CVE-2022-26320

The Rambus SafeZone Basic Crypto Module before 10.4.0, as used in certain Fujifilm formerly Fuji Xerox devices before 2022-03-01, Canon imagePROGRAF and imageRUNNER devices through 2022-03-14, and potentially many other devices, generates RSA keys that can be broken with Fermat's factorization...

CVE-2022-26313

A vulnerability has been identified in Mendix Forgot Password Appstore module All versions = V3.3.0 V3.5.1. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts...

CVE-2022-26596

Cross-site scripting XSS vulnerability in Journal module's web content display configuration page in Liferay Portal 7.1.0 through 7.3.3, and Liferay DXP 7.0 before fix pack 94, 7.1 before fix pack 19, and 7.2 before fix pack 8, allows remote attackers to inject arbitrary web script or HTML via we...

CVE-2022-35914

/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection...

CVE-2017-12795

OpenMRS openmrs-module-htmlformentry 3.3.2 is affected by: Improper Input Validation...

CVE-2017-18689

An issue was discovered on Samsung mobile devices with M6.0 and N7.0 Exynos5433, Exynos7420, or Exynos7870 chipsets software. An attacker can bypass a ko aka Kernel Module signature by modifying the count of kernel modules. The Samsung ID is SVE-2016-7466 January 2017...

CVE-2008-6836

Cross-site request forgery CSRF vulnerability in OpenID 5.x before 5x.-1.2, a module for Drupal, allows remote attackers to hijack the authentication of unspecified victims to delete OpenID identities via unknown vectors...

CVE-2019-18664

The Log module in SECUDOS DOMOS before 5.6 allows XSS...

CVE-2019-18665

The Log module in SECUDOS DOMOS before 5.6 allows local file inclusion...

CVE-2019-2303

SNDCP module may access array out side its boundary when it receives malformed XID message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053,...

CVE-2019-11201

Dolibarr ERP/CRM 9.0.1 provides a module named website that provides for creation of public websites with a WYSIWYG editor. It was identified that the editor also allowed inclusion of dynamic code, which can lead to code execution on the host machine. An attacker has to check a setting on the sam...

CVE-2019-20427

In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between reqcapsulegetsize and tgtbrwwrite leads to a tgtshortio2pages integer...

CVE-2019-20429

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic via a modified lmbufcount field due to the lack of validation for specific fields of packets sent by a client. This is caused by interaction between sptlrpcsvcunwraprequest and lustremsghdrsizev2...

CVE-2019-20430

In the Lustre file system before 2.12.3, the mdt module has an LBUG panic via a large MDT Body eadatasize field due to the lack of validation for specific fields of packets sent by a client...

CVE-2019-20425

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustremsgstring, there is no validation of a certain length value derived from lustremsgbuflenv2...

CVE-2019-20426

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function ldlmcancelhpreqcheck, there is no lockcount bounds check...

CVE-2019-20428

In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds read and panic due to the lack of validation for specific fields of packets sent by a client. The ldlrequestcancel function mishandles a large lockcount parameter...

CVE-2020-7452

In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and...

CVE-2020-7474

A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator v1.002 and prior, for the PMEPXM0100 H module, which could cause the execution of untrusted code when using double click to open a project file which may trigger execution of a malicious DLL...

CVE-2020-12471

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler...