SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability in the SAMSUNG Mobile devices BluetoothScanDialog module prior to SMR Aug-2022 Release 1, which originates from a vulnerable code in...

PT-2022-18025 · Sourcecodester · Sourcecodester Garage Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Garage Management System affected versions not specified Description: A critical issue has been found in the SourceCodester Garage Management System, allowing for SQL injection through the manipulation of the userName/uemail...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung. A security vulnerability exists in the SAMSUNG Mobile devices SecDevicePickerDialog module, versions prior to SMR Aug-2022 Release 1, which is caused due to...

@newskit-render/auth (>=0.5.1 <=0.31.0), @newskit-render/core (>=0.57.0 <=1.40.0) +4 more potentially affected by CVE-2022-35924 via next-auth (>=0.0.0-manual.83c4ebd1 <=3.1.0)

next-auth NPM version =0.0.0-manual.83c4ebd1, =0.5.1, =0.57.0, =0.35.0, =1.1.0, =0.0.1, =0.0.5 Source cves: CVE-2022-35924 Source advisory: OSV:GHSA-XV97-C62V-4587...

Path Traversal

org.dspace:dspace-jspui is vulnerable to path traversal. The vulnerability exists due to the resumable upload implementations in SubmissionController and FileUploadRequest components, which allows an attacker to modify request parameters during submission and create files or directories anywhere ...

CVE-2022-2578

A vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0. This issue affects some unknown processing of the file /phpaction/createUser.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit...

mariadb: server crash in create_tmp_table::finalize

A flaw was found in MariaDB. The component, Createtmptable::finalize, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

PT-2022-23701 · Veritas · Veritas Netbackup Opscenter

Name of the Vulnerable Software and Affected Versions: Veritas NetBackup OpsCenter versions 8.x through 8.3.0.2 Veritas NetBackup OpsCenter versions 9.x through 9.0.0.1 Veritas NetBackup OpsCenter versions 9.1.x through 9.1.0.1 Veritas NetBackup OpsCenter version 10 Description: An authenticated...

MAL-2022-2230 Malicious code in create-ot-express-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 269d815f0f72dcbee5d8320d8fdc6dfb67256e41db6c462544a0fb234cfbf97c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in create-ot-express-app (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 269d815f0f72dcbee5d8320d8fdc6dfb67256e41db6c462544a0fb234cfbf97c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Garage Management System 1.0 Shell Upload Exploit

Exploit Title: Garage Management System Remote Code Execution via File Upload Exploit Author: saitamang Vendor Homepage: https://www.sourcecodester.com Software Link: https://www.sourcecodester.com/sites/default/files/download/mayurik/garage.zip Version: 1.0 Tested on: Centos 7 + MySQL import...

PT-2022-5112 · Assimp +2 · Assimp +2

Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp versions prior to the version containing the fix for the segmentation violation in Assimp::XFileImporter::CreateMeshes Description: The issue is related to a segmentation violation in the...

CVE-2022-35899

There is an unquoted service path in ASUSTeK Aura Ready Game SDK service GameSDK.exe 1.0.0.4. This might allow a local user to escalate privileges by creating a %PROGRAMFILESX86%\ASUS\GameSDK.exe file...

CVE-2022-21565

Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 19c and 21c. Easily exploitable vulnerability allows low privileged attacker having Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful...

Apache Hive Authorization Issues Vulnerability

Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. An...

Authorization Bypass

Apache Hive is vulnerable to authorization bypass. The vulnerability exists in the CREATE/DROP operations due to improper restrictions of users privileges which allows an attacker to create and drop UDFs...

CVE-2022-26481

An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request CSR action...

Command injection

An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request CSR action...

CVE-2022-26481

An issue was discovered in Poly Studio before 3.7.0. Command Injection can occur via the CN field of a Create Certificate Signing Request CSR action...

CVE-2022-26481

Poly Studio X30, X50, X70, and G7500 are affected by an authenticated command-injection vulnerability (CVE-2022-26481) in the CSR action CN field. Vulnerable versions include 3.4.0-292042, 3.5.0-344025, and 3.6.0; remediation is to upgrade to 3.7.0 or higher. The issue, described consistently acr...