NVIDIA Jetson 缓冲区错误漏洞

NVIDIA Jetson is an embedded system development module from NVIDIA. A security vulnerability exists in NVIDIA Jetson, which originates in nvdlaemutasksubmit, where unauthenticated input could allow a local attacker to cause a stack-based buffer overflow in the kernel code, which could result in...

Joget 跨站脚本漏洞

Joget is an open source no-code/low-code application platform from Joget Open Source. For faster and simpler digital conversion DX. Joget versions prior to 7.0.34 cross-site scripting vulnerability , the vulnerability stems from the file...

PT-2022-28145 · Joget · Joget

Name of the Vulnerable Software and Affected Versions: Joget versions up to 7.0.33 Description: A problematic issue has been found in Joget, affecting the submitForm function of the UserProfileMenu component. The manipulation of the firstName/lastName arguments leads to cross-site scripting. The...

PT-2022-6715 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a NULL pointer dereference flaw in the submit lookup cmds function of the Linux kernel's drivers/gpu/drm/msm/msm gem submit.c code. This flaw occurs due to the...

Design/Logic Flaw

Interspire Email Marketer through 6.5.0 allows arbitrary file upload via a surveyssubmit.php "create survey and submit survey" operation, which can cause a .php file to be accessible under a /admin/temp/surveys/ URI. NOTE: this issue exists because of an incomplete fix for CVE-2018-19550...

BigCommerec Interspire Email Marketer 代码问题漏洞

Bigcommerec BigCommerec Interspire Email Marketer IEM is a suite of email marketing software from the US-based company Bigcommerec. A security vulnerability exists in Interspire Email Marketer version 6.5.0 that originates from allowing arbitrary files to be uploaded via the surveyssubmit.php...

Cross Site Request Forgery (CSRF)

Csurf is vulnerable to Cross Site Request Forgery CSRF. The vulnerability exists because of using insecure encryption, failing to check cookie signatures by default and incorrect implementation of the double-submit cookie implementation. An attacker can leverage these vulnerabilities to generate...

Name Directory < 1.25.3 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting. Furthermore, as the payload is also saved into the database after the request, it leads to a Stored XSS as well alert/XSS/" /...

CVE-2022-27854

Stored Cross-Site Scripting XSS vulnerability in Alexander Ustimenko's Psychological tests & quizzes plugin = 0.21.19 on WordPress possible for users with contributor or higher role via &wpttestpagesubmitbuttoncaption parameter...

PT-2022-18643 · Unknown · Alexander Ustimenko'S Psychological Tests & Quizzes Plugin

Name of the Vulnerable Software and Affected Versions: Alexander Ustimenko's Psychological tests & quizzes plugin versions = 0.21.19 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability. It affects users with a contributor or higher role. The vulnerability can be exploited vi...

GSD-2022-1001469 btrfs: do not clean up repair bio if submit fails

btrfs: do not clean up repair bio if submit fails This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

Menubar < 5.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the command parameter before outputting it back in the response via the menubar AJAX action available to any authenticated users, leading to a Reflected Cross-Site Scripting " /...

UBUNTU-CVE-2022-24683

HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec or job-submit capabilities to read arbitrary files on the host filesystem as root...

WordPress Flexi – Guest Submit plugin <= 4.19 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Felipe Tapia Sasot in WordPress Flexi – Guest Submit plugin versions = 4.19. Solution Update the WordPress Flexi – Guest Submit plugin to the latest available version at least 4.20...

Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting PoC Open the following URL when authenticated as any user: https://example.com/user-dashboard/?search=keyword:...

Flexi - Guest Submit < 4.20 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape various parameters before outputting them back in some pages such as the user dashboard, leading to a Reflected Cross-Site Scripting Open the following URL when authenticated as any user: https://example.com/user-dashboard/?search=keyword:...

CVE-2022-24684

HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6...

CVE-2022-24684

HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6...

UBUNTU-CVE-2022-24684

HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6...

CVE-2022-24684

HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6...