Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46313 | 1 Gpac | 1 Gpac | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46311 | 1 Gpac | 1 Gpac | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_destroy_routes () at scenegraph/vrml_route.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46240 | 1 Gpac | 1 Gpac | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_dump_vrml_sffield () at scene_manager/scene_dump.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46239 | 1 Gpac | 1 Gpac | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| The binary MP4Box in GPAC v1.1.0 was discovered to contain an invalid free vulnerability via the function gf_free () at utils/alloc.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46238 | 1 Gpac | 1 Gpac | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| GPAC v1.1.0 was discovered to contain a stack overflow via the function gf_node_get_name () at scenegraph/base_scenegraph.c. This vulnerability can lead to a program crash, causing a Denial of Service (DoS). | |||||
| CVE-2021-46237 | 1 Gpac | 1 Gpac | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| An untrusted pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46236 | 1 Gpac | 1 Gpac | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_sg_vrml_field_pointer_del () at scenegraph/vrml_tools.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-46234 | 1 Gpac | 1 Gpac | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference vulnerability exists in GPAC v1.1.0 via the function gf_node_unregister () at scenegraph/base_scenegraph.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2022-22892 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_is_value_undefined (value) || ecma_is_value_null (value) || ecma_is_value_boolean (value) || ecma_is_value_number (value) || ecma_is_value_string (value) || ecma_is_value_bigint (value) || ecma_is_value_symbol (value) || ecma_is_value_object (value)' failed at jerry-core/ecma/base/ecma-helpers-value.c in Jerryscripts 3.0.0. | |||||
| CVE-2022-22891 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jerryscript 3.0.0 was discovered to contain a SEGV vulnerability via ecma_ref_object_inline in /jerry-core/ecma/base/ecma-gc.c. | |||||
| CVE-2022-22890 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 5.0 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'arguments_type != SCANNER_ARGUMENTS_PRESENT && arguments_type != SCANNER_ARGUMENTS_PRESENT_NO_REG' failed at /jerry-core/parser/js/js-scanner-util.c in Jerryscript 3.0.0. | |||||
| CVE-2021-33966 | 1 Spotweb Project | 1 Spotweb | 2022-01-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. | |||||
| CVE-2021-46351 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0. | |||||
| CVE-2021-46350 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_is_value_object (value)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-value.c in JerryScript 3.0.0. | |||||
| CVE-2021-46349 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'type == ECMA_OBJECT_TYPE_GENERAL || type == ECMA_OBJECT_TYPE_PROXY' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0. | |||||
| CVE-2021-46348 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ECMA_STRING_IS_REF_EQUALS_TO_ONE (string_p)' failed at /jerry-core/ecma/base/ecma-literal-storage.c in JerryScript 3.0.0. | |||||
| CVE-2021-46347 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_object_check_class_name_is_object (obj_p)' failed at /jerry-core/ecma/operations/ecma-objects.c in JerryScript 3.0.0. | |||||
| CVE-2021-46346 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'local_tza == ecma_date_local_time_zone_adjustment (date_value)' failed at /jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c(ecma_builtin_date_prototype_dispatch_set):421 in JerryScript 3.0.0. | |||||
| CVE-2021-46345 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'cesu8_cursor_p == cesu8_end_p' failed at /jerry-core/lit/lit-strings.c in JerryScript 3.0.0. | |||||
| CVE-2021-46327 | 1 Moddable | 1 Moddable Sdk | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsArray.c in fx_Array_prototype_sort. | |||||
| CVE-2021-46344 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'flags & PARSER_PATTERN_HAS_REST_ELEMENT' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0. | |||||
| CVE-2021-46343 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'context_p->token.type == LEXER_LITERAL' failed at /jerry-core/parser/js/js-parser-expr.c in JerryScript 3.0.0. | |||||
| CVE-2021-46322 | 1 Duktape Project | 1 Duktape | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Duktape v2.99.99 was discovered to contain a SEGV vulnerability via the component duk_push_tval in duktape/duk_api_stack.c. | |||||
| CVE-2021-46342 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_is_lexical_environment (obj_p) || !ecma_op_object_is_fast_array (obj_p)' failed at /jerry-core/ecma/base/ecma-helpers.c in JerryScript 3.0.0. | |||||
| CVE-2021-46340 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'context_p->stack_top_uint8 == SCAN_STACK_TRY_STATEMENT || context_p->stack_top_uint8 == SCAN_STACK_CATCH_STATEMENT' failed at /parser/js/js-scanner.c(scanner_scan_statement_end) in JerryScript 3.0.0. | |||||
| CVE-2021-46339 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at /base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8) in JerryScript 3.0.0. | |||||
| CVE-2021-46338 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 5.0 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'ecma_is_lexical_environment (object_p)' failed at /base/ecma-helpers.c(ecma_get_lex_env_type) in JerryScript 3.0.0. | |||||
| CVE-2021-46337 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser-mem.c(parser_list_get) in JerryScript 3.0.0. | |||||
| CVE-2021-46331 | 1 Moddable | 1 Moddable Sdk | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsProxy.c in fxProxyGetPrototype. | |||||
| CVE-2021-46329 | 1 Moddable | 1 Moddable Sdk | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via the component _fini. | |||||
| CVE-2021-46336 | 1 Jerryscript | 1 Jerryscript | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /parser/js/js-parser-expr.c(parser_parse_class_body) in JerryScript 3.0.0. | |||||
| CVE-2022-22179 | 1 Juniper | 1 Junos | 2022-01-26 | 2.9 LOW | 6.5 MEDIUM |
| A Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker to cause a crash of jdhcpd and thereby a Denial of Service (DoS). In a scenario where DHCP relay or local server is configured the problem can be triggered if a DHCPv4 packet with specific options is received leading to a corruption of the options read from the packet. This corruption can then lead to jdhcpd crash and restart. This issue affects: Juniper Networks Junos OS 17.4R1 and later versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S2; 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2, 21.2R3; 21.3 versions prior to 21.3R1-S1, 21.3R2. | |||||
| CVE-2021-46330 | 1 Moddable | 1 Moddable Sdk | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Moddable SDK v11.5.0 was discovered to contain a SEGV vulnerability via xs/sources/xsDataView.c in fx_ArrayBuffer_prototype_concat. | |||||
| CVE-2021-46335 | 1 Moddable | 1 Moddable Sdk | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Moddable SDK v11.5.0 was discovered to contain a NULL pointer dereference in the component fx_Function_prototype_hasInstance. | |||||
| CVE-2021-46333 | 1 Moddable | 1 Moddable Sdk | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Moddable SDK v11.5.0 was discovered to contain an invalid memory access vulnerability via the component __asan_memmove. | |||||
| CVE-2021-32039 | 1 Mongodb | 1 Mongodb | 2022-01-26 | 2.1 LOW | 5.5 MEDIUM |
| Users with appropriate file access may be able to access unencrypted user credentials saved by MongoDB Extension for VS Code in a binary file. These credentials may be used by malicious attackers to perform unauthorized actions. This vulnerability affects all MongoDB Extension for VS Code including and prior to version 0.7.0 | |||||
| CVE-2021-29785 | 2 Ibm, Linux | 2 Soar, Linux Kernel | 2022-01-26 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security SOAR V42 and V43could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 203169. | |||||
| CVE-2022-22176 | 1 Juniper | 1 Junos | 2022-01-26 | 2.9 LOW | 6.5 MEDIUM |
| An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If option-82 is configured in a DHCP snooping / -security scenario, jdhcpd crashes if a specific malformed DHCP request packet is received. The DHCP functionality is impacted while jdhcpd restarts, and continued exploitation of the vulnerability will lead to the unavailability of the DHCP service and thereby a sustained DoS. This issue affects Juniper Networks Junos OS 13.2 version 13.2R1 and later versions prior to 15.1R7-S11; 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R2-S9, 18.4R3-S10; 19.1 versions prior to 19.1R2-S3, 19.1R3-S7; 19.2 versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R2-S7, 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S3; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2. This issue does not affect Juniper Networks Junos OS version 12.3R12 and prior versions. | |||||
| CVE-2022-21683 | 1 Torchbox | 1 Wagtail | 2022-01-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| Wagtail is a Django based content management system focused on flexibility and user experience. When notifications for new replies in comment threads are sent, they are sent to all users who have replied or commented anywhere on the site, rather than only in the relevant threads. This means that a user could listen in to new comment replies on pages they have not have editing access to, as long as they have left a comment or reply somewhere on the site. A patched version has been released as Wagtail 2.15.2, which restores the intended behaviour - to send notifications for new replies to the participants in the active thread only (editing permissions are not considered). New comments can be disabled by setting `WAGTAILADMIN_COMMENTS_ENABLED = False` in the Django settings file. | |||||
| CVE-2022-22168 | 1 Juniper | 3 Junos, Mx150, Vmx | 2022-01-26 | 6.1 MEDIUM | 6.5 MEDIUM |
| An Improper Validation of Specified Type of Input vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated adjacent attacker to trigger a Missing Release of Memory after Effective Lifetime vulnerability. Continued exploitation of this vulnerability will eventually lead to an FPC reboot and thereby a Denial of Service (DoS). This issue affects: Juniper Networks Junos OS on vMX and MX150: All versions prior to 19.2R1-S8, 19.2R3-S4; 19.3 versions prior to 19.3R3-S5; 19.4 versions prior to 19.4R2-S5, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R1-S1, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. | |||||
| CVE-2022-22166 | 1 Juniper | 1 Junos | 2022-01-26 | 3.3 LOW | 6.5 MEDIUM |
| An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. | |||||
| CVE-2022-0219 | 1 Jadx Project | 1 Jadx | 2022-01-26 | 4.3 MEDIUM | 5.5 MEDIUM |
| Improper Restriction of XML External Entity Reference in GitHub repository skylot/jadx prior to 1.3.2. | |||||
| CVE-2022-0277 | 1 Microweber | 1 Microweber | 2022-01-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Improper Access Control in Packagist microweber/microweber prior to 1.2.11. | |||||
| CVE-2022-22733 | 1 Apache | 1 Shardingsphere Elasticjob-ui | 2022-01-26 | 4.0 MEDIUM | 6.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache ShardingSphere ElasticJob-UI allows an attacker who has guest account to do privilege escalation. This issue affects Apache ShardingSphere ElasticJob-UI Apache ShardingSphere ElasticJob-UI 3.x version 3.0.0 and prior versions. | |||||
| CVE-2022-0285 | 1 Pimcore | 1 Pimcore | 2022-01-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in Packagist pimcore/pimcore prior to 10.2.9. | |||||
| CVE-2022-22155 | 1 Juniper | 2 Acx5448, Junos | 2022-01-26 | 3.3 LOW | 6.5 MEDIUM |
| An Uncontrolled Resource Consumption vulnerability in the handling of IPv6 neighbor state change events in Juniper Networks Junos OS allows an adjacent attacker to cause a memory leak in the Flexible PIC Concentrator (FPC) of an ACX5448 router. The continuous flapping of an IPv6 neighbor with specific timing will cause the FPC to run out of resources, leading to a Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition, requiring a manual PFE restart to restore service. The following error messages will be seen after the FPC resources have been exhausted: fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 fpc0 DNX_NH::dnx_nh_tag_ipv4_hw_install(),3135: dnx_nh_tag_ipv4_hw_install: BCM L3 Egress create object failed for NH 602 (-14:No resources for operation), BCM NH Params: unit:0 Port:41, L3_INTF:0 Flags: 0x40 This issue only affects the ACX5448 router. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS on ACX5448: 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S8, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. | |||||
| CVE-2022-0183 | 1 Kingjim | 4 Mirupass Pw10, Mirupass Pw10 Firmware, Mirupass Pw20 and 1 more | 2022-01-26 | 2.1 LOW | 4.6 MEDIUM |
| Missing encryption of sensitive data vulnerability in 'MIRUPASS' PW10 firmware all versions and 'MIRUPASS' PW20 firmware all versions allows an attacker who can physically access the device to obtain the stored passwords. | |||||
| CVE-2021-34402 | 2 Google, Nvidia | 2 Android, Shield Experience | 2022-01-26 | 4.6 MEDIUM | 6.7 MEDIUM |
| NVIDIA Tegra kernel driver contains a vulnerability in NVIDIA NVDEC, where a user with high privileges might be able to read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service, Information disclosure, loss of Integrity, or possible escalation of privileges. | |||||
| CVE-2022-21700 | 1 Objectcomputing | 1 Micronaut | 2022-01-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| Micronaut is a JVM-based, full stack Java framework designed for building JVM web applications with support for Java, Kotlin and the Groovy language. In affected versions sending an invalid Content Type header leads to memory leak in DefaultArgumentConversionContext as this type is erroneously used in static state. ### Impact Sending an invalid Content Type header leads to memory leak in `DefaultArgumentConversionContext` as this type is erroneously used in static state. ### Patches The problem is patched in Micronaut 3.2.7 and above. ### Workarounds The default content type binder can be replaced in an existing Micronaut application to mitigate the issue: ```java package example; import java.util.List; import io.micronaut.context.annotation.Replaces; import io.micronaut.core.convert.ConversionService; import io.micronaut.http.MediaType; import io.micronaut.http.bind.DefaultRequestBinderRegistry; import io.micronaut.http.bind.binders.RequestArgumentBinder; import jakarta.inject.Singleton; @Singleton @Replaces(DefaultRequestBinderRegistry.class) class FixedRequestBinderRegistry extends DefaultRequestBinderRegistry { public FixedRequestBinderRegistry(ConversionService conversionService, List<RequestArgumentBinder> binders) { super(conversionService, binders); } @Override protected void registerDefaultConverters(ConversionService<?> conversionService) { super.registerDefaultConverters(conversionService); conversionService.addConverter(CharSequence.class, MediaType.class, charSequence -> { try { return MediaType.of(charSequence); } catch (IllegalArgumentException e) { return null; } }); } } ``` ### References Commit that introduced the vulnerability https://github.com/micronaut-projects/micronaut-core/commit/b8ec32c311689667c69ae7d9f9c3b3a8abc96fe3 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Micronaut Core](https://github.com/micronaut-projects/micronaut-core/issues) * Email us at [info@micronaut.io](mailto:info@micronaut.io) | |||||
| CVE-2022-23083 | 1 Broadcom | 2 Netmaster File Transfer Management, Netmaster Network Management For Tcp\/ip | 2022-01-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| NetMaster 12.2 Network Management for TCP/IP and NetMaster File Transfer Management contain a XSS (Cross-Site Scripting) vulnerability in ReportCenter UI due to insufficient input validation that could potentially allow an attacker to execute code on the affected machine. | |||||