‼ CVE-2021-46313 ‼
📖 Read
via "National Vulnerability Database".
The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46311 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22552 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC AppSync versions 3.9 to 4.3 contain a clickjacking vulnerability in AppSync. A remote unauthenticated attacker could potentially exploit this vulnerability to trick the victim into executing state changing operations.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46234 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46243 ‼
📖 Read
via "National Vulnerability Database".
An untrusted pointer dereference vulnerability exists in HDF5 v1.13.1-1 via the function H5O__dtype_decode_helper () at hdf5/src/H5Odtype.c. This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46236 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22553 ‼
📖 Read
via "National Vulnerability Database".
Dell EMC AppSync versions 3.9 to 4.3 contain an Improper Restriction of Excessive Authentication Attempts Vulnerability that can be exploited from UI and CLI. An adjacent unauthenticated attacker could potentially exploit this vulnerability, leading to password brute-forcing. Account takeover is possible if weak passwords are used by users.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46239 ‼
📖 Read
via "National Vulnerability Database".
The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22551 ‼
📖 Read
via "National Vulnerability Database".
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46244 ‼
📖 Read
via "National Vulnerability Database".
A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46237 ‼
📖 Read
via "National Vulnerability Database".
An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36338 ‼
📖 Read
via "National Vulnerability Database".
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-36339 ‼
📖 Read
via "National Vulnerability Database".
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-39480 ‼
📖 Read
via "National Vulnerability Database".
Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46240 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).📖 Read
via "National Vulnerability Database".
‼ CVE-2021-46242 ‼
📖 Read
via "National Vulnerability Database".
HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23837 ‼
📖 Read
via "National Vulnerability Database".
In api.rb in Sidekiq before 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23366 ‼
📖 Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-21708 ‼
📖 Read
via "National Vulnerability Database".
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23808 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23807 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.📖 Read
via "National Vulnerability Database".