CVE-2021-35464
ForgeRock AM server 6.x before 7, and OpenAM 14.6.3, has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages. The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted /ccversion/Version request to the server. The vulnerability exists due to incorrect usage of Sun ONE Application Framework (JATO).
Source: CVE-2021-35464
CVE-2021-35942
The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations.
Source: CVE-2021-35942
CVE-2021-35063
Suricata before 5.0.7 and 6.x before 6.0.3 has a "critical evasion."
Source: CVE-2021-35063
CVE-2021-36222
ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation.
Source: CVE-2021-36222
CVE-2021-26226
SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.
Source: CVE-2021-26226
CVE-2020-36033
SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php.
Source: CVE-2020-36033
CVE-2018-11661
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Source: CVE-2018-11661
CVE-2018-11659
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none.
Source: CVE-2018-11659
CVE-2015-2099
Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control.
Source: CVE-2015-2099
CVE-2015-2100
Multiple stack-based buffer overflows in WebGate eDVR Manager and Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) TCPDiscover or (2) TCPDiscover2 function in the WESPDiscovery.WESPDiscoveryCtrl.1 control.
Source: CVE-2015-2100