CVE-2021-4300

A vulnerability has been found in ghostlander Halcyon and classified as critical. Affected by this vulnerability is the function CBlock::AddToBlockIndex of the file src/main.cpp of the component Block Verification. The manipulation leads to improper access controls. The attack can be launched remotely. Upgrading to version 1.1.1.0-hal is able to address this issue. The name of the patch is 0675b25ae9cc10b5fdc8ea3a32c642979762d45e. It is recommended to upgrade the affected component. The identifier VDB-217417 was assigned to this vulnerability.

Source: CVE-2021-4300

CVE-2022-48217

** DISPUTED ** The tf_remapper_node component 1.1.1 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot’s behavior. This occurs because a topic name depends on the attacker-controlled old_tf_topic_name and/or new_tf_topic_name parameter. NOTE: the vendor’s position is "it is the responsibility of the programmer to make sure that only known and required parameters are set and unexpected parameters are not."

Source: CVE-2022-48217

CVE-2023-0054

Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145.

Source: CVE-2023-0054

CVE-2022-45049

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim’s browser. The url parameter on the novelist.php endpoint does not properly neutralise user input, resulting in the vulnerability.

Source: CVE-2022-45049

CVE-2022-45052

A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient neutralisation of user input on the url parameter on the imageProxy.type.php endpoint, external users are capable of accessing files on the server.

Source: CVE-2022-45052

CVE-2022-45051

A reflected XSS vulnerability has been found in Axiell Iguana CMS, allowing an attacker to execute code in a victim’s browser. The module parameter on the Service.template.cls endpoint does not properly neutralise user input, resulting in the vulnerability.

Source: CVE-2022-45051

CVE-2023-0051

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144.

Source: CVE-2023-0051

CVE-2022-43920

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362.

Source: CVE-2022-43920

CVE-2022-46456

NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.

Source: CVE-2022-46456

CVE-2022-25926

Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization.

Source: CVE-2022-25926