Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the order_by parameter. Date published : 2022-01-31 https://github.com/CuppaCMS/CuppaCMS/issues/17 https://github.com/truonghuuphuc/CVE
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/menu/ via the path=component/menu/&menu_filter=3 parameter. Date published : 2022-01-31 https://github.com/CuppaCMS/CuppaCMS/issues/14 https://github.com/truonghuuphuc/CVE
Cuppa CMS v1.0 was discovered to contain a SQL injection vulnerability in /administrator/components/table_manager/ via the search_word parameter. Date published : 2022-01-31 https://github.com/CuppaCMS/CuppaCMS/issues/13 https://github.com/truonghuuphuc/CVE
Hospital Management System v4.0 was discovered to contain a SQL injection vulnerability in /Hospital-Management-System-master/func.php via the email parameter. Date published : 2022-01-31 http://packetstormsecurity.com/files/165882/Hospital-Management-System-4.0-SQL-Injection.html https://github.com/kishan0725/Hospital-Management-System/issues/17
xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. Date published : 2022-01-31 https://invisible-island.net/xterm/xterm.log.html 100% reproducible XTerm crash whoops! pic.twitter.com/YPT8GQkyiU...
Emlog pro v1.1.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /admin/configure.php via the parameter footer_info. Date published : 2022-01-31 https://github.com/emlog/emlog/issues/147 https://github.com/truonghuuphuc/CVE
The Logs plugin before 3.0.4 for Craft CMS allows remote attackers to read arbitrary files via input to actionStream in Controller.php. Date published : 2022-01-31 http://packetstormsecurity.com/files/165706/Ethercreative-Logs-3.0.3-Path-Traversal.html https://plugins.craftcms.com/logs
Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing...
Business Logic Errors in Packagist dolibarr/dolibarr prior to 16.0. Date published : 2022-01-31 https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f https://github.com/dolibarr/dolibarr/commit/37fb02ee760cfff18c795ba468da1ba1c53f4684
A flaw was found in the Linux kernel. A null pointer dereference in bond_ipsec_add_sa() may lead to local denial of service. Date published : 2022-01-31 https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=105cd17a866017b45f3c45901b394c711c97bf40 https://syzkaller.appspot.com/bug?id=160f641886d88bf11cbf1236cc4db994bb210626
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the BIGINT data type is used. Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-25638
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-25787
MariaDB before 10.6.5 has a sql_lex.cc integer overflow, leading to an application crash. Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-26350
MariaDB before 10.6.2 allows an application crash because of mishandling of a pushdown from a HAVING clause to a WHERE clause. Date published : 2022-01-31 https://jira.mariadb.org/browse/MDEV-25635