CVE-2022-22332
IBM Sterling Partner Engagement Manager 6.2.0 could allow an attacker to impersonate another user due to missing revocation mechanism for the JWT token. IBM X-Force ID: 219131.
Source: CVE-2022-22332
[월:] 2022년 04월
CVE-2022-21235
CVE-2022-21235
The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.
Source: CVE-2022-21235
CVE-2021-44135
CVE-2021-44135
pagekit all versions, as of 15-10-2021, is vulnerable to SQL Injection via Comment listing.
Source: CVE-2021-44135
CVE-2022-24181
CVE-2022-24181
Cross-site scripting (XSS) via Host Header injection in PKP Open Journals System 2.4.8 >= 3.3 allows remote attackers to inject arbitary code via the X-Forwarded-Host Header.
Source: CVE-2022-24181
CVE-2021-46443
CVE-2021-46443
Spoofer 1.4.6 suffers from unquoted service paths vulnerability. An attacker as a low privileged local user can hijack the execution flow of the application to escalate privileges by inserting a malicious executable in a higher level directory with the vulnerable path.
Source: CVE-2021-46443
CVE-2022-21947
CVE-2022-21947
A Improper Access Control vulnerability in Rancher Desktop of SUSE allows attackers in the local network to connect to the Dashboard API (steve) to carry out arbitrary actions. This issue affects: SUSE Rancher Desktop versions prior to V.
Source: CVE-2022-21947
CVE-2022-25017
CVE-2022-25017
Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.
Source: CVE-2022-25017
CVE-2021-35115
CVE-2021-35115
Improper handling of multiple session supported by PVM backend can lead to use after free in Snapdragon Auto, Snapdragon Mobile
Source: CVE-2021-35115
CVE-2021-35103
CVE-2021-35103
Possible out of bound write due to improper validation of number of timer values received from firmware while syncing timers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
Source: CVE-2021-35103
CVE-2021-1950
CVE-2021-1950
Improper cleaning of secure memory between authenticated users can lead to face authentication bypass in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
Source: CVE-2021-1950