CVE-2022-1999

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1. Under certain conditions, using the REST API an unprivileged user was able to change labels description...

CVE-2022-30244

Honeywell Alerton Ascent Control Module ACM through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be store on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program...

CVE-2022-30243

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from remote users. This enables code to be stored on the controller and then run without verification. A user with malicious intent can send a crafted packet to change and/or stop the program without the...

CVE-2022-45163

An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol SDP mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device...

CVE-2021-32986

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is unlocked by an authorized user, the unlocked state does not timeout. If the programming software is interrupted, the PLC remains unlocked. All subsequent programming connections are allowed without...

CVE-2021-37707

Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a vulnerability that allows manipulation of product reviews via API. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a...

CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings...

CVE-2021-0132

Missing release of resource after effective lifetime in an API for the IntelR Security Library before version 3.3 may allow a privileged user to potentially enable denial of service via network access...

CVE-2021-39905

An information disclosure vulnerability in the GitLab CE/EE API since version 8.9.6 allows a user to see basic information on private groups that a public project has been shared with...

CVE-2021-38192

An issue was discovered in the prost-types crate before 0.8.0 for Rust. An overflow can occur during conversion from Timestamp to SystemTime...

CVE-2021-38187

An issue was discovered in the anymap crate through 0.12.1 for Rust. It violates soundness via conversion of a u8 to a u64...

CVE-2021-29931

An issue was discovered in the arenavec crate through 2021-01-12 for Rust. A double drop can sometimes occur upon a panic in T::drop...

CVE-2021-26954

An issue was discovered in the qwutils crate before 0.3.1 for Rust. When a Clone panic occurs, insertsliceclone can perform a double drop...

CVE-2021-26953

An issue was discovered in the postscript crate before 0.14.0 for Rust. It might allow attackers to obtain sensitive information from uninitialized memory locations via a user-provided Read implementation...

CVE-2021-25901

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race...

CVE-2021-29929

An issue was discovered in the endiantrait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics...

CVE-2021-45684

An issue was discovered in the flumedb crate through 2021-01-07 for Rust. readentry may read from uninitialized memory locations...

CVE-2021-44479

NXP Kinetis K82 devices have a buffer over-read via a crafted wlength value in a GET Status-Other request during use of USB In-System Programming ISP mode. This discloses protected flash memory...

CVE-2021-32980

Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect against additional software programming connections. An attacker can connect to the PLC while an existing connection is already active...

CVE-2021-32700

Ballerina is an open source programming language and platform for cloud application programmers. Ballerina versions 1.2.x and SL releases up to alpha 3 have a potential for a supply chain attack via MiTM against users. Http connections did not make use of TLS and certificate checking was ignored...