CVE-2021-27439 TencentOS-tiny Integer Overflow or Wraparound

TencentOS-tiny version 3.1.0 is vulnerable to integer wrap-around in function 'tosmmheapalloc incorrect calculation of effective memory allocation size. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code...

CVE-2021-27439

TencentOS-tiny 3.1.0 is reported vulnerable to an integer wrap-around in the tos_mmheap_alloc path, causing incorrect calculation of the allocation size and potentially arbitrary memory allocation, crashes, or remote code execution. The Red Hat/RH CVE entry and multiple references confirm the vul...

CVE-2021-22680 NXP MQX Integer Overflow or Wraparound

NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in memalloc, lwmemalloc and partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27435 ARM mbed Integer Overflow or Wraparound

ARM mbed product Version 6.3.0 is vulnerable to integer wrap-around in mallocwrapper function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27425 Cesanta Software Mongoose-OS Integer Overflow or Wraparound

Cesanta Software Mongoose-OS v2.17.0 is vulnerable to integer wrap-around in function mmmalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27419 uClibc-ng Integer Overflow or Wraparound

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27419

uClibc-ng versions prior to 1.0.37 are vulnerable to integer wrap-around in functions malloc-simple. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2021-27427 RIOT OS Integer Overflow or Wraparound

RIOT OS version 2020.01.1 is vulnerable to integer wrap-around in its implementation of calloc function, which can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash or a remote code injection/execution...

CVE-2022-28391

An escape sequence injection attack was found in BusyBox on Alpine. For this issue to occur, a remote host's virtual terminal must contain an escape sequence, and the victim must then execute netstat. This flaw allows an attacker can inject arbitrary code, leading to a loss of integrity...

GHSA-4PFG-2FRF-F67V MoinMoin Cross-site Scripting (XSS) vulnerability

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 an AttachFile sub-action in the errormsg function or 2 multiple vectors related to package file errors in the uploadform...

GHSA-Q7Q4-5G8P-33FQ MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in macro/AdvancedSearch.py in moin and MoinMoin 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...

GHSA-775G-4482-PM94 MoinMoin Multiple cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting XSS vulnerabilities in action/AttachFile.py in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 message, 2 pagename, and 3 target filenames. The issue was fixed on db212dfc58ef...

Jenkins allows Cross-Site Scripting (XSS) via Crafted URL

Cross-site Scripting XSS in Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL that points to Jenkins...

CVE-2022-20693

A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input...

CVE-2020-25158

A reflected cross-site scripting XSS vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows remote attackers to inject arbitrary web script or HTML into various locations...

CVE-2022-20763

A vulnerability in the login authorization components of Cisco Webex Meetings could allow an authenticated, remote attacker to inject arbitrary Java code. This vulnerability is due to improper deserialization of Java code within login requests. An attacker could exploit this vulnerability by...

PT-2022-18162 · Unknown · Impresscms

Name of the Vulnerable Software and Affected Versions: ImpressCMS versions 1.4.3 and earlier Description: The issue allows remote attackers to inject code in an unintended way, enabling them to read and modify sensitive information from the database used by the application. If the system is...

Exploit for Code Injection in Vmware Spring_Cloud_Gateway

Vulnerability Profile Spring Cloud Gateway is a brand new pro...

GHSA-VW6G-GH6C-8QWP Liferay Portal and Liferay DXP vulnerable to cross-site scripting (XSS) in the Gogo Shell module

Cross-site scripting XSS vulnerability in the Gogo Shell module before 5.0.2 from Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output o...

CVE-2021-34361

A cross-site scripting XSS vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4...