CVE-2022-1648
Pandora FMS v7.0NG.760 and below allows a relative path traversal in File Manager where a privileged user could upload a .php file outside the intended images directory which is restricted to execute the .php file. The impact could lead to a Remote Code Execution with running application privilege.
Source: CVE-2022-1648
CVE-2022-36412
In Zoho ManageEngine SupportCenter Plus before 11023, V3 API requests are vulnerable to authentication bypass. (An API request may, in effect, be executed with the credentials of a user who authenticated in the past.)
Source: CVE-2022-36412
CVE-2022-34988
Inout Blockchain AltExchanger v1.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/js.
Source: CVE-2022-34988
CVE-2022-34067
Warehouse Management System v1.0 was discovered to contain a SQL injection vulnerability via the cari parameter.
Source: CVE-2022-34067
CVE-2022-34989
Fruits Bazar v1.0 was discovered to contain a SQL injection vulnerability via the recover_email parameter at user_password_recover.php.
Source: CVE-2022-34989
CVE-2022-34991
Paymoney v3.3 was discovered to contain multiple reflected cross-site scripting (XSS) vulnerabilities via the first_name and last_name parameters.
Source: CVE-2022-34991
CVE-2022-33745
insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.
Source: CVE-2022-33745
CVE-2022-36161
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
Source: CVE-2022-36161
CVE-2021-33453
An issue was discovered in lrzip version 0.641. There is a use-after-free in ucompthread() in stream.c:1538.
Source: CVE-2021-33453
CVE-2021-33452
An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.
Source: CVE-2021-33452