CVE-2021-38946
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.
Source: CVE-2021-38946
CVE-2022-29583
service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory.
Source: CVE-2022-29583
CVE-2022-29582
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently.
Source: CVE-2022-29582
CVE-2020-14123
There is a pointer double free vulnerability in Some MIUI Services. When a function is called, the memory pointer is copied to two function modules, and an attacker can cause the pointer to be repeatedly released through malicious operations, resulting in the affected module crashing and affecting normal functionality, and if successfully exploited the vulnerability can cause elevation of privileges.
Source: CVE-2020-14123
CVE-2021-36203
A vulnerability in all versions of SCT/SCT Pro prior to version 14.2.2 allows a remote unauthenticated attacker to identify and forge requests to internal systems via a specially crafted request allowing the attacker to determine if specific files or paths exist. This issue affects all versions of SCT/SCT Pro prior to version 14.2.2.
Source: CVE-2021-36203
CVE-2021-32929
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user.
Source: CVE-2021-32929
CVE-2022-1437
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash.
Source: CVE-2022-1437
CVE-2021-32927
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker.
Source: CVE-2021-32927
CVE-2022-27404
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face.
Source: CVE-2022-27404
CVE-2022-27405
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request.
Source: CVE-2022-27405