moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

Ubuntu: Security Advisory (USN-292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5546-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-4217

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution...

CVE-2021-4217

A flaw was found in unzip. The vulnerability occurs due to improper handling of Unicode strings, which can lead to a null pointer dereference. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

CVE-2022-38192

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

Cross site scripting

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

CVE-2022-38192 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript.

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

Esri Portal for ArcGIS 跨站脚本漏洞

Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal for ArcGIS, which stems from a stored cross-site scripting XSS vulnerability...

Clinic‘s Patient Management System SQL注入漏洞

Clinic's Patient Management System is a patient management system for a clinic by Carlo Montero. A security vulnerability exists in Clinic's Patient Management System v1.0, which can be exploited to construct special strings for SQL injection...

CVE-2022-38190

A stored Cross Site Scripting XSS vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user’s browser...

SQL Injection

Overview updatebycase is an a package that allows you to update multiple ActiveRecord records based on case values on a single database hit Affected versions of this package are vulnerable to SQL Injection in the UpdateByCase and Utils classes, which accept and process SQL strings without...

PT-2022-23056 · Unknown · Update By Case

Name of the Vulnerable Software and Affected Versions: update by case gem versions prior to 0.1.3 Description: The issue concerns a SQL injection vulnerability due to the use of custom, unsanitized SQL strings in the update by case gem. This vulnerability allows for potential SQL injection attack...

mariadb: use-after-free when WHERE has subquery with an outer reference in HAVING

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mywildcmp8bitimpl at /strings/ctype-simple.c, affecting availability...

Ubuntu: Security Advisory (USN-5546-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-2652

Depending on the way the format strings in the card label are crafted it's possible to leak kernel stack memory. There is also the possibility for DoS due to the v4l2loopback kernel module crashing when providing the card label on request reproduce e.g. with many %s modifiers in a row...

CVE-2022-2652

CVE-2022-2652 concerns the v4l2loopback kernel module. The vulnerability arises from how format strings are crafted in the card label, allowing kernel stack memory leakage and, in some cases, a DoS via v4l2loopback crashing when the label is requested (e.g., with many %s modifiers). Multiple open...

PT-2022-17916 · Unknown +3 · V4L2Loopback +3

Name of the Vulnerable Software and Affected Versions: v4l2loopback affected versions not specified Description: The issue allows for potential kernel stack memory leakage due to improperly crafted format strings in the card label. Additionally, there is a possibility of a Denial of Service DoS...

AZL-10467 CVE-2022-35737 affecting package sqlite for versions less than 3.39.2-1

SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API...