AZL-8666 CVE-2022-24051 affecting package mariadb for versions less than 10.6.7-1

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

DEBIAN-CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

DEBIAN-CVE-2022-24050

MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

ALPINE-CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

UBUNTU-CVE-2022-24048

MariaDB CONNECT Storage Engine Stack-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

UBUNTU-CVE-2022-24051

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

CVE-2022-24052

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

DevExpress SafeBinaryFormatter Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress XtraReports. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation...

CVE-2022-23631

superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...

Vulnerability fixed in Microsoft Dynamics

Microsoft has fixed a vulnerability in Microsoft Dynamics. The vulnerability allows an authenticated malicious person to to execute arbitrary code. To exploit the vulnerability exploit the vulnerability, high privileges are required. Microsoft Dynamics:...

CVE-2021-24947

The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and validation of the rvmuploadregionsfilepath parameter in the rvmimportregions AJAX action, allowing any authenticated user, such as subscriber, to read arbitrary files on the web server...

UBUNTU-CVE-2022-23451

An authorization flaw was found in openstack-barbican. The default policy rules for the secret metadata API allowed any authenticated user to add, modify, or delete metadata from any secret regardless of ownership. This flaw allows an attacker on the network to modify or delete protected data,...

PT-2022-16295 · Navidrome · Navidrome

Name of the Vulnerable Software and Affected Versions: Navidrome versions prior to 0.47.5 Description: The issue allows for SQL injection attacks when processing crafted Smart Playlists. An authenticated user could exploit this to extract arbitrary data from the database, including the user table...

CVE-2021-34979

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6260 1.1.0.781.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SOAP requests. When parsing the SOAPAction...

CVE-2022-20658

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP and Cisco Unified Contact Center Domain Manager Unified CCDM could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due t...

Sysaid Technologies SysAid 代码问题漏洞

SysAid ITIL in version 20.4.74 b10 is vulnerable to file uploads due to the lack of valid validation of uploaded files in UploadPsIcon.jsp in SysAid. A remote authenticated attacker can exploit this vulnerability to upload arbitrary files via the file parameter in the HTTP POST body...

PT-2022-10383 · Bmc · Bmc Track-It!

Name of the Vulnerable Software and Affected Versions: BMC Track-It! affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of BMC Track-It!. Authentication is required to exploit this issue. The specific flaw...

PT-2022-10384 · Bmc · Bmc Track-It!

Name of the Vulnerable Software and Affected Versions: BMC Track-It! affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this issue. The specific flaw exists...

BMC Track-It! Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of BMC Track-It!. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of email attachments. The issue results from the lack of proper validation of...

CVE-2021-20148

ManageEngine ADSelfService Plus below build 6116 stores the password policy file for each domain under the html/ web root with a predictable filename based on the domain name. When ADSSP is configured with multiple Windows domains, a user from one domain can obtain the password policy for another...