PT-2022-27111 · Pdftojson · Pdftojson

Name of the Vulnerable Software and Affected Versions: pdftojson version 94204bb Description: The issue is related to a stack overflow in the Object::copyObject:Object.cc component. This occurs due to a problem in the pdftojson commit 94204bb. Recommendations: For version 94204bb, consider applyi...

CVE-2021-4255 ctrlo lenio contractor.tt cross site scripting

A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch ...

CVE-2021-4246 roxlukas LMeve Login Page sql injection

A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is...

PT-2022-14673 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a missing permission check in the onCallRedirectionComplete function of CallsManager.java. This could lead to a local escalation of privilege with no addition...

CVE-2022-3635

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tsttimer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 ...

CVE-2022-3630 Linux Kernel IPsec cookie.c memory leak

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of...

CVE-2022-3619 Linux Kernel Bluetooth l2cap_core.c l2cap_recv_acldata memory leak

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2caprecvacldata of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue...

CVE-2022-3567 Linux Kernel IPv6 inet6_dgram_ops race condition

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the...

PowerCMS XMLRPC API vulnerable to command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the...

GHSA-C2J7-66M3-R4FF JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization

Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...

PT-2021-6914

Name of the Vulnerable Software and Affected Versions Java SE version 8u301 Description The issue is related to insufficient input validation in the Deployment component of Java SE, allowing an unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful...

Trend Micro ServerProtect family vulnerable to authentication bypass

Overview Trend Micro Incorporated has released security updates for ServerProtect family. Trend Micro Incorporated reported this vulnerability to JPCERT/CC to notify users of the solution through JVN. Impact A remote attacker may bypass authentication for the products. For more information, refer...

Samba 3.0.0 <= 3.0.25rc3 Remote Code Execution Vulnerability (CVE-2007-2446)

Multiple Heap Overflows Allow remote code execution RCE. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:samba:samba";...

PT-2021-4147

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to the fixed version Description The vCenter Server contains an arbitrary file upload vulnerability in the Analytics service. A malicious actor with network access to port 443 on vCenter Server may exploit...

Observable Response Discrepancy in Lost Password Service

Impact It is possible to enumerate usernames via the forgot password functionality Patches Update to version 10.1.3 or apply this patch manually: https://github.com/pimcore/pimcore/pull/10223.patch Workarounds Apply https://github.com/pimcore/pimcore/pull/10223.patch manually...

PT-2021-7758 · Libxml2 +2 · Libxml2 +2

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.10-31 Description: The issue is related to a NULL pointer dereference flaw in the ReadSVGImage function of the coders/svg.c component. This flaw is caused by not checking the return value from libxml2's...

PT-2022-19328

Name of the Vulnerable Software and Affected Versions Spip Web Framework versions v3.1.13 and earlier Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities are located at the "/ecrire" endpoint via the lier trad and where parameters. Recommendations For Spip...

PT-2020-4044 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in handling objects in memory by the win32k component of Windows operating systems. This could allow an attacker to elevate their privileges using a specially...

PALLET CONTROL vulnerable to arbitrary code execution

Overview PALLET CONTROL provided by JAL Information Technology Co., Ltd. is IT asset management software. PALLET CONTROL contains an arbitrary code execution vulnerability due to improper file access permission CWE-284. Yoshimasa Obana reported this vulnerability to IPA. JPCERT/CC coordinated wit...

PT-2020-2537

Name of the Vulnerable Software and Affected Versions Java SE versions 7u251, 8u241, 11.0.6, and 14 Java SE Embedded version 8u241 Description The issue is related to insufficient access control in the Libraries component of Java SE and Java SE Embedded, allowing an unauthenticated attacker with...