4605 matches found
CVE-2022-31097 Stored XSS in Grafana's Unified Alerting
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior to 9.0.3, 8.5.9, 8.4.10, and 8.3.10 are vulnerable to stored cross-site scripting via the Unified Alerting feature of Grafana. An attacker can exploit this vulnerability to escalate...
CVE-2022-2097 affecting package openssl 1.1.1k-12
CVE-2022-2097 affecting package openssl 1.1.1k-12. A patched version of the package is available...
Grafana account takeover via OAuth vulnerability
Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...
CVE-2022-31102 Cross-site Scripting for Argo CD single sign on users
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with 2.3.0 and prior to 2.3.6 and 2.4.5 is vulnerable to a cross-site scripting XSS bug which could allow an attacker to inject arbitrary JavaScript in the /auth/callback page in a victim's browser. This...
PT-2022-15750 · Sourcecodester · Sourcecodester Clinics Patient Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 2.0 Description: A critical issue was found in the system, affecting an unknown function of the file /pms/update user.php?user id=1. The manipulation of the profile picture argument wit...
PT-2022-17062 · Cwp · Cwp
Name of the Vulnerable Software and Affected Versions: CWP version 0.9.8.1122 Description: A path traversal vulnerability in loader.php allows attackers to execute arbitrary code via a crafted POST request. Recommendations: For CWP version 0.9.8.1122, consider disabling the loader.php file until ...
PT-2022-21058 · Tenda · Tenda Ax1806
Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: A stack overflow issue was discovered via the list parameter in the fromSetRouteStatic function. Recommendations: For Tenda AX1806 version 1.0.0.1, consider restricting access to the fromSetRouteStati...
PT-2022-20990 · Mcms · Mcms
Name of the Vulnerable Software and Affected Versions: MCMS version 5.2.8 Description: The issue is related to an arbitrary file upload vulnerability. This means that an attacker could potentially upload malicious files to the system, which could lead to various security problems. Recommendations...
PT-2022-22347 · Jenkins · Jenkins Deployment Dashboard Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Deployment Dashboard Plugin versions 1.0.10 and earlier Description: The issue is related to a stored cross-site scripting XSS vulnerability. It occurs because environment names on the Deployment Dashboard view are not properly escape...
PT-2022-3089 · Motorola · Motorola Moscad +1
Name of the Vulnerable Software and Affected Versions: Motorola MOSCAD and ACE line of RTUs through 2022-05-02 Description: The issue concerns the omission of an authentication requirement in the Motorola MOSCAD and ACE line of RTUs. These devices feature IP Gateway modules that allow for...
CVE-2022-1734 affecting package kernel 5.10.116.1-1
CVE-2022-1734 affecting package kernel 5.10.116.1-1. A patched version of the package is available...
CVE-2021-30560 affecting package libxslt 1.1.34-2
CVE-2021-30560 affecting package libxslt 1.1.34-2. A patched version of the package is available...
PT-2022-20864 · Sap · Sap Financial Consolidation
Name of the Vulnerable Software and Affected Versions: SAP Financial Consolidation version 1010 Description: The issue results in escalation of privileges due to the lack of necessary authorization checks for an authenticated user. Recommendations: For SAP Financial Consolidation version 1010,...
Cross-site Scripting in FacturaScripts
Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts. A patch is available on the master branch of the repository in commit 7b4ddb92...
GHSA-J8C7-3JPQ-8985 Cross-site Scripting in FacturaScripts
Cross-site Scripting XSS - Reflected in GitHub repository neorazorx/facturascripts. A patch is available on the master branch of the repository in commit 7b4ddb92...
DEBIAN-CVE-2022-31031
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...
ALPINE-CVE-2022-31031
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...
UBUNTU-CVE-2022-31031
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...
CVE-2022-31031 Potential stack buffer overflow when parsing message as a STUN client
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions prior to and including 2.12.1 a stack buffer overflow vulnerability affects PJSIP users that use STUN in their...
Poly Studio X30 / Studio X50 / Studio X70 / G7500 Command Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Command Injection product: Poly Studio X30, Studio X50, Studio X70, G7500 vulnerable version: 3.4.0-292042, 3.5.0-344025, 3.6.0 fixed version: 3.7.0 or high...