1394 matches found
DEBIAN-CVE-2022-39837
An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a NULL pointer dereference,...
DEBIAN-CVE-2022-39836
An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte...
UBUNTU-CVE-2022-39836
An issue was discovered in Connected Vehicle Systems Alliance COVESA dlt-daemon through 2.18.8. Due to a faulty DLT file parser, a crafted DLT file that crashes the process can be created. This is due to missing validation checks. There is a heap-based buffer over-read of one byte...
PT-2022-24860 · Flux · Flux
Name of the Vulnerable Software and Affected Versions: Flux versions prior to 0.35.0 Description: The issue concerns a Denial of Service in Flux, an open and extensible continuous delivery solution for Kubernetes. Users with permissions to change Flux's objects can provide invalid data to fields...
Boodskap IoT Platform 跨站脚本漏洞
Boodskap IoT Platform is an IoT platform from Boodskap, Inc. A security vulnerability exists in Boodskap IoT Platform version v4.4.9-02 that stems from its application not enforcing input validation and output cleanup across multiple functions resulting in multiple cross-site scripts...
CVE-2022-40178
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
Online Pet Shop We App Master.php?f=delete_order SQL Injection Vulnerability
Online Pet Shop We App is an online pet store web application by Carlo Montero Personal Developer. A SQL injection vulnerability exists in Online Pet Shop We App version 1.0, which originates from a lack of validation of externally entered SQL statements in the...
_releaseIntervalSecs is not validated
Lines of code Vulnerability details Impact VTVLVesting.sol has createClaimUnchecked function to create the claims internally while validating parameters with the users' allocations. However, releaseIntervalSecs is not validated comparing to user's linearVestAmount and startTimestamp endTimestamp...
CVE-2022-41244
Jenkins View26 Test-Reporting Plugin 1.0.7 and earlier does not perform hostname validation when connecting to the configured View26 server that could be abused using a man-in-the-middle attack to intercept these connections...
Safe Software FME Server 路径遍历漏洞
Safe Software FME Server is a web-based data conversion application from Safe Software Canada Inc. It is used to automate data and application integration workflows in a code-free environment. Safe Software FME Server suffers from a path traversal vulnerability that stems from a validation check...
CVE-2022-28742
aEnrich eHRD Learning Management Key Performance Indicator System 5+ has Improper Access Control. The web application does not validate user session when accessing many application pages. This can allow an attacker to gain unauthenticated access to sensitive functionalities in the application...
CVE-2022-2541
The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...
CVE-2022-2542
The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This make...
WordPress plugin Link Optimizer Lite 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2022-17281 · WordPress · Ucontext For Clickbank
Name of the Vulnerable Software and Affected Versions: uContext for Clickbank plugin for WordPress versions up to, and including 3.9.1 Description: The issue is due to missing nonce validation in the /app/sites/ajax/actions/keyword save.php file, which is called via the doAjax function. This allo...
AZL-10865 CVE-2022-32743 affecting package samba 4.12.5-7
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...
DEBIAN-CVE-2022-32743
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it...
mariadb: lack of validating the existence of an object prior to performing operations on the object
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...
mariadb: lack of validating the existence of an object prior to performing operations on the object
MariaDB CONNECT Storage Engine Use-After-Free Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...
Simple E-Learning System 安全漏洞
Simple E-Learning System is a simple e-learning system by Carlo Montero's personal developer. simple E-Learning System is vulnerable to an arbitrary file download vulnerability, which stems from a lack of validation of external input data in the downloadFiles.php parameter download. validation. A...