CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Source: CVE-2022-23808

CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

Source: CVE-2022-23807

CVE-2022-21708

graphql-go is a GraphQL server with a focus on ease of use. In versions prior to 1.3.0 there exists a DoS vulnerability that is possible due to a bug in the library that would allow an attacker with specifically designed queries to cause stack overflow panics. Any user with access to the GraphQL handler can send these queries and cause stack overflows. This in turn could potentially compromise the ability of the server to serve data to its users. The issue has been patched in version `v1.3.0`. The only known workaround for this issue is to disable the `graphql.MaxDepth` option from your schema which is not recommended.

Source: CVE-2022-21708

CVE-2022-23363

Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via index.php.

Source: CVE-2022-23363

CVE-2022-23364

HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php.

Source: CVE-2022-23364

CVE-2022-23365

HMS v1.0 was discovered to contain a SQL injection vulnerability via doctorlogin.php.

Source: CVE-2022-23365

CVE-2022-21707

wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. In versions prior to 0.52.2 actors can bypass capability authorization. Actors are normally required to declare their capabilities for inbound invocations, but with this vulnerability actor capability claims are not verified upon receiving invocations. This compromises the security model for actors as they can receive unauthorized invocations from linked capability providers. The problem has been patched in versions `0.52.2` and greater. There is no workaround and users are advised to upgrade to an unaffected version as soon as possible.

Source: CVE-2022-21707

CVE-2022-23366

HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.

Source: CVE-2022-23366

CVE-2021-39480

Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).

Source: CVE-2021-39480

CVE-2021-46313

The binary MP4Box in GPAC v1.0.1 was discovered to contain a segmentation fault via the function __memmove_avx_unaligned_erms (). This vulnerability can lead to a Denial of Service (DoS).

Source: CVE-2021-46313