| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. |
| A vulnerability in NetBatch-Plus software allows unauthorized access to the application.
HPE has provided a workaround and fix. Please refer to HPE Security Bulletin
HPESBNS04388
for details.
|
| A maliciously crafted CATPART file when parsed in CC5Dll.dll through Autodesk AutoCAD can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. |
| This vulnerability discloses build and services versions in the server response header.
|
| This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.
|
|
IBM CICS TX 11.7 could allow an attacker to obtain sensitive information from HTTP response headers. IBM X-Force ID: 229467.
|
| An access control issue in /usr/sbin/httpd in Tenda TX9 V1 V22.03.02.54, Tenda AX3 V3 V16.03.12.11, Tenda AX9 V1 V22.03.01.46, and Tenda AX12 V1 V22.03.01.46 allows attackers to bypass authentication on any endpoint via a crafted URL. |
|
webvendome - webvendome SQL Injection.
SQL Injection in the Parameter " DocNumber"
Request :
Get Request :
/webvendome/showfiles.aspx?jobnumber=nullDoc Number=HERE.
|
| drachtio-server before 0.8.19 has a heap-based buffer over-read via a long Request-URI in an INVITE request. |
| In PaddlePaddle before 2.4, paddle.audio.functional.get_window is vulnerable to code injection because it calls eval on a user-supplied winstr. This may lead to arbitrary code execution. |
| In PyTorch before trunk/89695, torch.jit.annotations.parse_type_line can cause arbitrary code execution because eval is used unsafely. |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. |
| A cross-site scripting (XSS) vulnerability in the Url parameter in /login.php of EyouCMS v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. |
| Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/get_fields.html component. |
| An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password. |
| Web-Based Student Clearance System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in changepassword.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtnew_password parameter. |
| A cross-site scripting (XSS) vulnerability in Sanitization Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter at /php-sms/classes/Login.php. |
| The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website. |
| A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages. |
