder_do_mpeg12_video function, which allows attackers to possibly have unspecified other impact via a crafted file in the MP4Box command,

A heab-based buffer overflow vulnerability exists in MP4Box in GPAC 1.0.1 via media.c, which allows attackers to cause a denial of service or execute arbitrary code via a crafted file.

An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash.

There is Vulnerability of APIs being concurrently called for multiple times in HwConnectivityExService a in smartphones.

Libreswan 4.2 through 4.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists.

By passing invalid javascript code where await and yield were called upon non-async and non-generator getter/setter functions, Hermes would invoke generator functions and error out on invalid await/yield positions.

Lack of administrator control over security vulnerability in MELSEC-F series FX3U-ENET Firmware version 1.14 and prior, FX3U-ENET-L Firmware version 1.14 and prior and FX3U-ENET-P502 Firmware version 1.14 and prior allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition in communication function of the product or other unspecified effects by sending specially crafted packets to an unnecessary opening of TCP port.

An injection vulnerability exists in a third-party library used in UniFi Network Version 6.5.53 and earlier (Log4J CVE-2021-44228) allows a malicious actor to control the application.

Imperva Web Application Firewall (WAF) before 2021-12-23 allows remote unauthenticated attackers to use "Content-Encoding: gzip" to evade WAF security controls and send malicious HTTP POST requests to web servers behind the WAF.

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

A stack buffer overflow vulnerability has been reported to affect QNAP device running QVR Elite, QVR Pro, QVR Guard.

This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22.

Some Dahua products have access control vulnerability in the password reset process.

AEM Forms Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by an XML External Entity (XXE) injection vulnerability that could be abused by an attacker to achieve RCE.

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to decrypt secrets stored in Jenkins obtained through another method.

Jenkins Conjur Secrets Plugin 1.0.9 and earlier implements functionality that allows attackers able to control agent processes to retrieve all username/password credentials stored on the Jenkins controller.

Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO.

In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.

Windows Internet Key Exchange (IKE) Protocol Extensions Remote Code Execution Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows GDI+ Information Disclosure Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows Internet Key Exchange (IKE) Extension Denial of Service Vulnerability

Windows GDI Information Disclosure Vulnerability

.NET Framework Denial of Service Vulnerability

Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition.

cscms v4.1 allows for SQL injection via the "js_del" function.

cscms v4.1 allows for SQL injection via the "page_del" function.

PuddingBot is a group management bot.

The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not validate the qvquery parameter of the tp_get_dl_post_info_ajax AJAX action, which could allow unauthenticated users to retrieve sensitive information, such as private and draft posts

The "WP Search Filters" widget of The Plus Addons for Elementor - Pro WordPress plugin before 5.0.7 does not sanitise and escape the option parameter before using it in a SQL statement, which could lead to SQL injection

A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 and its earlier versions, which could lead to malicious code execution.

Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.

All versions of package realms-shim are vulnerable to Sandbox Bypass via a Prototype Pollution attack vector.

There is an Integer overflow vulnerability with ACPU in smartphones.

There is a Heap-based buffer overflow vulnerability with the NFC module in smartphones.

The distributed data service component has a vulnerability in data access control.

The bone voice ID trusted application (TA) has a heap overflow vulnerability.

The bone voice ID TA has a vulnerability in calculating the buffer length,Successful exploitation of this vulnerability may affect data confidentiality.

The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality.

Laundry Booking Management System 1.0 (Latest) and previous versions are affected by a remote code execution (RCE) vulnerability in profile.php through the "image" parameter that can execute a webshell payload.

Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection.

During Zabbix installation from RPM, DAC_OVERRIDE SELinux capability is in use to access PID files in [/var/run/zabbix] folder.

In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error in the code.

In setLaunchIntent of BluetoothDevicePickerPreferenceController.java, there is a possible way to invoke an arbitrary broadcast receiver due to a confused deputy.

In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing packages without user consent due to an unsafe PendingIntent.

In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free.

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent.

In GBoard, there is a possible way to bypass Factory Reset Protection due to a missing permission check.

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy.

In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions bypass due to an unsafe PendingIntent.

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass.

In inotify_cb of events.cpp, there is a possible out of bounds write due to an incorrect bounds check.

In fs/eventpoll.c, there is a possible use after free.

In <TBD> of <TBD>, there is a possible bypass of Factory Reset Protection due to <TBD>.

In mgm_alloc_page of memory_group_manager.c, there is a possible out of bounds write due to an incorrect bounds check.

In copy_from_mbox of sss_ice_util.c, there is a possible out of bounds write due to a missing bounds check.

In target_init of gs101/abl/target/slider/target.c, there is a possible allocation of RWX memory due to a logic error in the code.

This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Free Antivirus 20.2.0.0.

Possible buffer overflow while printing the HARQ memory partition detail due to improper validation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Users have access to the directory where the installation repair occurs.

A link following privilege escalation vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to create a specially crafted file with arbitrary content which could grant local privilege escalation on the affected system.

A unnecessary privilege vulnerability in Trend Micro Apex One and Trend Micro Worry-Free Business Security 10.0 SP1 (on-prem versions only) could allow a local attacker to abuse an impersonation privilege and elevate to a higher level of privileges.

A origin validation error vulnerability in Trend Micro Apex One (on-prem and SaaS) could allow a local attacker drop and manipulate a specially crafted file to issue commands over a certain pipe and elevate to a higher level of privileges.

A cross-site request forgery (CSRF) vulnerability in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.

Windows Accounts Control Elevation of Privilege Vulnerability

Windows AppContracts API Server Elevation of Privilege Vulnerability

Windows Application Model Core API Elevation of Privilege Vulnerability

Windows StateRepository API Server file Elevation of Privilege Vulnerability

Windows UI Immersive Server API Elevation of Privilege Vulnerability

Connected Devices Platform Service Elevation of Privilege Vulnerability

Windows System Launcher Elevation of Privilege Vulnerability

Windows Push Notifications Apps Elevation of Privilege Vulnerability

Windows Devices Human Interface Elevation of Privilege Vulnerability

Windows Kernel Elevation of Privilege Vulnerability

Windows DWM Core Library Elevation of Privilege Vulnerability

Windows User Profile Service Elevation of Privilege Vulnerability

CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local user to gain elevated privileges via a Trojan horse Procmon64.exe in the user's Temp directory.

An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by the OpenConfig and TerminAttr agents could result in unrestricted access to the device for local users with nopassword configuration.

In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible way to gain an access to MediaProvider content due to an unsafe PendingIntent.

In phTmlNfc_Init and phTmlNfc_CleanUp of phTmlNfc.cc, there is a possible use after free due to a race condition.

In init of vendor_graphicbuffer_meta.cpp, there is a possible use after free due to a race condition.

An untrusted search path vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables a local attacker with file creation privilege in the Windows root directory (such as C:\) to store a program that can then be unintentionally executed by another local user when that user utilizes a Live Terminal session.

In LocationSettingsActivity of AndroidManifest.xml, there is a possible EoP due to a tapjacking/overlay attack.

WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute code.

WECON LeviStudioU Versions 2019-09-21 and prior are vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute code.

Omron CX-One Versions 4.60 and prior are vulnerable to a stack-based buffer overflow while processing specific project files, which may allow an attacker to execute arbitrary code.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TeamViewer.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75.

SuiteCRM through 7.11.21 is vulnerable to CSRF, with resultant remote code execution, via the UpgradeWizard functionality, if a PHP file is included in a ZIP archive.

Zoho ManageEngine O365 Manager Plus before Build 4416 allows remote code execution via BCP file overwrite through the ChangeDBAPI component.

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

An unrestricted file copy vulnerability in /UserSelfServiceSettings.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to copy arbitrary files on the server filesystem to the web root (with an arbitrary filename) via the tempFile and fileName parameters in the HTTP POST body.

Formpipe Lasernet before 9.13.3 allows file inclusion in Client Web Services (either by an authenticated attacker, or in a configuration that does not require authentication).

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver hosts APIs vulnerable to CSRF.

In Ultimaker S3 3D printer, Ultimaker S5 3D printer, Ultimaker 3 3D printer S-line through 6.3 and Ultimaker 3 through 5.2.16, the local webserver can be used for clickjacking.

A stack-based buffer overflow in image_load_bmp() in HTMLDOC <= 1.9.13 results in remote code execution if the victim converts an HTML document linking to a crafted BMP file.

Uncontrolled search path element vulnerability in McAfee TechCheck prior to 4.0.0.2 allows a local administrator to load their own Dynamic Link Library (DLL) gaining elevation of privileges to system user.

vim is vulnerable to Heap-based Buffer Overflow

A link following denial-of-service vulnerability in Trend Micro Apex One (on-prem and SaaS) and Trend Micro Worry-Free Business Security (10.0 SP1 and Services) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.

A link following denial-of-service vulnerability in Trend Micro Worry-Free Business Security (on prem only) could allow a local attacker to overwrite arbitrary files in the context of SYSTEM.

The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.

In SalonERP 3.0.1, a SQL injection vulnerability allows an attacker to inject payload using 'sql' parameter in SQL query while generating a report.

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework.

October CMS is a self-hosted content management system (CMS) platform based on the Laravel PHP Framework.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Commvault CommCell 11.22.22.

Flatpak is a Linux application sandboxing and distribution framework.

jpress v4.2.0 admin panel provides a function through which attackers can modify the template and inject some malicious code.

In DayByDay CRM, versions 2.2.0 through 2.2.1 (latest) are vulnerable to Insufficient Session Expiration.

An issue was discovered in CALDERA 2.8.1.

Jenkins Active Directory Plugin 2.25 and earlier does not encrypt the transmission of data between the Jenkins controller and Active Directory servers in most configurations.

Jenkins HashiCorp Vault Plugin 3.7.0 and earlier does not mask Vault credentials in Pipeline build logs or in Pipeline step descriptions when Pipeline: Groovy Plugin 2.85 or later is installed.

A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.

An issue was discovered in CALDERA 2.9.0.

Zoho ManageEngine CloudSecurityPlus before Build 4117 allows remote code execution through the updatePersonalizeSettings component due to an improper security patch for CVE-2021-40175.

Zoho ManageEngine M365 Manager Plus before Build 4419 allows remote command execution when updating proxy settings through the Admin ProxySettings and Tenant ProxySettings components.

crater is vulnerable to Unrestricted Upload of File with Dangerous Type

Windows Hyper-V Denial of Service Vulnerability

Windows GDI+ Information Disclosure Vulnerability

DirectX Graphics Kernel File Denial of Service Vulnerability

A SQL injection vulnerability in /mobile/SelectUsers.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to execute arbitrary SQL commands via the filterText parameter.

An unrestricted file upload vulnerability in /UploadPsIcon.jsp in SysAid ITIL 20.4.74 b10 allows a remote authenticated attacker to upload an arbitrary file via the file parameter in the HTTP POST body.

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows a low privileged attacker with network access to generate API tokens that can access any other channel with arbitrary permissions.

The eFTL Server component of TIBCO Software Inc.'s TIBCO eFTL - Community Edition, TIBCO eFTL - Developer Edition, and TIBCO eFTL - Enterprise Edition contains an easily exploitable vulnerability that allows clients to inherit the permissions of the client that initially connected on the affected system.

@replit/crosis is a JavaScript client that speaks Replit's container protocol.

An Incorrect Access Control vulnerability exists in libde265 v1.0.8 due to a SEGV in slice.cc.

follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor

Useful Simple Open-Source CMS (USOC) is a content management system (CMS) for programmers.

A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 14550 allows authenticated attackers to execute a SQL injection via a crafted request.

The RegistrationMagic WordPress plugin before 5.0.1.6 does not escape user input in its rm_chronos_ajax AJAX action before using it in a SQL statement when duplicating tasks in batches, which could lead to a SQL injection issue

The WPcalc WordPress plugin through 2.1 does not sanitize user input into the 'did' parameter and uses it in a SQL statement, leading to an authenticated SQL Injection vulnerability.

path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.

path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.

Zoho ManageEngine Desktop Central before 10.0.662 allows remote code execution by an authenticated user who has complete access to the Reports module.

A Stack-based buffer overflow in the SonicOS HTTP Content-Length response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall.

A Stack-based buffer overflow in the SonicOS SessionID HTTP response header allows a remote authenticated attacker to cause Denial of Service (DoS) and potentially results in code execution in the firewall.

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a dispatcher bypass vulnerability that could be abused to evade security controls.

Windows Resilient File System (ReFS) Remote Code Execution Vulnerability

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x.

Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x.

SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Security Manager could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks against a user of the interface.

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Z-Wave devices based on Silicon Labs 500 series chipsets using S0 authentication are susceptible to uncontrolled resource consumption leading to battery exhaustion.

Z-Wave devices based on Silicon Labs 500 series chipsets using S2, including but likely not limited to the ZooZ ZST10 version 6.04, ZooZ ZEN20 version 5.03, ZooZ ZEN25 version 5.03, Aeon Labs ZW090-A version 3.95, and Fibaro FGWPB-111 version 4.3, are susceptible to denial of service and resource exhaustion via malformed SECURITY NONCE GET, SECURITY NONCE GET 2, NO OPERATION, or NIF REQUEST messages.

A open redirect vulnerability exists in Action Pack >= 6.0.0 that could allow an attacker to craft a "X-Forwarded-Host" headers in combination with certain "allowed host" formats can cause the Host Authorization middleware in Action Pack to redirect users to a malicious website.

Apache Guacamole 1.2.0 and 1.3.0 do not properly validate responses received from a SAML identity provider.

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).

In NocoDB, versions 0.81.0 through 0.83.8 are affected by CSV Injection vulnerability (Formula Injection).

An open redirect vulnerability has been reported to affect QNAP device running QcalAgent.

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7000 1.0.11.116_10.2.100 routers.

corenlp is vulnerable to Improper Restriction of XML External Entity Reference

The Bluetooth module has an out-of-bounds write vulnerability.

The Bluetooth module has an out-of-bounds write vulnerability.

In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory access.

Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory.

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function shift_chunk_offsets.isra().

GPAC 1.1.0 was discovered to contain an invalid memory address dereference via the function lsr_read_id().

An untrusted pointer dereference in rec_db_destroy() at rec-db.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

An Use-After-Free vulnerability in rec_record_destroy() at rec-record.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

An Use-After-Free vulnerability in rec_mset_elem_destroy() at rec-mset.c of GNU Recutils v1.8.90 can lead to a segmentation fault or application crash.

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_sg_vrml_mf_reset().

GPAC v1.1.0 was discovered to contain an invalid call in the function gf_node_changed().

eyouCMS V1.5.5-UTF8-SP3_1 suffers from Arbitrary file deletion due to insufficient filtering of the parameter filename.

GPAC v1.1.0 was discovered to contain an invalid memory address dereference via the function gf_list_last().

The binary MP4Box in Gpac 1.0.1 has a double-free bug in the av1dmx_finalize function in reframe_av1.c, which allows attackers to cause a denial of service.

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the mpgviddmx_process function in reframe_mpgvid.c, which allows attackers to cause a denial of service.

The binary MP4Box in Gpac 1.0.1 has a null pointer dereference vulnerability in the gf_isom_get_payt_count function in hint_track.c, which allows attackers to cause a denial of service.

Segmentation fault vulnerability exists in Gpac through 1.0.1 via the gf_odf_size_descriptor function in desc_private.c when using mp4box, which causes a denial of service.

The binary MP4Box in Gpac through 1.0.1 has a double-free vulnerability in the iloc_entry_del funciton in box_code_meta.c, which allows attackers to cause a denial of service.

Lack of validation for third party application accessing the service can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

A Segmentation fault caused by a floating point exception exists in Gpac through 1.0.1 using mp4box via the naludmx_enqueue_or_dispatch function in reframe_nalu.c, which causes a denial of service.

A Segmentation fault exists casued by null pointer dereference exists in Gpac through 1.0.1 via the naludmx_create_avc_decoder_config function in reframe_nalu.c when using mp4box, which causes a denial of service.

A Segmentation fault caused by null pointer dereference vulnerability eists in Gpac through 1.0.2 via the avc_parse_slice function in av_parsers.c when using mp4box, which causes a denial of service.

A Segmentation fault caused by a null pointer dereference vulnerability exists in Gpac through 1.0.1 via the gf_avc_parse_nalu function in av_parsers.c when using mp4box, which causes a denial of service.

A Segmentation fault casued by heap use after free vulnerability exists in Gpac through 1.0.1 via the mpgviddmx_process function in reframe_mpgvid.c when using mp4box, which causes a denial of service.

A null pointer deference vulnerability exists in gpac through 1.0.1 via the naludmx_parse_nal_avc function in reframe_nalu, which allows a denail of service.

Jenkins Metrics Plugin 4.0.2.8 and earlier stores an access key unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

An issue was discovered in CALDERA 2.8.1.

Windows Event Tracing Discretionary Access Control List Denial of Service Vulnerability

Win32k Information Disclosure Vulnerability

Storage Spaces Controller Information Disclosure Vulnerability

Windows Extensible Firmware Interface Security Feature Bypass Vulnerability

Windows Defender Application Control Security Feature Bypass Vulnerability

Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability

radare2 is vulnerable to Out-of-bounds Read

Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.

A vulnerability has been identified in SICAM PQ Analyzer (All versions < V3.18).

An issue was discovered in libde265 v1.0.8.There is a Heap-use-after-free in intrapred.h when decoding file using dec265.

A stack-buffer-overflow exists in libde265 v1.0.8 via fallback-motion.cc in function put_epel_hv_fallback when running program dec265.

An issue has been found in libde265 v1.0.8 due to incorrect access control.

vim is vulnerable to Use After Free

A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

LibTIFF 4.3.0 has an out-of-bounds read in _TIFFmemcpy in tif_unix.c in certain situations involving a custom tag and 0x0200 as the second word of the DE field.

GPAC 1.0.1 is affected by: Abort failed.

A Pointer Derefernce Vulnerbility exists GPAC 1.0.1 the gf_isom_box_size function, which could cause a Denial of Service (context-dependent).

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_hinter_finalize function.

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the gf_fileio_check function, which could cause a Denial of Service.

A Stack Overflow vulnerability exists in Binaryen 103 via the printf_common function.

A Pointer Dereference Vulnerability exists in GPAC 1.0.1 via the Media_IsSelfContained function, which could cause a Denial of Service.

Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.

An authenticated user can create a hosts group from the configuration with XSS payload, which will be available for other users.

Jenkins Matrix Project Plugin 1.19 and earlier does not escape HTML metacharacters in node and label names, and label descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission.

Jenkins Badge Plugin 1.9 and earlier does not escape the description and does not check for allowed protocols when creating a badge, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Cross-site request forgery (CSRF) vulnerabilities in Jenkins batch task Plugin 1.19 and earlier allows attackers with Overall/Read access to retrieve logs, build or delete a batch task.

MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt.

snipe-it is vulnerable to Missing Authorization

Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability

phoronix-test-suite is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it.

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well.

Jenkins Configuration as Code Plugin 1.55 and earlier used a non-constant time comparison function when validating an authentication token allowing attackers to use statistical methods to obtain a valid authentication token.

Workstation Service Remote Protocol Security Feature Bypass Vulnerability

Windows BackupKey Remote Protocol Security Feature Bypass Vulnerability

markdown-it is a Markdown parser.

In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection mechanism via the REST API.

In the case of instances where the SAML SSO authentication is enabled (non-default), session data can be modified by a malicious actor, because a user login stored in the session was not verified.

A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used).

The Modal Window WordPress plugin before 5.2.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

The Button Generator WordPress plugin before 2.3.3 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

The WP Coder WordPress plugin before 2.5.2 within the wow-company admin menu page allows to include() arbitrary file with PHP extension (as well as with data:// or http:// protocols), thus leading to CSRF RCE.

Linux users running Lens 5.2.6 and earlier could be compromised by visiting a malicious website.

Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation.

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 2 of 2).

Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

An issue was discovered in JerryScript commit a6ab5e9.

The package colors after 1.4.0 are vulnerable to Denial of Service (DoS) that was introduced through an infinite loop in the americanFlag module.

Running a vulnerability scanner against VideoEdge NVRs can cause some functionality to stop.

Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews.

A NULL pointer dereference in AcseConnection_parseMessage at src/mms/iso_acse/acse.c of libiec61850 v1.5.0 can lead to a segmentation fault or application crash.

A NULL pointer dereference in CS104_IPAddress_setFromString at src/iec60870/cs104/cs104_slave.c of lib60870 commit 0d5e76e can lead to a segmentation fault or application crash.

An untrusted pointer dereference in mrb_vm_exec() of mruby v3.0.0 can lead to a segmentation fault or application crash.

ROPium v3.1 was discovered to contain an invalid memory address dereference via the find() function.

A logic flaw in Ray-Ban® Stories device software allowed some parameters like video capture duration limit to be modified through the Facebook View application.

Discourse is an open source discussion platform.

This affects the package Crow before 0.3+4.

Possible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile

Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

Possible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, Snapdragon Mobile

Possible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT

Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

Improper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files.

Unisys ClearPath MCP TCP/IP Networking Services 59.1, 60.0, and 62.0 has an Infinite Loop.

growi is vulnerable to Authorization Bypass Through User-Controlled Key

An issue was discovered in SysAid ITIL 20.4.74 b10.

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system.

The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains a difficult to exploit vulnerability that allows an unauthenticated attacker with network access to obtain the cluster secret of another application connected to the realm server.

A vulnerability has been identified in SIPROTEC 5 6MD85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MD89 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 6MU85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7KE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SA86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SA87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SD86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SD87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ81 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SJ85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SJ86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SK82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SK85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7SL86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SL87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SS85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7ST85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7SX85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UM85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT82 devices (CPU variant CP100) (All versions < V8.83), SIPROTEC 5 7UT85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT86 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7UT87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VE85 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 7VK87 devices (CPU variant CP300) (All versions < V8.83), SIPROTEC 5 Compact 7SX800 devices (CPU variant CP050) (All versions < V8.83).

In NocoDB, versions 0.9 to 0.83.8 are vulnerable to Observable Discrepancy in the password-reset feature.

An issue was discovered in dst-admin v1.3.0.

peertube is vulnerable to Server-Side Request Forgery (SSRF)

peertube is vulnerable to Improper Access Control

soketi is an open-source WebSockets server.

Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.

The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.

Accu-Time Systems MAXIMUS 1.0 telnet service suffers from a remote buffer overflow which causes the telnet service to crash

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory).

Serv-U web login screen to LDAP authentication was allowing characters that were not sufficiently sanitized.

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive version information in HTTP response headers that could aid in further attacks against the system.

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could disclose sensitive information due to hazardous input validation during QR code generation.

The CaasKit module has a path traversal vulnerability.

HwPCAssistant has a path traversal vulnerability.

The cellular module has a vulnerability in permission management.

There is an Out-of-bounds write vulnerability in the AOD module in smartphones.

There is an uncontrolled resource consumption vulnerability in the display module.

The eID module has a null pointer reference vulnerability.

There is an Out-of-bounds array read vulnerability in the security storage module in smartphones.

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data confidentiality.

The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality.

The eID module has a vulnerability that causes the memory to be used without being initialized,Successful exploitation of this vulnerability may affect data confidentiality.

There is a Heap-based buffer overflow vulnerability in the AOD module in smartphones.

The eID module has an out-of-bounds memory write vulnerability,Successful exploitation of this vulnerability may affect data integrity.

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones.

There is a Null pointer dereference vulnerability in the camera module in smartphones.

There is a Buffer overflow vulnerability due to a boundary error with the Samba server in the file management module in smartphones.

There is a Double free vulnerability in the AOD module in smartphones.

There is a Null pointer dereference vulnerability in the camera module in smartphones.

In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when viewing the post archives.

An issue has recently been discovered in Arista EOS where, under certain conditions, the service ACL configured for OpenConfig gNOI and OpenConfig RESTCONF might be bypassed, which results in the denied requests being forwarded to the agent.

nf_tables_newset in net/netfilter/nf_tables_api.c in the Linux kernel before 5.12.13 allows local users to cause a denial of service (NULL pointer dereference and general protection fault) because of the missing initialization for nft_set_elem_expr_alloc.

There is a Vulnerability of accessing resources using an incompatible type (type confusion) in the MPTCP subsystem in smartphones.

Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission.

Lorensbergs Connect2 3.13.7647.20190 is affected by an XSS vulnerability.

Z-Wave devices based on Silicon Labs 500 series chipsets using CRC-16 encapsulation, including but likely not limited to the Linear LB60Z-1 version 3.5, Dome DM501 version 4.26, and Jasco ZW4201 version 4.05, do not implement encryption or replay protection.

In sortSimPhoneAccountsForEmergency of CreateConnectionProcessor.java, there is a possible prevention of access to emergency calling due to an unhandled exception.

In delete_protocol of main.c, there is a possible arbitrary code execution due to a use after free.

A vulnerability in the information storage architecture of several Cisco IP Phone models could allow an unauthenticated, physical attacker to obtain confidential information from an affected device.

Improper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

A local privilege escalation (PE) vulnerability exists in the Palo Alto Networks Cortex XDR agent that enables an authenticated local user to execute programs with elevated privileges.

Windows Hyper-V Security Feature Bypass Vulnerability

IBM AIX 7.0, 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the lscore command which could lead to code execution.

Zoho ManageEngine Desktop Central before 10.0.662, during startup, launches an executable file from the batch files, but this file's path might not be properly defined.

IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the mount command which could lead to code execution.

Vulnerability of design defects in the security algorithm component.

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service.

Use after free condition can occur in wired connectivity due to a race condition while creating and deleting folders in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Secure Boot Security Feature Bypass Vulnerability

Windows Defender Credential Guard Security Feature Bypass Vulnerability

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Spin v6.5.1 was discovered to contain an out-of-bounds write in lex() at spinlex.c.

Modex v2.11 was discovered to contain an Use-After-Free vulnerability via the component tcache.

Modex v2.11 was discovered to contain a NULL pointer dereference in set_create_id() at xtract.c.

In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 786, an attacker authenticated as a regular user can use the S/4 Hana dashboard to reveal systems and services which they would not normally be allowed to see.

Adobe Illustrator versions 25.4.2 (and earlier) and 26.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to application denial-of-service.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a use-after-free vulnerability in the processing of Format event actions that could result in application denial of service.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Violation of Secure Design Principles that could lead to a Security feature bypass.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

Acrobat Reader DC ActiveX Control versions 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Information Disclosure vulnerability.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by a Null pointer dereference vulnerability when parsing a specially crafted file.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure.

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an use-after-free vulnerability in the processing of Format event actions that could lead to disclosure of sensitive memory.

Adobe Bridge version 11.1.2 (and earlier) and version 12.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory.

Acrobat Reader DC version 21.007.20099 (and earlier), 20.004.30017 (and earlier) and 17.011.30204 (and earlier) are affected by an Access of Memory Location After End of Buffer vulnerability that could lead to disclosure of sensitive memory.

GCC v12.0 was discovered to contain an uncontrolled recursion via the component libiberty/rust-demangle.c.

Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)

Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack.

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley View 10.15.0.75.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Bentley ContextCapture 10.18.0.232.

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter.

Adobe InCopy version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory.

Adobe InDesign version 16.4 (and earlier) is affected by a use-after-free vulnerability in the processing of a JPEG2000 file that could lead to disclosure of sensitive memory.

The binary MP4Box in Gpac 1.0.1 has a double-free vulnerability in the gf_list_del function in list.c, which allows attackers to cause a denial of service.

Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability in the /goform/activate_process "count" parameter via GET.

Discourse is an open source discussion platform.

This affects the package Crow before 0.3+4.

A double-free vulnerability exists in fig2dev through 3.28a is affected by: via the free_stream function in readpics.c, which could cause a denial of service (context-dependent).

A denial of service vulnerabiity exists in fig2dev through 3.28a due to a segfault in the open_stream function in readpics.c.

An issue was discovered in CALDERA 2.8.1.

A buffer overflow in the GmfOpenMesh() function of libMeshb v7.61 allows attackers to cause a Denial of Service (DoS) via a crafted MESH file.

A cross-site request forgery (CSRF) vulnerability in Jenkins 2.329 and earlier, LTS 2.319.1 and earlier allows attackers to trigger build of job without parameters when no security realm is set.

A cross-site request forgery (CSRF) vulnerability in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

A missing permission check in Jenkins Mailer Plugin 391.ve4a_38c1b_cf4b_ and earlier allows attackers with Overall/Read access to use the DNS used by the Jenkins instance to resolve an attacker-specified hostname.

Jenkins Credentials Binding Plugin 1.27 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read access to validate if a credential ID refers to a secret file credential and whether it's a zip file.

A missing permission check in Jenkins Bitbucket Branch Source Plugin 737.vdf9dc06105be and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

Missing permission checks in Jenkins SSH Agent Plugin 1.23 and earlier allows attackers with Overall/Read access to enumerate credentials IDs of credentials stored in Jenkins.

A cross-site request forgery (CSRF) vulnerability in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers to connect to an attacker-specified SSH server using attacker-specified credentials.

Jenkins Publish Over SSH Plugin 1.22 and earlier performs a validation of the file name specifying whether it is present or not, resulting in a path traversal vulnerability allowing attackers with Item/Configure permission to discover the name of the Jenkins controller files.

keystone is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability

IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6.0.6 and 6.0.6.1 could allow an authneticated attacker to obtain sensitive information from build definitions that could aid in further attacks against the system.

A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20).

A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-master via the gf_isom_get_track_id function, which causes a denial of service.

make-ca is a utility to deliver and manage a complete PKI configuration for workstations and servers.

Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.

When running with FIPS mode enabled, Mirantis Container Runtime 20.10.8 leaks memory during TLS Handshakes which could be abused to cause a denial of service.

The WOOCS WordPress plugin before 1.3.7.3 does not sanitise and escape the custom_prices parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting issue

The 10Web Social Photo Feed WordPress plugin before 1.4.29 was affected by a reflected Cross-Site Scripting (XSS) vulnerability in the wdi_apply_changes admin page, allowing an attacker to perform such attack against any logged in users

In Teedy, versions v1.5 through v1.9 are vulnerable to Reflected Cross-Site Scripting (XSS).

An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::readFunctions.

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate.

A Denial of Service vulnerability exists in Binaryen 103.

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrow(wasm::Rethrow*).

Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem.

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Frontier is Substrate's Ethereum compatibility layer.

The IBM i 7.1, 7.2, 7.3, and 7.4 Extended Dynamic Remote SQL server (EDRSQL) could allow a remote authenticated user to send a specially crafted request and cause a denial of service.

ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files.

Apache Guacamole 1.3.0 and older may incorrectly include a private tunnel identifier in the non-private details of some REST responses.

peertube is vulnerable to Improper Access Control

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view private objects via a Broken Access Control vulnerability in the Custom Fields feature.

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated remote attackers to view object import configuration details via an Information Disclosure vulnerability in the Create Object type mapping feature.

PartKeepr versions up to v1.4.0, loads attachments using a URL while creating a part and allows the use of the 'file://' URI scheme, allowing an authenticated user to read local files.

PartKeepr versions up to v1.4.0, in the functionality to upload attachments using a URL when creating a part does not validate that requests can be made to local ports, allowing an authenticated user to carry out SSRF attacks and port enumeration.

CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated attacker via ../ in an HTTP PUT request.

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1.

Zoho ManageEngine Desktop Central before 10.0.662 allows authenticated users to obtain sensitive information from the database by visiting the Reports page.

The affected product is vulnerable to an improper access control, which may allow an authenticated user to gain unauthorized access to sensitive data.

IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.