PT-2022-15463 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows versions 9.7, 10.1, 10.5, 11.1, and 11.5 Description: The issue is related to an information disclosure due to unauthorized access caused by improper privilege management when the CREATE OR REPLACE command ...

Archery SQL注入漏洞

Archery is a set of open source vulnerability assessment and management tools. A security vulnerability exists in Archery versions v1.4.0 through v1.8.5, which stems from the ThreadIDs parameter in the createkillsession interface containing a SQL injection vulnerability...

PT-2022-24446 · Archery · Archery

Name of the Vulnerable Software and Affected Versions: Archery versions 1.4.0 through 1.8.5 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the ThreadIDs parameter in the create kill session interface. Recommendations: For Archery versions 1.4.0 through...

CVE-2022-22483

IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979...

PT-2022-7434 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the kmalloc function in the Linux kernel, which can fail due to out-of-memory conditions. If it fails, the function should return an error code errno instead of...

CVE-2022-38528

Open Asset Import Library assimp commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes...

PYSEC-2022-43149

Open Asset Import Library assimp commit 3c253ca was discovered to contain a segmentation violation via the component Assimp::XFileImporter::CreateMeshes...

Garage Management System 代码问题漏洞

SourceCodester Garage Management System Cms-Website is a garage management system by mayurik personal developer. It helps you to manage all your vehicles, cars and motorcycles. A security vulnerability exists in Garage Management System v1.0, which stems from its /phpaction/createProduct.php...

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via C_CreateObject nor when C_DeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack.

...

suzukivision.com Cross Site Scripting vulnerability OBB-2867508

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-36115

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for unintended functionality. An...

Blue Prism Enterprise 安全漏洞

Blue Prism Enterprise is an intelligent robotic process automation RPA software from Blue Prism UK. A security vulnerability exists in Blue Prism Enterprise versions 6.0 through 7.01, which stems from a misconfigured environment that exposes the Blue Prism application server, which allows an...

The vulnerability of the CAS server of General Bytes Crypto Application Server, related to the manipulation of inter-site requests, allows a hacker to create a user with admin privileges and modify any data on the server at will.

The vulnerability of the CAS server of General Bytes Crypto Application Server is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to create a user with admin privileges and modify any data on the server at will...

AZL-10659 CVE-2021-3798 affecting package opencryptoki for versions less than 3.17.0-1

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

UBUNTU-CVE-2021-3798

A flaw was found in openCryptoki. The openCryptoki Soft token does not check if an EC key is valid when an EC key is created via CCreateObject, nor when CDeriveKey is used with ECDH public data. This may allow a malicious user to extract the private key by performing an invalid curve attack...

CVE-2022-36341

The CVE pertains to Akash Soni’s AS – Create Pinterest Pinboard Pages WordPress plugin (versions

CVE-2022-2389

The Abandoned Cart Recovery for WooCommerce, Follow Up Emails, Newsletter Builder & Marketing Automation By Autonami WordPress plugin before 2.1.2 does not have authorisation and CSRF checks in one of its AJAX action, allowing any authenticated users, such as subscriber to create automations...

Malicious code in create-hshs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c44e914b26733063bd2580f26185cc55271dfe73f07996e4dd9c35a57b74a2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-2229 Malicious code in create-hshs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8c44e914b26733063bd2580f26185cc55271dfe73f07996e4dd9c35a57b74a2f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

AZL-10595 CVE-2022-2625 affecting package postgresql for versions less than 14.5-1

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the objec...