6573 matches found
CVE-2022-1284 heap-use-after-free in radareorg/radare2
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service...
CVE-2022-1284
heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service...
CVE-2022-1219
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...
Sql injection
SQL injection in RecyclebinController.php in GitHub repository pimcore/pimcore prior to 10.3.5. This vulnerability is capable of steal the data...
livehelperchat Cross-Site Scripting Vulnerability (CNVD-2022-71405)
livehelperchat is available via livehelperchat, which provides free live support on the website. livehelperchat versions prior to 3.97 are vulnerable to a cross-site scripting vulnerability that originates in the GitHub repository livehelperchat/livehelperchat in livehelperchat An XSS vulnerabili...
Use After Free
vim is vulnerable to use after free. The vulnerability exists due to a memory corruption in utfptr2char in GitHub repository vim/vim...
CVE-2022-0935
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97...
Design/Logic Flaw
Host Header injection in password Reset in GitHub repository livehelperchat/livehelperchat prior to 3.97...
CVE-2022-0935
CVE-2022-0935 affects livehelperchat/livehelperchat prior to 3.97 and is caused by Host Header injection in the password reset flow. Multiple sources (NVD, Red Hat, OSV, CNVD, PT-Security, CNVD) describe an attacker abusing header handling to forge or manipulate password reset tokens, potentially...
Design/Logic Flaw
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...
CVE-2022-1253
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release...
Heap overflow
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release...
CVE-2022-1240
Heap buffer overflow in libr/bin/format/mach0/mach0.c in GitHub repository radareorg/radare2 prior to 5.8.6. If address sanitizer is disabled during the compiling, the program should executes into the rstrncpy function. Therefore I think it is very likely to be exploitable. For more general...
CVE-2022-1238
Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see CWE...
CVE-2022-1237
CVE-2022-1237 affects radare2 (radareorg/radare2) prior to 5.6.8. The issue is an improper validation of an array index, resulting in a heap overflow. The reports describe this as potentially exploitable, with impact on confidentiality, integrity, and availability. Remediation: upgrade to radare2...
CVE-2022-1237 Improper Validation of Array Index in radareorg/radare2
Improper Validation of Array Index in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see CWE...
CVE-2022-24793
PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.12 and prior affects applications that use PJSIP DNS resolution. It doesn't affect PJSIP users who utilize an external resolver. This vulnerability is related to...
CVE-2022-1238
Out-of-bounds Write in libr/bin/format/ne/ne.c in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is heap overflow and may be exploitable. For more general description of heap buffer overflow, see CWE...
CVE-2022-24786
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...
CVE-2022-1244
heap-buffer-overflow in GitHub repository radareorg/radare2 prior to 5.6.8. This vulnerability is capable of inducing denial of service...