CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Source: CVE-2021-35939
CVE-2021-3574
A vulnerability was found in ImageMagick-7.0.11-5, where executing a crafted file with the convert command, ASAN detects memory leaks.
Source: CVE-2021-3574
CVE-2021-3427
The Deluge Web-UI is vulnerable to XSS through a crafted torrent file. The the data from torrent files is not properly sanitised as it’s interpreted directly as HTML. Someone who supplies the user with a malicious torrent file can execute arbitrary Javascript code in the context of the user’s browser session.
Source: CVE-2021-3427
CVE-2021-3414
A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data confidentiality.
Source: CVE-2021-3414
CVE-2022-36521
Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add administrator accounts.
Source: CVE-2022-36521
CVE-2022-36682
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_student.
Source: CVE-2022-36682
CVE-2022-36681
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_account.
Source: CVE-2022-36681
CVE-2022-36678
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=delete_category.
Source: CVE-2022-36678
CVE-2022-37151
There is an unauthorized access vulnerability in Online Diagnostic Lab Management System 1.0.
Source: CVE-2022-37151
CVE-2021-39393
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.
Source: CVE-2021-39393