Design/Logic Flaw

Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux Virtual Strage Software Agent component allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00...

Design/Logic Flaw

Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux Analytics probe component, Hitachi Ops Center Analyzer on Linux Hitachi Ops Center Analyzer probe component allows local users to gain sensitive information. This issue affect...

CVE-2022-41553

The CVE-2022-41553 entry documents a local information exposure in Hitachi Infrastructure Analytics Advisor (Analytics probe) and Hitachi Ops Center Analyzer (probe) on Linux, caused by insertion of sensitive data into temporary files. Affected: Analytics Advisor 2.0.0-00 through 4.4.0-00; Ops Ce...

CVE-2022-39367 Vulnerability in handling of uploaded QTI ZIP files

QTIWorks is a software suite for standards-based assessment delivery. Prior to version 1.0-beta15, the QTIWorks Engine allows users to upload QTI content packages as ZIP files. The ZIP handling code does not sufficiently check the paths of files contained within ZIP files, so can insert files int...

Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's Oracle business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, and other functionality.Forms is a component used to create forms that interact with Oracle...

Oracle Fusion Middleware 安全漏洞

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. A security vulnerability exists in Oracle Fusion Middleware version...

UBUNTU-CVE-2022-39289

ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as...

CVE-2022-39873

Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication...

Information disclosure

Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI...

CVE-2022-39876

Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI...

PT-2022-24872 · Unknown +2 · Zoneminder +2

Name of the Vulnerable Software and Affected Versions: ZoneMinder affected versions not specified Description: The issue concerns the ZoneMinder API, which exposes database log contents to users without privileges. It also allows for the insertion, modification, and deletion of logs without syste...

Fixed in ClickHouse 22.9.1.2603, 2022-09-22​

A heap buffer overflow issue was discovered in ClickHouse server. A malicious user with ability to load data into ClickHouse server could crash the ClickHouse server by inserting a malformed CapnProto object...

CVE-2022-38886

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

PYSEC-2022-43092

The d8s-xml for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-strings package. The affected version is 0.1.0...

springframework: malicious input leads to insertion of additional log entries

In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries...

The vulnerability of the Calendar component in the Zimbra Collaboration Suite corporate email management system allows a hacker to insert any desired malicious code into documents.

The vulnerability of the Calendar component in the Zimbra Collaboration Suite enterprise email management system exists due to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to insert arbitrary code into documents...

CVE-2022-22411

IBM Spectrum Scale Data Access Services (DAS) 5.1.3.1 is affected. An authenticated user could insert code and manipulate cluster resources due to excessive service-account permissions. Affected product/version: DAS 5.1.3.1. Root cause described as risky permissions enabling code insertion. IBM b...

CVE-2022-22411

IBM Spectrum Scale Data Access Services DAS 5.1.3.1 could allow an authenticated user to insert code which could allow the attacker to manipulate cluster resources due to excessive permissions. IBM X-Force ID: 223016...

CVE-2022-33994

The Gutenberg plugin through 13.7.3 for WordPress allows stored XSS by the Contributor role via an SVG document to the "Insert from URL" feature. NOTE: the XSS payload does not execute in the context of the WordPress instance's domain; however, analogous attempts by low-privileged users to...

Oracle WebLogic Server Core Component Input Validation Error Vulnerability

Oracle WebLogic Server is a product of Oracle Corporation. Oracle WebLogic Server is an application services middleware for cloud and traditional environments that provides a modern, lightweight development platform that supports the entire lifecycle management of applications from development to...