PT-2023-17382 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the exposure of sensitive information through metadata in the answerdev/answer GitHub repository. This exposure can include sensitive data such as EXIF data and GPS...

PT-2023-21372 · Prestashop · Prestashop Xipblog

Name of the Vulnerable Software and Affected Versions: PrestaShop xipblog versions 2.0.1 and earlier Description: A SQL injection issue allows a remote attacker to gain privileges via the xipcategoryclass and xippostsclass components. Recommendations: For PrestaShop xipblog versions 2.0.1 and...

PT-2023-14154 · B&R · B&R Automation Runtime

Name of the Vulnerable Software and Affected Versions: B&R Automation Runtime versions 3.00 through C4.93 Description: A reflected cross-site scripting issue exists in the System Diagnostics Manager, allowing a remote attacker to execute arbitrary JavaScript in the context of the user's browser...

PT-2023-34968 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.10 Description: The issue is related to an incorrect offset calculation in the erofs/zmap.c file. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...

PT-2023-35168 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.15.86 through v5.15.89 Description: A potential security issue has been identified, although its actual impact and attack plausibility have not yet been proven. The issue was introduced in version v5.15.86 and fixed i...

PT-2023-1425 · Adobe · Framemaker

Name of the Vulnerable Software and Affected Versions: Adobe FrameMaker versions 2020 Update 4 and earlier, 2022 and earlier Description: The issue is related to an out-of-bounds write vulnerability in the memory buffer of Adobe FrameMaker, which could result in arbitrary code execution in the...

PT-2023-8779 · Apache +2 · Apache Shiro +2

Name of the Vulnerable Software and Affected Versions: Apache Shiro versions prior to 1.11.0 Spring Boot versions 2.6+ Description: The issue is related to a conflict of interpretations between Apache Shiro and Spring Boot, which can be exploited by a remote attacker using a specially crafted HTT...

PT-2022-35301 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: A potential security issue exists due to a race in lowcomms. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.15.75...

PT-2022-34256 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: The issue concerns a potential security vulnerability in the Linux Kernel. It involves checking the size of the screen before performing a memset io operation. The actual impact and attack...

PT-2022-33237 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19 through v5.19.7 Description: The issue concerns the handling of RTAS MSRHV for Cell in the powerpc/rtas component. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kern...

PT-2022-23981 · Vinoj Cardoza · Captcha Code Plugin

Name of the Vulnerable Software and Affected Versions: Vinoj Cardoza's Captcha Code plugin versions = 2.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on the web...

PT-2022-18954 · Bentley · Bentley Microstation Connect

Name of the Vulnerable Software and Affected Versions: Bentley MicroStation CONNECT version 10.16.02.34 Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicio...

PT-2022-10329 · Baijiacms · Baijiacms

Name of the Vulnerable Software and Affected Versions: baijiacms version 4 Description: An issue was discovered that allows modification of store information and login password due to a CSRF vulnerability. Recommendations: For baijiacms version 4, update to a version that includes a fix for this...

ALPINE-CVE-2022-24763

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds...

UBUNTU-CVE-2022-24763

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP's XML parsing in their apps. Users are advised to update. There are no known workarounds...

PT-2022-17785 · Mendix · Mendix Applications

Name of the Vulnerable Software and Affected Versions: Mendix Applications versions prior to 7.23.29 Description: A vulnerability has been identified in Mendix Applications. The affected framework does not correctly verify if the request was initially made by the user requesting the result when...

@atto-byte/ui (=1.0.4), @cessair/building (=1.0.0) +129 more potentially affected by CVE-2019-15608 via yarn (>=0.15.1 <=1.17.3)

yarn NPM version =0.15.1, =1.0.0, =1.0.0, =1.9.9, =1.0.0, =1.0.21, =1.6.6-0, =8.3.8, =0.1.0, =0.1.0, =0.1.14 and more Source cves: CVE-2019-15608 Source advisory: OSV:GHSA-HJXC-462X-X77J...

CVE-2022-23631

superjson is a program to allow JavaScript expressions to be serialized to a superset of JSON. In versions prior to 1.8.1 superjson allows input to run arbitrary code on any server using superjson input without prior authentication or knowledge. The only requirement is that the server implements ...

CVE-2022-23619 Information exposure in xwiki-platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been...

AZL-45261 CVE-2022-21704 affecting package js-jquery 3.5.0-4

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable in unix. This could cause problems if log files contain sensitive information. This would affect any users that have not...