CVE-2021-4255 ctrlo lenio contractor.tt cross site scripting

A vulnerability was found in ctrlo lenio and classified as problematic. Affected by this issue is some unknown functionality of the file views/contractor.tt. The manipulation of the argument contractor.name leads to cross site scripting. The attack may be launched remotely. The name of the patch ...

CVE-2021-4246 roxlukas LMeve Login Page sql injection

A vulnerability was found in roxlukas LMeve and classified as critical. Affected by this issue is some unknown functionality of the component Login Page. The manipulation of the argument X-Forwarded-For leads to sql injection. The attack may be launched remotely. The name of the patch is...

Mozilla: Cross-Site Tracing was possible via non-standard override headers

The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...

Citrix Releases Security Updates for ADC and Gateway

Citrix has released security updates to address vulnerabilities in Citrix ADC and Citrix Gateway. A remote attacker could exploit one of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Citrix Security Updates CTX463706 and apply the...

PT-2022-14673 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-13 Description: The issue is related to a missing permission check in the onCallRedirectionComplete function of CallsManager.java. This could lead to a local escalation of privilege with no addition...

CVE-2022-39343 Azure RTOS FileX vulnerable to Buffer Offerflow

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a vali...

DEBIAN-CVE-2022-43245

Libde265 v1.0.8 was discovered to contain a segmentation violation via applysaointernal in sao.cc. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted video file...

CVE-2022-3635

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tsttimer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 ...

CVE-2022-3630 Linux Kernel IPsec cookie.c memory leak

A vulnerability was found in Linux Kernel. It has been rated as problematic. This issue affects some unknown processing of the file fs/fscache/cookie.c of the component IPsec. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue. The associated identifier of...

Cisco Releases Security Update for Cisco Identity Services Engine 

Cisco has released a security update to address vulnerabilities affecting Cisco Identity Services Engine ISE. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. For updates addressing high and low severity vulnerabilities, see the Cisco Security...

CVE-2022-3619 Linux Kernel Bluetooth l2cap_core.c l2cap_recv_acldata memory leak

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function l2caprecvacldata of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue...

CVE-2022-3567 Linux Kernel IPv6 inet6_dgram_ops race condition

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the...

Adobe Releases Security Updates for Multiple Products

Adobe has released security updates to address multiple vulnerabilities in Adobe software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Adobe Security Bulletins and apply the necessary updates. •...

PT-2022-37319 · Git +1 · Skia

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details about the crash include the SkPath::Iter::next function, SkStroke::strokePat...

PT-2022-19337 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.1 through 7.4.2 Liferay DXP versions 7.0 fix pack 91 through 101 Liferay DXP versions 7.1 fix pack 17 through 25 Liferay DXP versions 7.2 fix pack 5 through 14 Liferay DXP version 7.3 before service pack 3...

CVE-2022-38539

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply...

CVE-2022-38539

Archery v1.7.5 to v1.8.5 was discovered to contain a SQL injection vulnerability via the where parameter at /archive/apply...

Archery SQL注入漏洞

Archery is an open source vulnerability assessment and management tool. A security vulnerability exists in Archery versions v1.7.5 through v1.8.5, which stems from the where parameter in /archive/apply containing a SQL injection vulnerability...

Microsoft Releases September 2022 Security Updates

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. An attacker can exploit some of these vulnerabilities to take control of an affected system. CISA encourages users and administrators to review Microsoft’s September 2022 Security Update Guide and Deployment...

PowerCMS XMLRPC API vulnerable to command injection

Overview PowerCMS XMLRPC API provided by Alfasado Inc. contains a command injection vulnerability CWE-74. Sending a specially crafted message by POST method to PowerCMS XMLRPC API may allow arbitrary Perl script execution, and an arbitrary OS command may be executed through it. According to the...