βΌ CVE-2022-38189 βΌ
π Read
via "National Vulnerability Database".
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the userΓ’β¬β’s browser.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39087 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 could allow an authenticated user to obtain sensitive information due to improper permission controls. IBM X-Force ID: 216109.π Read
via "National Vulnerability Database".
βΌ CVE-2021-39035 βΌ
π Read
via "National Vulnerability Database".
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.4, and 6.1.1.0 through 6.1.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213965.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38184 βΌ
π Read
via "National Vulnerability Database".
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2843 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument post_title with the input <img src=x onerror=alert`2`> leads to cross site scripting. The attack may be launched remotely. VDB-206486 is the identifier assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-36242 βΌ
π Read
via "National Vulnerability Database".
Clinic's Patient Management System v1.0 is vulnerable to SQL Injection via /pms/update_medicine.php?id=.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30575 βΌ
π Read
via "National Vulnerability Database".
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker with network access to execute scripts targeting the affected system or the victim's local system. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2847 βΌ
π Read
via "National Vulnerability Database".
A vulnerability, which was classified as critical, has been found in SourceCodester Guest Management System. This issue affects some unknown processing of the file /guestmanagement/front.php. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206489 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-30576 βΌ
π Read
via "National Vulnerability Database".
The Web Console component of TIBCO Software Inc.'s TIBCO Data Science - Workbench, TIBCO Statistica, TIBCO Statistica - Estore Edition, and TIBCO Statistica Trial contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Data Science - Workbench: versions 14.0.0 and below, TIBCO Statistica: versions 14.0.0 and below, TIBCO Statistica - Estore Edition: versions 14.0.0 and below, and TIBCO Statistica Trial: versions 14.0.0 and below.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35002 βΌ
π Read
via "National Vulnerability Database".
JPEGDEC commit be4843c was discovered to contain a segmentation fault via TIFFSHORT at /src/jpeg.inl.π Read
via "National Vulnerability Database".
βΌ CVE-2022-2831 βΌ
π Read
via "National Vulnerability Database".
A loaded (and valid) image can be crafted such that an out-of-bounds read or write occurs when the image converted to thumbnail that is flipped vertically. Crash occured in source/blender/blendthumb/src/blendthumb_extract.ccπ Read
via "National Vulnerability Database".
βΌ CVE-2022-35101 βΌ
π Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memset-vec-unaligned-erms.S.π Read
via "National Vulnerability Database".
βΌ CVE-2020-10710 βΌ
π Read
via "National Vulnerability Database".
A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellite through the satellite-installer. This flaw allows an attacker with sufficiently high privileges, such as root, to retrieve the Candlepin plaintext password.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34256 βΌ
π Read
via "National Vulnerability Database".
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35478 βΌ
π Read
via "National Vulnerability Database".
OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35481 βΌ
π Read
via "National Vulnerability Database".
OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35479 βΌ
π Read
via "National Vulnerability Database".
OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35475 βΌ
π Read
via "National Vulnerability Database".
OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41a8.π Read
via "National Vulnerability Database".
βΌ CVE-2020-1755 βΌ
π Read
via "National Vulnerability Database".
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks.π Read
via "National Vulnerability Database".
βΌ CVE-2022-35476 βΌ
π Read
via "National Vulnerability Database".
OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38233 βΌ
π Read
via "National Vulnerability Database".
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.π Read
via "National Vulnerability Database".