A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.40.2175 that could allow configuration files to be written to non-standard locations during installation. Date published : 2022-04-22 https://iknow.lenovo.com.cn/detail/dc_199218.html
A denial of service vulnerability was reported in Lenovo PCManager prior to version 4.0.20.10282 that could allow an attacker with local access to trigger a blue screen error. Date published : 2022-04-22 https://iknow.lenovo.com.cn/detail/dc_200016.html
The affected product may allow an attacker to identify and forge requests to internal systems by way of a specially crafted request. Date published : 2022-04-22 https://www.cisa.gov/uscert/ics/advisories/icsa-22-111-02
All versions of Uffizio GPS Tracker may allow an attacker to perform unintended actions on behalf of a user. Date published : 2022-04-22 https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02
An attacker may be able to inject client-side JavaScript code on multiple instances within all versions of Uffizio GPS Tracker. Date published : 2022-04-22 https://www.cisa.gov/uscert/ics/advisories/icsa-21-287-02
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to priviledge escalation where a lower level user could have read access to to the ‘Data Connections’ page to which they don’t have access. IBM...
IBM Cognos Analytics PowerPlay (IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7) could be vulnerable to an XML Bomb attack by a malicious authenticated user. IBM X-Force ID: 196813. Date published : 2022-04-22 https://security.netapp.com/advisory/ntap-20220602-0003/ https://www.ibm.com/support/pages/node/6570957
Crypt Server before 3.3.0 allows XSS in the index view. This is related to serial, computername, and username. Date published : 2022-04-22 https://github.com/grahamgilbert/Crypt-Server/pull/109 https://github.com/grahamgilbert/Crypt-Server/releases/tag/3.3.0
service_windows.go in the kardianos service package for Go omits quoting that is sometimes needed for execution of a Windows service executable from the intended directory. Date published : 2022-04-22 https://github.com/kardianos/service/pull/290
In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace;...
Halo-1.5.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via adminindex.html#/system/tools. Date published : 2022-04-22 https://github.com/halo-dev/halo/issues/1769
FreeType commit 22a0cccb4d9d002f33c1ba7a4b36812c7d4f46b5 was discovered to contain a segmentation violation via the function FT_Request_Size. Date published : 2022-04-22 http://freetype.com https://gitlab.freedesktop.org/freetype/freetype/-/issues/1140
FreeType commit 53dfdcd8198d2b3201a23c4bad9190519ba918db was discovered to contain a segmentation violation via the function FNT_Size_Request. Date published : 2022-04-22 http://freetype.com https://gitlab.freedesktop.org/freetype/freetype/-/issues/1139
FreeType commit 1e2eb65048f75c64b68708efed6ce904c31f3b2f was discovered to contain a heap buffer overflow via the function sfnt_init_face. Date published : 2022-04-22 https://gitlab.freedesktop.org/freetype/freetype/-/issues/1138