βΌ CVE-2019-8720 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3857 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row() function.π Read
via "National Vulnerability Database".
βΌ CVE-2023-0330 βΌ
π Read
via "National Vulnerability Database".
A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.π Read
via "National Vulnerability Database".
βΌ CVE-2017-20181 βΌ
π Read
via "National Vulnerability Database".
A vulnerability classified as critical was found in hgzojer Vocable Trainer up to 1.3.0. This vulnerability affects unknown code of the file src/at/hgz/vocabletrainer/VocableTrainerProvider.java. The manipulation leads to path traversal. Attacking locally is a requirement. Upgrading to version 1.3.1 is able to address this issue. The name of the patch is accf6838078f8eb105cfc7865aba5c705fb68426. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-222328.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45142 βΌ
π Read
via "National Vulnerability Database".
The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3277 βΌ
π Read
via "National Vulnerability Database".
An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2022-4134 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in openstack-glance. This issue could allow a remote, authenticated attacker to tamper with images, compromising the integrity of virtual machines created using these modified images.π Read
via "National Vulnerability Database".
βΌ CVE-2023-27891 βΌ
π Read
via "National Vulnerability Database".
rami.io pretix before 4.17.1 allows OAuth application authorization from a logged-out session. The fixed versions are 4.15.1, 4.16.1, and 4.17.1.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3854 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in Ceph, relating to the URL processing on RGW backends. An attacker can exploit the URL processing by providing a null URL to crash the RGW, causing a denial of service.π Read
via "National Vulnerability Database".
βΌ CVE-2021-20251 βΌ
π Read
via "National Vulnerability Database".
A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3424 βΌ
π Read
via "National Vulnerability Database".
A use-after-free flaw was found in the Linux kernelΓ’β¬β’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1240 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1239 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1242 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3760 βΌ
π Read
via "National Vulnerability Database".
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mia Technology Mia-Med.This issue affects Mia-Med: before 1.0.0.58.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1243 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1238 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1247 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 11.0.0.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1244 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1237 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".
βΌ CVE-2023-1241 βΌ
π Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.6.π Read
via "National Vulnerability Database".