CVE-2021-45900

Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the administration configuration web portlet, a VIVOH_AUTH cookie is assigned so that they can be uniquely identified. Certain APIs can be successfully executed without proper authentication. This can let an attacker impersonate as victim and make state changing requests on their behalf.

Source: CVE-2021-45900

CVE-2021-38362

In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to a REST API endpoint that is vulnerable to an Insecure Direct Object Reference (IDOR) issue and retrieve sensitive data.

Source: CVE-2021-38362

CVE-2022-24763

PJSIP is a free and open source multimedia communication library written in the C language. Versions 2.12 and prior contain a denial-of-service vulnerability that affects PJSIP users that consume PJSIP’s XML parsing in their apps. Users are advised to update. There are no known workarounds.

Source: CVE-2022-24763

CVE-2021-40644

An SQL Injection vulnerability exists in oasys oa_system as of 9/7/2021 in resources/mappers/notice-mapper.xml.

Source: CVE-2021-40644

CVE-2021-40645

An SQL Injection vulnerability exists in glorylion JFinalOA as of 9/7/2021 in the defkey parameter getHaveDoneTaskDataList method of the FlowTaskController.

Source: CVE-2021-40645

CVE-2021-45031

A vulnerability in MEPSAN’s USC+ before version 3.0 has a weakness in login function which lets attackers to generate high privileged accounts passwords.

Source: CVE-2021-45031

CVE-2019-9564

A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to bypass login and control the devices.
This issue affects:
Wyze Cam Pan v2
versions prior to 4.49.1.47.
Wyze Cam v2
versions prior to 4.9.8.1002.
Wyze Cam v3
versions prior to 4.36.8.32.

Source: CVE-2019-9564

CVE-2019-12266

Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.

Source: CVE-2019-12266

CVE-2022-1160

heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.

Source: CVE-2022-1160

CVE-2022-24135

QingScan 1.3.0 is affected by Cross Site Scripting (XSS) vulnerability in all search functions.

Source: CVE-2022-24135