CVE-2016-20014
In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.
Source: CVE-2016-20014
[월:] 2022년 04월
CVE-2022-29548
CVE-2022-29548
A reflected XSS issue exists in the Management Console of several WSO2 products. This affects API Manager 2.2.0, 2.5.0, 2.6.0, 3.0.0, 3.1.0, 3.2.0, and 4.0.0; API Manager Analytics 2.2.0, 2.5.0, and 2.6.0; API Microgateway 2.2.0; Data Analytics Server 3.2.0; Enterprise Integrator 6.2.0, 6.3.0, 6.4.0, 6.5.0, and 6.6.0; IS as Key Manager 5.5.0, 5.6.0, 5.7.0, 5.9.0, and 5.10.0; Identity Server 5.5.0, 5.6.0, 5.7.0, 5.9.0, 5.10.0, and 5.11.0; Identity Server Analytics 5.5.0 and 5.6.0; and WSO2 Micro Integrator 1.0.0.
Source: CVE-2022-29548
CVE-2022-29547
CVE-2022-29547
The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised (or blocked) user being able to edit a page.
Source: CVE-2022-29547
CVE-2022-27925
CVE-2022-27925
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 has mboximport functionality that receives a ZIP archive and extracts files from it. An authenticated user with administrator rights has the ability to upload arbitrary files to the system, leading to directory traversal.
Source: CVE-2022-27925
CVE-2022-27924
CVE-2022-27924
Zimbra Collaboration (aka ZCS) 8.8.15 and 9.0 allows an unauthenticated attacker to inject arbitrary memcache commands into a targeted instance. These memcache commands becomes unescaped, causing an overwrite of arbitrary cached entries.
Source: CVE-2022-27924
CVE-2022-27926
CVE-2022-27926
A reflected cross-site scripting (XSS) vulnerability in the /public/launchNewWindow.jsp component of Zimbra Collaboration (aka ZCS) 9.0 allows unauthenticated attackers to execute arbitrary web script or HTML via request parameters.
Source: CVE-2022-27926
CVE-2022-29528
CVE-2022-29528
An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.
Source: CVE-2022-29528
CVE-2022-29537
CVE-2022-29537
gp_rtp_builder_do_hevc in ietf/rtp_pck_mpeg4.c in GPAC 2.0.0 has a heap-based buffer over-read, as demonstrated by MP4Box.
Source: CVE-2022-29537
CVE-2022-29529
CVE-2022-29529
An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.
Source: CVE-2022-29529
CVE-2022-29530
CVE-2022-29530
An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.
Source: CVE-2022-29530