The vulnerability of the create function in the Horde Webmail software allows a hacker to execute arbitrary code.

The vulnerability of the create function in the Horde Webmail software exists because measures to neutralize special elements have not been taken. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Bento4 Denial of Service Vulnerability (CNVD-2023-27653)

Bento4 is an open source C library for reading and writing MP4 files. Bento4 version 1.6.0-639 suffers from a denial-of-service vulnerability that stems from AP4CttsAtom::Create in its Core/Ap4CttsAtom.cpp component, which may consume too much memory. An attacker could exploit the vulnerability t...

PT-2022-33840 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: The issue is related to an error unwind in the rxe create qp function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior t...

CVE-2022-38844

CSV Injection in Create Contacts in EspoCRM 7.1.8 allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. Admin user exporting contacts in CSV file may end up executing the malicious system commands on his system...

CVE-2022-38844

EspoCRM 7.1.8 is affected by a CSV injection vulnerability in Create Contacts, enabling remote authenticated users to execute system commands by crafting payloads in CSV exports (e.g., when an admin exports contacts). Root cause: CSV injection in the contact creation/CSV export flow. Impact: pote...

PT-2022-33488 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: The issue is related to an error unwind in the rxe create qp function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

CVE-2022-40736

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4CttsAtom::Create in Core/Ap4CttsAtom.cpp...

CVE-2022-40736

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4CttsAtom::Create in Core/Ap4CttsAtom.cpp...

Design/Logic Flaw

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in AP4CttsAtom::Create in Core/Ap4CttsAtom.cpp...

Bento4 资源管理错误漏洞

Bento4 is an open source C library for reading and writing MP4 files. Bento4 version 1.6.0-639 suffers from a denial-of-service vulnerability that stems from AP4CttsAtom::Create in its Core/Ap4CttsAtom.cpp component, which may consume too much memory. An attacker could exploit the vulnerability t...

PT-2022-25498 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: An issue was discovered in Bento4, where there is excessive memory consumption in AP4 CttsAtom::Create in Core/Ap4CttsAtom.cpp. Recommendations: For Bento4 version 1.6.0-639, consider restricting the use ...

CVE-2022-40439

An memory leak issue was discovered in AP4StdcFileByteStream::Create in mp42ts in Bento4 v1.6.0-639, allows attackers to cause a denial of service via a crafted file...

CVE-2022-36668

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

CVE-2022-36668

Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting XSS on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector...

Bento4 安全漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 v1.6.0-639, which originates from a denial of service due to a memory leak in the AP4StdcFileByteStream::Create function of its mp42ts component that can be caused by an attacker via ...

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979...

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979...

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979...

CVE-2022-38540

Archery v1.4.0 to v1.8.5 was discovered to contain a SQL injection vulnerability via the ThreadIDs parameter in the createkillsession interface...

mariadb: improper locking due to the unreleased lock in extra/mariabackup/ds_compress.cc

MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/dscompress.cc, when an error occurs i.e., going to the err label while executing the method createworkerthreads, the held lock thd-ctrlmutex is not released correctly, which allows local users to trigger a denial ...