CVE-2021-22724
A CVE-352 Cross-Site Request Forgery (CSRF) vulnerability exists that could allow an attacker to impersonate the user or carry out actions on their behalf when crafted malicious parameters are submitted in POST requests sent...
Monthly Archive: January 2022
CVE-2022-23181
The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local...
CVE-2022-22828
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. Date published : 2022-01-27 https://github.com/videnlabs/CVE-2022-22828/ https://web.synametrics.com/SynamanVersionHistory.htm
CVE-2022-0387
Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. Date published : 2022-01-27 https://huntr.dev/bounties/2e09035b-8f98-4930-b7e8-7abe5f722b98 https://github.com/livehelperchat/livehelperchat/commit/ff70c7dd641b68b9afb170b89ec1ef003a4e3444
CVE-2022-0372
Cross-site Scripting (XSS) – Stored in Packagist bytefury/crater prior to 6.0.2. Date published : 2022-01-27 https://huntr.dev/bounties/563232b9-5a93-4f4d-8389-ed805b262ef1 https://github.com/crater-invoice/crater/commit/cdc913d16cf624aee852bc9163a7c6ffc8d1da9d
CVE-2022-0370
Cross-site Scripting (XSS) – Stored in Packagist remdex/livehelperchat prior to 3.93v. Date published : 2022-01-27 https://huntr.dev/bounties/fbe4b376-57ce-42cd-a9a9-049c4099b3ca https://github.com/livehelperchat/livehelperchat/commit/9f5bc33c943349bd765b991db0b7f6b6ef05cfdb
CVE-2022-0348
Cross-site Scripting (XSS) – Stored in Packagist pimcore/pimcore prior to 10.2. Date published : 2022-01-27 https://huntr.dev/bounties/250e79be-7e5d-4ba3-9c34-655e39ade2f4 https://github.com/pimcore/pimcore/commit/832c34aeb9f21f213295a0c28377132df996352a
CVE-2021-46556
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_bcode_insert_offset at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS). Date published : 2022-01-27 https://github.com/cesanta/mjs/issues/227
CVE-2021-46554
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_json_stringify at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS). Date published : 2022-01-27 https://github.com/cesanta/mjs/issues/229
CVE-2021-46553
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via mjs_set_internal at src/mjs_object.c. This vulnerability can lead to a Denial of Service (DoS). Date published : 2022-01-27 https://github.com/cesanta/mjs/issues/226
CVE-2021-46550
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via free_json_frame at src/mjs_json.c. This vulnerability can lead to a Denial of Service (DoS). Date published : 2022-01-27 https://github.com/cesanta/mjs/issues/230
CVE-2021-46549
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via parse_cval_type at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS). Date published : 2022-01-27 https://github.com/cesanta/mjs/issues/224
CVE-2021-46548
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via add_lineno_map_item at src/mjs_bcode.c. This vulnerability can lead to a Denial of Service (DoS). Date published : 2022-01-27 https://github.com/cesanta/mjs/issues/228
CVE-2021-46547
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via /usr/local/bin/mjs+0x2c17e. This vulnerability can lead to a Denial of Service (DoS). Date published : 2022-01-27 https://github.com/cesanta/mjs/issues/221