βΌ CVE-2022-22551 βΌ
π Read
via "National Vulnerability Database".
DELL EMC AppSync versions 3.9 to 4.3 use GET request method with sensitive query strings. An Adjacent, unauthenticated attacker could potentially exploit this vulnerability, and hijack the victim session.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46244 βΌ
π Read
via "National Vulnerability Database".
A Divide By Zero vulnerability exists in HDF5 v1.13.1-1 vis the function H5T__complete_copy () at /hdf5/src/H5T.c. This vulnerability causes an aritmetic exception, leading to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46237 βΌ
π Read
via "National Vulnerability Database".
An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-36338 βΌ
π Read
via "National Vulnerability Database".
Unisphere for PowerMax versions prior to 9.2.2.2 contains a privilege escalation vulnerability. An adjacent malicious user could potentially exploit this vulnerability to escalate their privileges and access functionalities they do not have access to.π Read
via "National Vulnerability Database".
βΌ CVE-2021-36339 βΌ
π Read
via "National Vulnerability Database".
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local malicious user may potentially exploit this vulnerability to get privileged access to the virtual appliance.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39480 βΌ
π Read
via "National Vulnerability Database".
Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46240 βΌ
π Read
via "National Vulnerability Database".
A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS).π Read
via "National Vulnerability Database".
βΌ CVE-2021-46242 βΌ
π Read
via "National Vulnerability Database".
HDF5 v1.13.1-1 was discovered to contain a heap-use-after free via the component H5AC_unpin_entry.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23837 βΌ
π Read
via "National Vulnerability Database".
In api.rb in Sidekiq before 6.4.0, there is no limit on the number of days when requesting stats for the graph. This overloads the system, affecting the Web UI, and makes it unavailable to users.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23366 βΌ
π Read
via "National Vulnerability Database".
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21708 βΌ
π Read
via "National Vulnerability Database".
graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23808 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23807 βΌ
π Read
via "National Vulnerability Database".
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4172 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.π Read
via "National Vulnerability Database".
βΌ CVE-2021-4103 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23850 βΌ
π Read
via "National Vulnerability Database".
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.π Read
via "National Vulnerability Database".
βΌ CVE-2021-46024 βΌ
π Read
via "National Vulnerability Database".
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.π Read
via "National Vulnerability Database".
βΌ CVE-2021-45380 βΌ
π Read
via "National Vulnerability Database".
AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.phpπ Read
via "National Vulnerability Database".
βΌ CVE-2022-23852 βΌ
π Read
via "National Vulnerability Database".
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.π Read
via "National Vulnerability Database".
βΌ CVE-2022-23858 βΌ
π Read
via "National Vulnerability Database".
In StarWind Command Center before V2 build 6021, an authenticated read-only user can elevate privileges to administrator through the REST API.π Read
via "National Vulnerability Database".
β Unusual βDonald Trumpβ Packer Malware Delivers RATs, Infostealers β
π Read
via "Threat Post".
The βDTPackerβ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.π Read
via "Threat Post".
Threat Post
Unusual βDonald Trumpβ Packer Malware Delivers RATs, Infostealers
The βDTPackerβ downloader used fake Liverpool Football Club sites as lures for several weeks, a report finds.