CVE-2022-35734

'Hulu / フールー' App for Android from version 3.0.47 to the version prior to 3.1.2 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an external service may be obtained by analyzing data in the app...

PT-2022-22570 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: SWFTools affected versions not specified Description: A segmentation violation was discovered in SWFTools via the /multiarch/memset-vec-unaligned-erms.S API endpoint. Recommendations: At the moment, there is no information about a newer versi...

Out-of-bounds Write to API in vim/vim

...

WordPress plugin MailerLite – Signup forms (official) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-2647

A vulnerability was found in jeecg-boot. It has been declared as critical. This vulnerability affects unknown code of the file /api/. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be...

ITPison OMICARD EDM SQL注入漏洞

ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from ITPison, China. A security vulnerability exists in ITPison OMICARD EDM that stems from insufficient validation of user input by API functions. A remote attacker can exploit the vulnerability by injecting...

DEBIAN-CVE-2022-35737

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...

ZOHO ManageEngine SupportCenter Plus 授权问题漏洞

ZOHO ManageEngine SupportCenter Plus is a web-based customer support software from ZOHO India. It is used to allow organizations to efficiently manage customer requests, their account and contact information, service contracts, and provide a superior customer experience in the process. A security...

SQLite 输入验证错误漏洞

SQLite is a lightweight database, a relational database management system that adheres to ACID. security vulnerabilities exist in versions prior to SQLite 3.39.2, which originate from the auxiliary C API. no details of the vulnerabilities are currently available...

PT-2022-3784 · Cisco · Cisco Nexus Dashboard

Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to multiple vulnerabilities in the Cisco Nexus Dashboard, which could allow an unauthenticated, remote attacker to execute arbitrary commands, read or...

PT-2022-22193 · Digital Watchdog · Dw Spectrum Server

Name of the Vulnerable Software and Affected Versions: Digital Watchdog DW Spectrum Server version 4.2.0.32842 Description: The issue allows attackers to access sensitive information via a crafted API call. Recommendations: For Digital Watchdog DW Spectrum Server version 4.2.0.32842, consider...

Digital Watchdog DW MEGApix IP 信息泄露漏洞

Digital Watchdog DW MEGApix IP is a camera from Digital Watchdog. A security vulnerability exists in Digital Watchdog DW MEGApix IP version 4.2.0.32842, which stems from a vulnerability that allows an attacker to access sensitive information via a crafted API call...

Samsung telephony-common.jar information disclosure vulnerability

Samsung telephony-common.jar is a Telephony service for Samsung mobile devices that provides support for the Telephony Application Programming Interface TAPI. A local attacker with log access could exploit the vulnerability to obtain IMSI through device logs...

CVE-2022-20812

Multiple vulnerabilities in the API and in the web-based management interface of Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow a remote attacker to overwrite arbitrary files or conduct null byte poisoning attacks on an affected device. Note: Cisco...

PT-2022-3468 · Cisco · Cisco Telepresence Video Communication Server +1

Name of the Vulnerable Software and Affected Versions: Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS affected versions not specified Description: The issue is related to multiple vulnerabilities in the API and the web-based management interface of the affected...

CVE-2021-32428

SQL Injection vulnerability in viaviwebtech Android EBook App Books App, PDF, ePub, Online Book Reading, Download Books 10 via the authorid parameter to api.php...

simplepush 资源管理错误漏洞

simplepush is a mobile application from the German company simplepush. Push notifications can be sent to your device immediately via API or third-party integration. A security vulnerability exists in simplepush that stems from the registration of a fake application using the wrong deviceTokens,...

Zulip 安全漏洞

Zulip is a powerful open source group chat application from the Zulip team. Used to combine the immediacy of real-time chat with the productivity benefits of threaded conversations. A logic error vulnerability exists in Zulip versions 2.1.0 through 5.2, which originates when the server incorrectl...

PYSEC-2022-210

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an...

[SECURITY] Fedora 35 Update: golang-github-docker-libnetwork-0.8.0-18.20220610gitf6ccccb.fc35

Libnetwork provides a native Go implementation for connecting containers. The goal of libnetwork is to deliver a robust Container Network Model that provides a consistent programming interface and the required network abstractions for applications...