CVE-2022-23303

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.

Source: CVE-2022-23303

CVE-2021-4170

calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)

Source: CVE-2021-4170

CVE-2022-0235

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Source: CVE-2022-0235

CVE-2022-0238

phoronix-test-suite is vulnerable to Cross-Site Request Forgery (CSRF)

Source: CVE-2022-0238

CVE-2021-44537

ownCloud owncloud/client before 2.9.2 allows Resource Injection by a server into the desktop client via a URL, leading to remote code execution.

Source: CVE-2021-44537

CVE-2021-33828

The files_antivirus component before 1.0.0 for ownCloud mishandles the protection mechanism by which malicious files (that have been uploaded to a public share) are supposed to be deleted upon detection.

Source: CVE-2021-33828

CVE-2021-33827

The files_antivirus component before 1.0.0 for ownCloud allows OS Command Injection via the administration settings.

Source: CVE-2021-33827

CVE-2021-42555

Pexip Infinity before 26.2 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

Source: CVE-2021-42555

CVE-2021-35969

Pexip Infinity before 26 allows temporary remote Denial of Service (abort) because of missing call-setup input validation.

Source: CVE-2021-35969

CVE-2021-33498

Pexip Infinity before 26 allows remote denial of service because of missing H.264 input validation (issue 1 of 2).

Source: CVE-2021-33498