All versions of GurumDDS are vulnerable to heap-based buffer overflow, which may cause a denial-of-service condition or remotely execute arbitrary code. Date published : 2022-05-05 https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 not correctly calculate the size when allocating the buffer, which may result in a buffer overflow. Date published : 2022-05-05 https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2x to 6.1.0 vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. Date published : 2022-05-05 https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition and information exposure. Date...
RTI Connext DDS Professional and Connext DDS Secure Versions 4.2.x to 6.1.0 are vulnerable to a stack-based buffer overflow, which may allow a local attacker to execute arbitrary code. Date published : 2022-05-05 https://support.rti.com/s/login/?ec=302&startURL=%2Fs%2F...
eProsima Fast DDS versions prior to 2.4.0 (#2269) are susceptible to exploitation when an attacker sends a specially crafted packet to flood a target device with unwanted traffic, which may result in a denial-of-service...
All versions of GurumDDS improperly calculate the size to be used when allocating the buffer, which may result in a buffer overflow. Date published : 2022-05-05 https://www.cisa.gov/uscert/ics/advisories/icsa-21-315-02
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use .metadata.annotations in an Ingress object (in the networking.k8s.io or extensions API group) to obtain the...
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to...
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. Date published : 2022-05-05 https://www.sophos.com/en-us/security-advisories/sophos-sa-20220505-sfos-19-0-0
Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. Date published : 2022-05-05 https://www.sophos.com/en-us/security-advisories/sophos-sa-20220505-sfos-19-0-0
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters formseq and formid in interfaceordersfind_order_popup.php leads to multiple cross-site scripting (XSS) vulnerabilities. Date published : 2022-05-05 https://github.com/LibreHealthIO/lh-ehr/tags https://gitlab.com/librehealth/ehr/lh-ehr/-/tags
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameters debug and InsId in interfacebillingsl_eob_process.php leads to multiple cross-site scripting (XSS) vulnerabilities. Date published : 2022-05-05 https://github.com/LibreHealthIO/lh-ehr/tags https://gitlab.com/librehealth/ehr/lh-ehr/-/tags
In LibreHealth EHR 2.0.0, lack of sanitization of the GET parameter payment_id in interfacebillingnew_payment.php via interfacebillingpayment_master.inc.php leads to SQL injection. Date published : 2022-05-05 https://github.com/LibreHealthIO/lh-ehr/tags https://gitlab.com/librehealth/ehr/lh-ehr/-/tags