CVE-2021-42869

A Cross Site Scripting XSS vulnerability exists in Chikista Patient Management Software 2.0.2 via the lastname parameter in the 1 patient/insert, 2 patientreport, 3 /appointmentreport, 4 visitreport, and 5 /billdetailreport pages...

Cross site scripting

A Cross Site Scripting XSS vulnerability exists in Chikista Patient Management Software 2.0.2 via the lastname parameter in the 1 patient/insert, 2 patientreport, 3 /appointmentreport, 4 visitreport, and 5 /billdetailreport pages...

CVE-2021-42868

A Cross Site Scripting XSS vulnerability exists in Chikista Patient Management Software 2.0.2 in the firstname parameter in 1 patient/insert, 2 patientreport, 3 appointmentreport, 4 visitreport, and 5 billdetailreport pages...

cyrus-sasl security update

2.1.23-15.0.1.2 - Escape password for SQL insert/update commands CVE-2022-24407Orabug: 33936121...

vim: Heap-based buffer overflow in block_insert() in src/ops.c

A heap based out-of-bounds write flaw was found in vim's ops.c. This flaw allows an attacker to trick a user to open a crafted file triggering an out-of-bounds write. This vulnerability is capable of crashing software, modify memory, and possible code execution...

OESA-2022-1557 cyrus-sasl security update

The package contains the Cyrus implementation of SASL. SASL is the Simple Authentication and Security Layer, a method for adding authentication support to connection-based protocols. Security Fixes: In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for ...

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28 plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.

...

AZL-8794 CVE-2022-24407 affecting package cyrus-sasl for versions less than 2.1.28-1

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

DEBIAN-CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

ALPINE-CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

Slackware Linux 14.2 / 15.0 / current cyrus-sasl Multiple Vulnerabilities (SSA:2022-055-01)

The version of cyrus-sasl installed on the remote host is prior to 2.1.28. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-055-01 advisory. - cyrus-sasl aka Cyrus SASL 2.1.27 has an out-of-bounds write leading to unauthenticated remote denial-of- service in...

UBUNTU-CVE-2022-24407

In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement...

CLSA-2022-1643640747 Fixed CVEs in vim: CVE-2022-0213, CVE-2022-0261

CVE-2022-0213: fix going over the end of status line buffer - CVE-2022-0261: fix block insert goes over the end of the line...

CLSA-2022-1643640508 Fix of CVE: CVE-2022-0261, CVE-2022-0213

CVE-2022-0213: fix going over the end of status line buffer - CVE-2022-0261: fix block insert goes over the end of the line...

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.7 (Confidentiality Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).

...

Oracle Communications Operations Monitor has an unspecified vulnerability (CNVD-2022-17349)

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation.A security vulnerability exists in Oracle Communications Operations Monitor, which could be exploit...

Oracle Communications Operations Monitor has an unspecified vulnerability (CNVD-2022-17346)

Oracle Communications is a product of Oracle Corporation USA. provides integrated communications and cloud solutions for service providers and enterprises to accelerate their digital transformation.A security vulnerability exists in Oracle Communications Operations Monitor, which could be exploit...

Oracle Java SE 1.7.0_331 / 1.8.0_321 / 1.11.0_14 / 1.17.0_2 Multiple Vulnerabilities (Unix January 2022 CPU)

The version of Oracle formerly Sun Java SE or Java for Business installed on the remote host is affected by multiple vulnerabilities as referenced in the January 2022 CPU advisory: - Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D...

CVE-2022-21373

Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite component: Reseller Locator. Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner...