CVE-2022-28649
In JetBrains YouTrack before 2022.1.43563 it was possible to include an iframe from a third-party domain in the issue description
Source: CVE-2022-28649
[월:] 2022년 04월
CVE-2022-26630
CVE-2022-26630
Jellycms v3.8.1 and below was discovered to contain an arbitrary file upload vulnerability via app.adminControllersdb.php.
Source: CVE-2022-26630
CVE-2022-28648
CVE-2022-28648
In JetBrains YouTrack before 2022.1.43563 HTML code from the issue description was being rendered
Source: CVE-2022-28648
CVE-2022-22355
CVE-2022-22355
IBM MQ Appliance 9.2 CD and 9.2 LTS are vulnerable to a denial of service in the Login component of the application which could allow an attacker to cause a drop in performance.
Source: CVE-2022-22355
CVE-2022-26635
CVE-2022-26635
PHP-Memcached v2.2.0 and below contains an improper NULL termination which allows attackers to execute CLRF injection.
Source: CVE-2022-26635
CVE-2022-22356
CVE-2022-22356
IBM MQ Appliance 9.2 CD and 9.2 LTS could allow an attacker to enumerate account credentials due to an observable discrepancy in valid and invalid login attempts. IBM X-Force ID: 220487.
Source: CVE-2022-22356
CVE-2022-27462
CVE-2022-27462
Cross Site Scripting (XSS) vulnerability in objects/function.php in function getDeviceID in WWBN AVideo through 11.6, via the yptDevice parameter to view/include/head.php.
Source: CVE-2022-27462
CVE-2022-27463
CVE-2022-27463
Open redirect vulnerability in objects/login.json.php in WWBN AVideo through 11.6, allows attackers to arbitrarily redirect users from a crafted url to the login page.
Source: CVE-2022-27463
CVE-2022-24795
CVE-2022-24795
yajl-riuby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution to be unlikely. A patch is available and anticipated to be part of version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
Source: CVE-2022-24795
CVE-2022-0602
CVE-2022-0602
Cross-site Scripting (XSS) – DOM in GitHub repository tastyigniter/tastyigniter prior to 3.3.0.
Source: CVE-2022-0602