CVE-2022-23852
Expat (aka libexpat) before 2.4.4 has a signed integer overflow in XML_GetBuffer, for configurations with a nonzero XML_CONTEXT_BYTES.
Source: CVE-2022-23852
[월:] 2022년 01월
CVE-2022-23855
CVE-2022-23855
An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication bypass in ECM/maintenance/forgotpasswordstep1 allows an unauthenticated user to reset passwords and login as any local account.
Source: CVE-2022-23855
CVE-2021-39293
CVE-2021-39293
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.
Source: CVE-2021-39293
CVE-2021-30636
CVE-2021-30636
In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.
Source: CVE-2021-30636
CVE-2021-26706
CVE-2021-26706
An issue was discovered in lib_mem.c in Micrium uC/OS uC/LIB 1.38.x and 1.39.00. The following memory allocation functions do not check for integer overflow when allocating a pool whose size exceeds the address space: Mem_PoolCreate, Mem_DynPoolCreate, and Mem_DynPoolCreateHW. Because these functions use multiplication to calculate the pool sizes, the operation may cause an integer overflow if the arguments are large enough. The resulting memory pool will be smaller than expected and may be exploited by an attacker.
Source: CVE-2021-26706
CVE-2021-45380
CVE-2021-45380
AppCMS 2.0.101 has a XSS injection vulnerability in templatesminc_head.php
Source: CVE-2021-45380
CVE-2021-46024
CVE-2021-46024
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.
Source: CVE-2021-46024
CVE-2022-23850
CVE-2022-23850
xhtml_translate_entity in xhtml.c in epub2txt (aka epub2txt2) through 2.02 allows a stack-based buffer overflow via a crafted EPUB document.
Source: CVE-2022-23850
CVE-2021-4103
CVE-2021-4103
Cross-site Scripting (XSS) – Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
Source: CVE-2021-4103
CVE-2021-4172
CVE-2021-4172
Cross-site Scripting (XSS) – Stored in GitHub repository star7th/showdoc prior to 2.10.2.
Source: CVE-2021-4172