CVE-2022-1621

Heap buffer overflow in vimstrncpy findword in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

Huawei EulerOS: Security Advisory for vim (EulerOS-SA-2022-1669)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-1620

NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vimregexecstring at regexp.c:2729 allows attackers to cause a denial of service application crash via a crafted input...

CVE-2022-1619

Heap-based Buffer Overflow in function cmdlineerasechars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution...

CVE-2022-1616

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

CVE-2022-1616 Use after free in append_command in vim/vim

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

CVE-2022-1616 Use after free in append_command in vim/vim

Use after free in appendcommand in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

Server-Side Request Forgery in scout-browser

Pypi package scout-browser GitHub repository clinical-genomics/scout prior to v4.52 is vulnerable to server-side request forgery. An attacker could make the application perform arbitrary requests to steal cookies, request access to private areas, or lead to cross-site scripting...

EulerOS 2.0 SP10 : vim (EulerOS-SA-2022-1669)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0261, CVE-2022-0359, CVE-2022-0361 - Heap-based Buffer Overflow in...

CVE-2022-1464 Stored xss bug in gogs/gogs

Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account...

CVE-2022-1575

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary remote code execution in the desktop app. - Stored XSS in the web app...

CVE-2022-1575 Arbitrary Code Execution through Sanitizer Bypass in jgraph/drawio

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary remote code execution in the desktop app. - Stored XSS in the web app...

CVE-2022-1575

CVE-2022-1575 affects JGraph Draw.io (jgraph/drawio) including the desktop and web apps, due to a sanitizer bypass in the core library. The underlying issue is a mutation XSS in the sanitizer (Graph.sanitizeHtml), enabling arbitrary code execution in the desktop app and stored XSS in the web app....

CVE-2022-1575 Arbitrary Code Execution through Sanitizer Bypass in jgraph/drawio

Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary remote code execution in the desktop app. - Stored XSS in the web app...

CVE-2022-1411

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...

CVE-2022-1592

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

Unrestricted file upload

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...

CVE-2022-1411 Unrestructed file upload in yetiforcecompany/yetiforcecrm

Unrestructed file upload in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. Attacker can send malicious files to the victims is able to retrieve the stored data from the web application without that data being made safe to render in the browser and steals victim's cookie leads to...

CVE-2022-1592 Server-Side Request Forgery in scout in clinical-genomics/scout

Server-Side Request Forgery in scout in GitHub repository clinical-genomics/scout prior to v4.42. An attacker could make the application perform arbitrary requests to fishing steal cookie, request to private area, or lead to xss...

CVE-2022-1592

CVE-2022-1592 corresponds to a Server-Side Request Forgery in the Scout component of the clinical-genomics/scout project, affecting versions prior to v4.42. The vulnerability arises in the Scout SSRF surface, enabling an attacker to cause the application to perform arbitrary requests, potentially...