Deno 安全漏洞

Deno is open source a simple , modern and secure JavaScript and TypeScript runtime environment . It uses V8 and built with Rust. Versions of Deno from 1.18.0 to 1.20.2 contain a security vulnerability that allows an attacker to bypass all privilege checks and execute arbitrary shell code...

depend (>=0.2.0 <=0.3.0), ekrhizoc (>=0.0.5 <=0.1.0) +12 more potentially affected by CVE-2022-26184 via poetry (>=1.0.0 <=1.1.5)

poetry PYPI version =1.0.0, =0.2.0, =0.0.5, =2020.1.0, =0.1.4, =5.2.0, =0.0.5, =0.1.0, =0.4.0, =0.1.0, =0.3.0, =0.1.3, =0.0.1, =0.1.4 Source cves: CVE-2022-26184 Source advisory: OSV:GHSA-XR2C-5W89-63PV...

CVE-2022-25518

In CMDBuild from version 3.0 to 3.3.2 payload requests are saved in a temporary log table, which allows attackers with database access to read the password of the users who login to the application by querying the database table...

CMDBuild 日志信息泄露漏洞

CMDBuild is an open source web enterprise environment for configuring custom applications for asset management. A security vulnerability exists in CMDBuild versions 3.0 through 3.3.2, which stems from the fact that payload requests for CMDBuild versions 3.0 through 3.3.2 are stored in a temporary...

-tompan-reacttemplate (>=1.0.1 <=1.1.0), 00ld8nuivn (=2.1.0) +40777 more potentially affected by CVE-2022-24771 via node-forge (>=0.10.0 <=1.2.1)

node-forge NPM version =0.10.0, =1.0.1, =1.1.0 - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 - 06buj9h3su =2.1.0 - 06dre15t8r =2.1.0 - 0726react =0.1.1 - 07fgapmu9l =1.1.0 - 07t2xvu6t4 =2.1.0 - 0850u4lkp...

Automotive Grade Linux Kooky Koi 安全漏洞

Automotive Grade Linux Kooky Koi is a Linux Foundation in-vehicle system. A security vulnerability exists in Automotive Grade Linux Kooky Koi versions 11.0.0 through 11.0.5, which stems from incorrect access control in usr/bin/afb-daemon. An attacker can exploit the vulnerability by sending a...

PT-2022-16745 · Unknown · Automotive Grade Linux

Name of the Vulnerable Software and Affected Versions: Automotive Grade Linux Kooky Koi versions 11.0.0 through 11.0.5 Description: The issue is related to Incorrect Access Control in usr/bin/afb-daemon. To exploit this, an attacker needs to send a well-crafted HTTP or WebSocket request to the...

cradle-app (>=0.1.0 <=0.1.1), torchflare (=0.2.4) potentially affected by CVE-2022-24770 via gradio (>=1.7.7 <=2.2.13)

gradio PYPI version =1.7.7, =0.1.0, =0.1.1 - torchflare =0.2.4 Source cves: CVE-2022-24770 Source advisory: OSV:PYSEC-2022-229...

KINGSOFT Installer of WPS Office 代码问题漏洞

KINGSOFT Installer of WPS Office is an installer and setup program for WPS Office from the Chinese company KINGSOFT. A code issue vulnerability exists in KINGSOFT Installer of WPS Office versions 10.8.0.5745 through 10.8.0.6186, which stems from the application loading DLL libraries in an insecur...

KINGSOFT Installer of WPS Office 代码问题漏洞

KINGSOFT Installer of WPS Office is an installer and setup program for WPS Office from the Chinese company KINGSOFT. A code issue vulnerability exists in KINGSOFT Installer of WPS Office versions 10.8.0.5745 through 10.8.0.6186, which stems from the application loading DLL libraries in an insecur...

CVE-2021-39051

IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.14.3 is vulnerable to server-side request forgery, caused by improper input of application server registration function. A remote attacker could exploit this vulnerability using the host address and port fields of the application server...

UBUNTU-CVE-2021-44964

Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3 allows attackers to perform Sandbox Escape via a crafted script file...

CVE-2022-24397

SAP NetWeaver Enterprise Portal - versions 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting XSS vulnerability.This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of...

Acer Care Center 授权问题漏洞

Acer Care Center is a system care center from Acer China Acer that allows you to back up or restore your system settings and network drivers to prevent the effects of system failure. Acer Care Center version 4.00.30xx to versions prior to 4.00.3042 A security vulnerability exists that originates...

CVE-2022-0507 Vulnerability: Authenticated SQL Injection in API

Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version range: all versions of NG version, up to OUM 759. This vulnerability could allow an attacker with authenticated IP to inject SQL...

CVE-2022-21828

A user with high privilege access to the Incapptic Connect web console can remotely execute code on the Incapptic Connect server using a unspecified attack vector in Incapptic Connect version 1.40.0, 1.39.1, 1.39.0, 1.38.1, 1.38.0, 1.37.1, 1.37.0, 1.36.0, 1.35.5, 1.35.4 and 1.35.3...

PT-2022-15974 · Cedar Gate · Cedar Gate Ez-Net Portal

Name of the Vulnerable Software and Affected Versions: Cedar Gate EZ-NET portal versions 6.5.5 through 6.8.0 Description: The issue arises from a call to display messages to users that does not properly sanitize data sent through a URL parameter, leading to a Reflected Cross-Site Scripting...

PT-2022-16218 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 7.16 through 7.17.0 Description: A flaw was discovered in Elasticsearch's upgrade assistant, which occurs when upgrading from version 6.x to 7.x, disabling the in-built protections on the security index. This allows...

PT-2022-10707 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.2 through 7.3.6 Liferay DXP 7.3 before fix pack 2 Description: A cross-site scripting XSS issue exists in the Blogs module's edit blog entry page, allowing remote attackers to inject arbitrary web script or HTML vi...

ai.grakn:grakn-test (>=0.13.0 <=0.15.0), ai.grakn:test-integration (>=0.16.0 <=v1.1.0-226-g847ecff2d8e26f249422247d7665fe15f07b1744) +838 more potentially affected by CVE-2022-24615 via net.lingala.zip4j:zip4j (>=1.2.3 <=2.0.2)

net.lingala.zip4j:zip4j MAVEN version =1.2.3, =0.13.0, =0.16.0, =1.5.0, =1.0.0, =1.0.1, =1.0.4, =2.5.7, =1.1.13, =1.0.7, =1.1.4, =2.1.0, =1.0.0, =3.0.2, =1.0.3, =3.3.0, =3.3.9 and more Source cves: CVE-2022-24615 Source advisory: OSV:GHSA-Q62H-JW38-24VH...