EulerOS 2.0 SP9 : vim (EulerOS-SA-2022-1441)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Out-of-bounds Read CVE-2021-4166, CVE-2021-4193 - vim is vulnerable to Use After Free CVE-2021-4192 - vim is vulnerable to...

CVE-2022-1383

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.6.8. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash...

CVE-2022-1381

CVE-2022-1381 pertains to Vim/ vim in which a global heap buffer overflow occurs in the skip_range function. Public advisories and vendor bulletins indicate this affects Vim prior to a specific 8.2.x release (e.g., Mariner/ALAS advisories cite Vim versions below 8.2.4925-1 and note an upgrade to ...

CVE-2022-1381 global heap buffer overflow in skip_range in vim/vim

global heap buffer overflow in skiprange in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

CVE-2022-1381 global heap buffer overflow in skip_range in vim/vim

global heap buffer overflow in skiprange in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

CVE-2022-1381

global heap buffer overflow in skiprange in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

CVE-2022-1381

global heap buffer overflow in skiprange in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution...

CVE-2022-1382

NULL Pointer Dereference in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of making the radare2 crash, thus affecting the availability of the system...

CVE-2022-1365

Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5...

CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

CVE-2022-1231 XSS via Embedded SVG in SVG Diagram Format in plantuml/plantuml

XSS via Embedded SVG in SVG Diagram Format in GitHub repository plantuml/plantuml prior to 1.2022.4. Stored XSS in the context of the diagram embedder. Depending on the actual context, this ranges from stealing secrets to account hijacking or even to code execution for example in desktop...

cross-fetch 安全漏洞

cross-fetch is a generic WHATWG Fetch API for nodes, browsers, and React Native by Leonardo Quixada, an individual developer in the United States. A security vulnerability exists in cross-fetch that stems from exposing private personal information to unauthorized participants in the GitHub...

Cross site scripting

Stored XSS in Tooltip in GitHub repository pimcore/pimcore prior to 10.4...

CVE-2022-1351

Pimcore Pimcore prior to version 10.4 is affected by a stored cross-site scripting (XSS) vulnerability in Tooltip. The CVE-2022-1351 entry documents a stored XSS issue originating from Tooltip in the Pimcore web UI, affecting versions before 10.4. CVSS metrics indicate a medium base score (CVSS 3...

CVE-2021-31805

creationtimestamp| type| source ---|---|--- 2022-04-13 21:36:47+00:00| seen| https://t.me/ctinow/50238 2022-04-14 16:45:03+00:00| exploited| https://t.me/truesecator/2850 2022-04-15 11:33:35+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/1954 2023-04-27 09:58:59+00:00| confirmed|...

Cross site scripting

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation...

CVE-2022-1347 Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in causefx/organizr

Stored XSS in the "Username" & "Email" input fields leads to account takeover of Admin & Co-admin users in GitHub repository causefx/organizr prior to 2.1.1810. Account takeover and privilege escalation...

Cross site scripting

Stored XSS due to no sanitization in the filename in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...

Cross site scripting

Multiple Stored XSS in GitHub repository causefx/organizr prior to 2.1.1810. This allows attackers to execute malicious scripts in the user's browser and it can lead to session hijacking, sensitive data exposure, and worse...