βΌ CVE-2020-28441 βΌ
π Read
via "National Vulnerability Database".
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2522 βΌ
π Read
via "National Vulnerability Database".
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0060.π Read
via "National Vulnerability Database".
βΌ CVE-2021-40335 βΌ
π Read
via "National Vulnerability Database".
A vulnerability exists in the HTTP web interface where the web interface does not sufficiently verify if a well-formed, valid, consistent request was intentionally provided by the user who submitted the request. This cause a Cross Site Request Forgery (CSRF), which if exploited could lead an attacker to gain unauthorized access to the web application and perform an unwanted operation on it without the knowledge of the legitimate user. An attacker, who successfully makes an MSM user who has already established a session to MSM web interface clicks a forged link to the MSM web interface, e.g., link is sent per E-Mail, could perform harmful command on MSM through its web server interface. This issue affects: Hitachi Energy MSM V2.2 and prior versions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1308 βΌ
π Read
via "National Vulnerability Database".
Use after free in BFCache in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21802 βΌ
π Read
via "National Vulnerability Database".
The package grapesjs before 0.19.5 are vulnerable to Cross-site Scripting (XSS) due to an improper sanitization of the class name in Selector Manager.π Read
via "National Vulnerability Database".
βΌ CVE-2022-0670 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Openstack manilla owning a Ceph File system "share", which enables the owner to read/write any manilla share or entire file system. The vulnerability is due to a bug in the "volumes" plugin in Ceph Manager. This allows an attacker to compromise Confidentiality and Integrity of a file system. Fixed in RHCS 5.2 and Ceph 17.2.2.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1307 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in full screen in Google Chrome on Android prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1306 βΌ
π Read
via "National Vulnerability Database".
Inappropriate implementation in compositing in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2514 βΌ
π Read
via "National Vulnerability Database".
The time and filter parameters in Fava prior to v1.22 are vulnerable to reflected XSS due to the lack of escaping of error messages which contained the parameters in verbatim.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1313 βΌ
π Read
via "National Vulnerability Database".
Use after free in tab groups in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1232 βΌ
π Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 100.0.4896.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28446 βΌ
π Read
via "National Vulnerability Database".
The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1311 βΌ
π Read
via "National Vulnerability Database".
Use after free in shell in Google Chrome on ChromeOS prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2022-1314 βΌ
π Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28462 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package ion-parser. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be exploited further depending on the context.π Read
via "National Vulnerability Database".
βΌ CVE-2022-26307 βΌ
π Read
via "National Vulnerability Database".
LibreOffice supports the storage of passwords for web connections in the userΓ’β¬β’s configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in LibreOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulerable to a brute force attack if an attacker has access to the users stored config. This issue affects: The Document Foundation LibreOffice 7.2 versions prior to 7.2.7; 7.3 versions prior to 7.3.3.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34963 βΌ
π Read
via "National Vulnerability Database".
OpenTeknik LLC OSSN OPEN SOURCE SOCIAL NETWORK v6.3 LTS was discovered to contain a stored cross-site scripting (XSS) vulnerability via the News Feed module.π Read
via "National Vulnerability Database".
βΌ CVE-2020-28459 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.π Read
via "National Vulnerability Database".
π Logwatch 7.7 π
π Read
via "Packet Storm Security".
Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.π Read
via "Packet Storm Security".
Packetstormsecurity
Logwatch 7.7 β Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
βΌ CVE-2020-28438 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.jsπ Read
via "National Vulnerability Database".
βΌ CVE-2020-28445 βΌ
π Read
via "National Vulnerability Database".
This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function.π Read
via "National Vulnerability Database".