DEBIAN-CVE-2022-3523

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is an unknown function of the file mm/memory.c of the component Driver Handler. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch to...

PT-2022-22662 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js version 18 Description: A weak randomness issue exists in the WebCrypto keygen due to a change with EntropySource in SecretKeyGenTraits::DoKeyGen in src/crypto/crypto keygen.cc. There are two main problems: 1. The return value of...

PT-2022-23831 · Paymoney · Paymoney

Name of the Vulnerable Software and Affected Versions: PayMoney version 3.3 Description: The issue is related to Stored Cross-Site Scripting XSS that occurs during the process of replying to a ticket. This can be achieved by injecting a specially crafted payload into the "Message" field using the...

PT-2022-24774 · Siemens · Parasolid +1

Name of the Vulnerable Software and Affected Versions: Parasolid versions prior to V33.1.263 Parasolid V34.0 versions prior to V34.0.252 Parasolid V34.1 versions prior to V34.1.242 Parasolid V35.0 versions prior to V35.0.164 Simcenter Femap V2022.1 versions prior to V2022.1.3 Simcenter Femap...

PT-2022-4462 · Unknown · Library Management System

Name of the Vulnerable Software and Affected Versions: Library Management System version 1.0 Description: The issue is related to a SQL injection vulnerability in the /librarian/bookdetails.php component of the Library Management System. This vulnerability allows a remote attacker to execute...

Information disclosure

A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure Credentials. The attac...

CVE-2017-20109 Teleopti WFM Administration GetOneTenant Credentials information disclosure

A vulnerability classified as problematic was found in Teleopti WFM up to 7.1.0. Affected by this vulnerability is an unknown functionality of the file /TeleoptiWFM/Administration/GetOneTenant of the component Administration. The manipulation leads to information disclosure Credentials. The attac...

CVE-2014-125018 FFmpeg decode_slice_header memory corruption

A vulnerability, which was classified as problematic, has been found in FFmpeg 2.0. Affected by this issue is the function decodesliceheader. The manipulation leads to memory corruption. The attack may be launched remotely. It is recommended to apply a patch to fix this issue...

lxb.ir Cross Site Scripting vulnerability OBB-2626306

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-0883

SLM has an issue with Windows Unquoted/Trusted Service Paths Security Issue. All installations version 9.x.x prior to 9.20.1 should be patched...

CVE-2022-24858 Default redirect callback vulnerable to open redirects

next-auth v3 users before version 3.29.2 are impacted. next-auth version 4 users before version 4.3.2 are also impacted. Upgrading to 3.29.2 or 4.3.2 will patch this vulnerability. If you are not able to upgrade for any reason, you can add a configuration to your callbacks option. If you already...

PT-2022-6078

Name of the Vulnerable Software and Affected Versions SnakeYaml versions prior to 2.0 Bitbucket Data Center versions 7.17.x through 8.8.6 Bitbucket Server versions 7.17.x through 8.8.6 Confluence Data Center versions 6.13.x through 8.3.0 Confluence Server versions 6.13.x through 8.3.0 Description...

PT-2022-4300

Name of the Vulnerable Software and Affected Versions Android kernel Description The issue is related to a function kbase jd user buf pin pages in mali kbase mem.c, which is part of the graphics processor driver in Android operating system for Google Pixel devices. It involves an out-of-bounds...

Exploit for Path Traversal in F5 Big-Ip_Access_Policy_Manager

CVE-2020-5902 is a vulnerability in BIG-IP, a load balancer and application delivery controller. The vulnerability is a remote code execution RCE flaw that allows an attacker to execute arbitrary code on the BIG-IP system. The vulnerability exists in the BIG-IP web interface, specifically in the...

PT-2022-5106 · Moxa · Moxa Mxview

Name of the Vulnerable Software and Affected Versions: Moxa MXView version 3.2.4 Description: The issue is related to the use of hardcoded credentials in the web interface of Moxa MXView, allowing a remote attacker to gain full access to the device by sending a specially crafted HTTP request. Thi...

Grafana proxy XSS

Grafana is an open-source platform for monitoring and observability. In affected versions an attacker could serve HTML content thru the Grafana datasource or plugin proxy and trick a user to visit this HTML page using a specially crafted link and execute a Cross-site Scripting XSS attack. The...

PT-2022-10090 · Unknown · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS versions prior to 1.0.473 and 1.1.6 Description: October CMS is a self-hosted content management system CMS platform based on the Laravel PHP Framework. An attacker with access to the backend can execute PHP code by using the them...

UBUNTU-CVE-2021-41141

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently...

CVE-2021-41141 Missing release of locks in PJSIP

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently...

PT-2021-6661

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 7u321, 8u311, 11.0.13, 17.0.1 Oracle GraalVM Enterprise Edition versions 20.3.4, 21.3.0 Description The issue is related to insufficient input validation in the Libraries component of Oracle Java SE and Oracle GraalVM...