PT-2023-15153 · Small Crm · Small Crm

Name of the Vulnerable Software and Affected Versions: Small CRM version 3.0 Description: A cross-site scripting XSS issue in the Create Ticket page allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Subject parameter. This enables attackers to...

CVE-2022-25908

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

CVE-2022-25908

All versions of the package create-choo-electron are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization...

ALPINE-CVE-2022-47024

A null pointer dereference issue was discovered in function guix11createblankmouse in guix11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts...

CVE-2023-21829

Vulnerability in the Oracle Database RDBMS Security component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle...

CVE-2023-21827

Vulnerability in the Oracle Database Data Redaction component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Session privilege with network access via Oracle Net to compromise Oracle...

CVE-2022-39429

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of...

PT-2023-16146 · Rapid7 · Rapid7 Velociraptor

Name of the Vulnerable Software and Affected Versions: Rapid7 Velociraptor versions prior to 0.6.7-5 Description: The issue allows a directory traversal where the collection task could be written by not properly sanitizing the client ID parameter to the "CreateCollection API". This could be...

GSD-2023-1001419 RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed

RDMA/rxe: Fix NULL-ptr-deref in rxeqpdocleanup when socket create failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

PT-2023-13725 · Oracle · Oracle Database Server +1

Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19c and 21c Description: The issue affects the Java VM component, allowing a low-privileged attacker with Create Procedure privilege and network access via Oracle Net to compromise the Java VM. This can result ...

PT-2023-33821 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: A potential memory leak issue exists in the configfs create dir function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior...

PT-2023-1268 · Oracle · Oracle Database

Name of the Vulnerable Software and Affected Versions: Oracle Database versions 19c through 21c Description: The issue is related to insufficient input validation in the Oracle Database RDBMS Security component. It allows a low-privileged attacker with Create Session privilege and network access...

PT-2023-34172 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue is related to a possible use-after-free UAF in the snic tgt create function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection via the create function, by manipulating the @user field. Remediation Upgrade curupira to version 0.1.4 or higher. References - GitHub Commit - GitHub Release...

Apache Superset vulnerable to Cross-site Scripting

Dashboard rendering does not sufficiently sanitize the content of markdown components leading to possible XSS attack vectors that can be performed by authenticated users with create dashboard permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to a memory leak issue via the GLESCreateTexture function in the SDLrendergles.c file. Remediation Upgrade sdl to version 2.26.0 or higher. References - GitHub Commit - GitHub PR - GitHub Release - RedHat...

NVIDIA Omniverse Kit 代码注入漏洞

The NVIDIA Omniverse Kit is a powerful toolkit from NVIDIA, Inc. for developers to build their own applications, microservices, or plug-ins for their ecosystems. A security vulnerability exists in NVIDIA Omniverse Kit. An attacker could exploit this vulnerability to craft a USD file containing...

GHSA-V436-Q368-HVGG Keycloak has lack of validation of access token on client registrations endpoint

When a service account with the create-client or manage-clients role can use the client-registration endpoints to create/manage clients with an access token. If the access token is leaked, there is an option to revoke the specific token. However, the check is not performed in client-registration...

DEBIAN-CVE-2022-4743

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...

AZL-43546 CVE-2022-4743 affecting package SDL2 2.24.0-2

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...