Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13533 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 4.4 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs in and uses the application. | |||||
| CVE-2020-13532 | 1 Dreamreport | 1 Dream Report | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-24785 | 4 Fedoraproject, Momentjs, Netapp and 1 more | 4 Fedora, Moment, Active Iq and 1 more | 2022-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a workaround, sanitize the user-provided locale name before passing it to Moment.js. | |||||
| CVE-2022-26126 | 2 Fedoraproject, Frrouting | 2 Fedora, Frrouting | 2022-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| Buffer overflow vulnerabilities exist in FRRouting through 8.1.0 due to the use of strdup with a non-zero-terminated binary string in isis_nb_notifications.c. | |||||
| CVE-2021-3807 | 2 Ansi-regex Project, Oracle | 2 Ansi-regex, Communications Cloud Native Core Policy | 2022-07-30 | 7.8 HIGH | 7.5 HIGH |
| ansi-regex is vulnerable to Inefficient Regular Expression Complexity | |||||
| CVE-2021-43859 | 4 Debian, Fedoraproject, Oracle and 1 more | 10 Debian Linux, Fedora, Commerce Guided Search and 7 more | 2022-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| XStream is an open source java library to serialize objects to XML and back again. Versions prior to 1.4.19 may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. XStream 1.4.19 monitors and accumulates the time it takes to add elements to collections and throws an exception if a set threshold is exceeded. Users are advised to upgrade as soon as possible. Users unable to upgrade may set the NO_REFERENCE mode to prevent recursion. See GHSA-rmr5-cpv2-vgjf for further details on a workaround if an upgrade is not possible. | |||||
| CVE-2022-27227 | 2 Fedoraproject, Powerdns | 3 Fedora, Authoritative Server, Recursor | 2022-07-30 | 4.3 MEDIUM | 7.5 HIGH |
| In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers. | |||||
| CVE-2022-22962 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file. | |||||
| CVE-2022-22964 | 2 Linux, Vmware | 2 Linux Kernel, Horizon | 2022-07-30 | 7.2 HIGH | 7.8 HIGH |
| VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. | |||||
| CVE-2021-44224 | 6 Apache, Apple, Debian and 3 more | 11 Http Server, Macos, Debian Linux and 8 more | 2022-07-30 | 6.4 MEDIUM | 8.2 HIGH |
| A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included). | |||||
| CVE-2021-4182 | 3 Fedoraproject, Oracle, Wireshark | 4 Fedora, Http Server, Zfs Storage Appliance Kit and 1 more | 2022-07-30 | 5.0 MEDIUM | 7.5 HIGH |
| Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file | |||||
| CVE-2022-21824 | 4 Debian, Netapp, Nodejs and 1 more | 11 Debian Linux, Oncommand Insight, Oncommand Workflow Automation and 8 more | 2022-07-30 | 6.4 MEDIUM | 8.2 HIGH |
| Due to the formatting logic of the "console.table()" function it was not safe to allow user controlled input to be passed to the "properties" parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be "__proto__". The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.Node.js >= 12.22.9, >= 14.18.3, >= 16.13.2, and >= 17.3.1 use a null protoype for the object these properties are being assigned to. | |||||
| CVE-2022-23181 | 2 Apache, Oracle | 6 Tomcat, Agile Engineering Data Management, Communications Cloud Native Core Policy and 3 more | 2022-07-30 | 3.7 LOW | 7.0 HIGH |
| The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore. | |||||
| CVE-2022-32498 | 1 Dell | 1 Powerstore Command Line Interface | 2022-07-30 | N/A | 7.8 HIGH |
| Dell EMC PowerStore, Versions prior to v3.0.0.0 contain a DLL Hijacking vulnerability in PSTCLI. A local attacker can potentially exploit this vulnerability to execute arbitrary code, escalate privileges, and bypass software allow list solutions, leading to system takeover or IP exposure. | |||||
| CVE-2022-33923 | 1 Dell | 10 Emc Powerstore 1200t, Emc Powerstore 1200t Firmware, Emc Powerstore 3200t and 7 more | 2022-07-30 | N/A | 7.8 HIGH |
| Dell PowerStore, versions prior to 3.0.0.0, contains an OS Command Injection vulnerability in PowerStore T environment. A locally authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS command on the PowerStore underlying OS. Exploiting may lead to a system take over by an attacker. | |||||
| CVE-2022-26704 | 1 Apple | 1 Macos | 2022-07-30 | 6.8 MEDIUM | 7.8 HIGH |
| A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. | |||||
| CVE-2022-22212 | 1 Juniper | 1 Junos Os Evolved | 2022-07-29 | N/A | 7.5 HIGH |
| An Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos Evolved platforms hostbound protocols will be impacted by a high rate of specific hostbound traffic from ports on a PFE. Continued receipt of this amount of traffic will create a sustained Denial of Service (DoS) condition. This issue affects Juniper Networks Junos OS Evolved: 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.2R1. | |||||
| CVE-2022-22209 | 1 Juniper | 1 Junos | 2022-07-29 | N/A | 7.5 HIGH |
| A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated network based attacker to cause a Denial of Service (DoS). On all Junos platforms, the Kernel Routing Table (KRT) queue can get stuck due to a memory leak triggered by interface flaps or route churn leading to RIB and PFEs getting out of sync. The memory leak causes RTNEXTHOP/route and next-hop memory pressure issue and the KRT queue will eventually get stuck with the error- 'ENOMEM -- Cannot allocate memory'. The out-of-sync state between RIB and FIB can be seen with the "show route" and "show route forwarding-table" command. This issue will lead to failures for adding new routes. The KRT queue status can be checked using the CLI command "show krt queue": user@host > show krt state High-priority add queue: 1 queued ADD nhtype Router index 0 (31212) error 'ENOMEM -- Cannot allocate memory' kqp '0x8ad5e40' The following messages will be observed in /var/log/messages, which indicate high memory for routes/nexthops: host rpd[16279]: RPD_RT_HWM_NOTICE: New RIB highwatermark for routes: 266 [2022-03-04 05:06:07] host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host rpd[16279]: RPD_KRT_Q_RETRIES: nexthop ADD: Cannot allocate memory host kernel: rts_veto_net_delayed_unref_limit: Route/nexthop memory is severe pressure. User Application to perform recovery actions. O p 8 err 12, rtsm_id 0:-1, msg type 10, veto simulation: 0. host kernel: rts_veto_net_delayed_unref_limit: Memory usage of M_RTNEXTHOP type = (806321208) Max size possible for M_RTNEXTHOP type = (689432176) Current delayed unref = (0), Max delayed unref on this platform = (120000) Current delayed weight unref = (0) Max delayed weight unref on this platform = (400000) curproc = rpd. This issue affects: Juniper Networks Junos OS 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R2-S1, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; This issue does not affect Juniper Networks Junos OS versions prior to 21.2R1. | |||||
| CVE-2022-22205 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2022-07-29 | N/A | 7.5 HIGH |
| A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of such specific traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. A device is only vulnerable when advance(d) policy based routing (APBR) is configured and AppQoE (sla rule) is not configured for these APBR rules. This issue affects Juniper Networks Junos OS on SRX Series: 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R3; 21.2 versions prior to 21.2R2-S1, 21.2R3; 21.3 versions prior to 21.3R1-S2, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.3R1. | |||||
| CVE-2022-30526 | 1 Zyxel | 50 Atp100, Atp100 Firmware, Atp100w and 47 more | 2022-07-29 | N/A | 7.8 HIGH |
| A privilege escalation vulnerability was identified in the CLI command of Zyxel USG FLEX 100(W) firmware versions 4.50 through 5.30, USG FLEX 200 firmware versions 4.50 through 5.30, USG FLEX 500 firmware versions 4.50 through 5.30, USG FLEX 700 firmware versions 4.50 through 5.30, USG FLEX 50(W) firmware versions 4.16 through 5.30, USG20(W)-VPN firmware versions 4.16 through 5.30, ATP series firmware versions 4.32 through 5.30, VPN series firmware versions 4.30 through 5.30, USG/ZyWALL series firmware versions 4.09 through 4.72, which could allow a local attacker to execute some OS commands with root privileges in some directories on a vulnerable device. | |||||
| CVE-2022-22390 | 4 Ibm, Linux, Microsoft and 1 more | 4 Db2, Linux Kernel, Windows and 1 more | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 may be vulnerable to an information disclosure caused by improper privilege management when table function is used. IBM X-Force ID: 221973. | |||||
| CVE-2022-33105 | 1 Redis | 1 Redis | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID. | |||||
| CVE-2022-27778 | 1 Haxx | 1 Curl | 2022-07-29 | 5.8 MEDIUM | 8.1 HIGH |
| A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`. | |||||
| CVE-2021-3629 | 1 Redhat | 6 Enterprise Linux, Integration, Jboss Enterprise Application Platform and 3 more | 2022-07-29 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in Undertow. A potential security issue in flow control handling by the browser over http/2 may potentially cause overhead or a denial of service in the server. The highest threat from this vulnerability is availability. This flaw affects Undertow versions prior to 2.0.40.Final and prior to 2.2.11.Final. | |||||
| CVE-2022-23804 | 3 Debian, Fedoraproject, Kicad | 3 Debian Linux, Fedora, Eda | 2022-07-29 | 6.8 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the Gerber Viewer gerber and excellon ReadIJCoord coordinate parsing functionality of KiCad EDA 6.0.1 and master commit de006fc010. A specially-crafted gerber or excellon file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-31168 | 1 Zulip | 1 Zulip | 2022-07-29 | N/A | 8.8 HIGH |
| Zulip is an open source team chat tool. Due to an incorrect authorization check in Zulip Server 5.4 and earlier, a member of an organization could craft an API call that grants organization administrator privileges to one of their bots. The vulnerability is fixed in Zulip Server 5.5. Members who don’t own any bots, and lack permission to create them, can’t exploit the vulnerability. As a workaround for the vulnerability, an organization administrator can restrict the `Who can create bots` permission to administrators only, and change the ownership of existing bots. | |||||
| CVE-2022-2327 | 1 Linux | 1 Linux Kernel | 2022-07-29 | N/A | 7.8 HIGH |
| io_uring use work_flags to determine which identity need to grab from the calling process to make sure it is consistent with the calling process when executing IORING_OP. Some operations are missing some types, which can lead to incorrect reference counts which can then lead to a double free. We recommend upgrading the kernel past commit df3f3bb5059d20ef094d6b2f0256c4bf4127a859 | |||||
| CVE-2022-26358 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-07-29 | 4.4 MEDIUM | 7.8 HIGH |
| IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | |||||
| CVE-2022-26359 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2022-07-29 | 4.4 MEDIUM | 7.8 HIGH |
| IOMMU: RMRR (VT-d) and unity map (AMD-Vi) handling issues T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for Intel VT-d or Unity Mapping ranges for AMD-Vi. These are typically used for platform tasks such as legacy USB emulation. Since the precise purpose of these regions is unknown, once a device associated with such a region is active, the mappings of these regions need to remain continuouly accessible by the device. This requirement has been violated. Subsequent DMA or interrupts from the device may have unpredictable behaviour, ranging from IOMMU faults to memory corruption. | |||||
| CVE-2022-1486 | 1 Google | 1 Chrome | 2022-07-29 | N/A | 8.8 HIGH |
| Type confusion in V8 in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2022-1485 | 1 Google | 1 Chrome | 2022-07-29 | N/A | 7.5 HIGH |
| Use after free in File System API in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1484 | 1 Google | 1 Chrome | 2022-07-29 | N/A | 8.8 HIGH |
| Heap buffer overflow in Web UI Settings in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1483 | 1 Google | 1 Chrome | 2022-07-29 | N/A | 8.8 HIGH |
| Heap buffer overflow in WebGPU in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1479 | 1 Google | 1 Chrome | 2022-07-29 | N/A | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1478 | 1 Google | 1 Chrome | 2022-07-29 | N/A | 8.8 HIGH |
| Use after free in SwiftShader in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1477 | 1 Google | 1 Chrome | 2022-07-29 | N/A | 8.8 HIGH |
| Use after free in Vulkan in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-22221 | 1 Juniper | 86 Ex2200, Ex2200-c, Ex2200-vc and 83 more | 2022-07-29 | N/A | 7.8 HIGH |
| An Improper Neutralization of Special Elements vulnerability in the download manager of Juniper Networks Junos OS on SRX Series and EX Series allows a locally authenticated attacker with low privileges to take full control over the device. One aspect of this vulnerability is that the attacker needs to be able to execute any of the "request ..." or "show system download ..." commands. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: All versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S4; 20.3 versions prior to 20.3R3-S3; 20.4 versions prior to 20.4R3-S2, 20.4R3-S3; 21.1 versions prior to 21.1R3-S1; 21.2 versions prior to 21.2R2-S2, 21.2R3; 21.3 versions prior to 21.3R2, 21.3R3; 21.4 versions prior to 21.4R1-S1, 21.4R2. | |||||
| CVE-2019-5824 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Parameter passing error in media in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5822 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in Blink in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | |||||
| CVE-2019-5827 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in SQLite via WebSQL in Google Chrome prior to 74.0.3729.131 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5828 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Object lifecycle issue in ServiceWorker in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2019-5829 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in download manager in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. | |||||
| CVE-2019-5821 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2022-31162 | 1 Slack Morphism Project | 1 Slack Morphism | 2022-07-29 | N/A | 7.5 HIGH |
| Slack Morphism is an async client library for Rust. Prior to 0.41.0, it was possible for Slack OAuth client information to leak in application debug logs. Stricter and more secure debug formatting was introduced in v0.41.0 for OAuth secret types to reduce the possibility of printing sensitive information in application logs. As a workaround, do not print/output requests and responses for OAuth and client configurations in logs. | |||||
| CVE-2019-5831 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Object lifecycle issue in V8 in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-5836 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in ANGLE in Google Chrome prior to 75.0.3770.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2022-1539 | 1 Exports And Reports Project | 1 Exports And Reports | 2022-07-29 | N/A | 8.8 HIGH |
| The Exports and Reports WordPress plugin before 0.9.2 does not sanitize and validate data when generating the CSV to export, which could lead to a CSV injection, by the use of Microsoft Excel DDE function, or to leak data via maliciously injected hyperlinks. | |||||
| CVE-2019-5963 | 1 Zoho | 1 Salesiq | 2022-07-29 | 6.8 MEDIUM | 8.8 HIGH |
| Cross-site request forgery (CSRF) vulnerability in Zoho SalesIQ 1.0.8 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||||
| CVE-2021-28165 | 4 Eclipse, Jenkins, Netapp and 1 more | 21 Jetty, Jenkins, Cloud Manager and 18 more | 2022-07-29 | 7.8 HIGH | 7.5 HIGH |
| In Eclipse Jetty 7.2.2 to 9.4.38, 10.0.0.alpha0 to 10.0.1, and 11.0.0.alpha0 to 11.0.1, CPU usage can reach 100% upon receiving a large invalid TLS frame. | |||||
| CVE-2021-28129 | 1 Apache | 1 Openoffice | 2022-07-29 | 4.6 MEDIUM | 7.8 HIGH |
| While working on Apache OpenOffice 4.1.8 a developer discovered that the DEB package did not install using root, but instead used a userid and groupid of 500. This both caused issues with desktop integration and could allow a crafted attack on files owned by that user or group if they exist. Users who installed the Apache OpenOffice 4.1.8 DEB packaging should upgrade to the latest version of Apache OpenOffice. | |||||