A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4....
A Incorrect Authorization vulnerability in SUSE Rancher allows administrators of third-party repositories to gather credentials that are sent to their servers. This issue affects: SUSE Rancher Rancher versions prior to 2.5.12; Rancher versions prior...
A flaw was found in sox 14.4.1. The lsx_adpcm_init function within libsox leads to a global-buffer-overflow. This flaw allows an attacker to input a malicious file, leading to the disclosure of sensitive information. Date...
IBM ICP4A – User Management System Component (IBM Cloud Pak for Business Automation V21.0.3 through V21.0.3-IF008, V21.0.2 through V21.0.2-IF009, and V21.0.1 through V21.0.1-IF007) could allow a user with physical access to the system to...
The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, or meta...
The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cross-Site Scripting attacks against admins...
The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to retrieve the client full...
relan exFAT 1.3.0 allows local users to obtain sensitive information (data from deleted files in the filesystem) in certain situations involving offsets beyond ValidDataLength. Date published : 2022-05-02 https://github.com/relan/exfat/issues/185
Sinatra before 2.2.0 does not validate that the expanded path matches public_dir when serving static files. Date published : 2022-05-02 https://github.com/sinatra/sinatra/pull/1683/commits/462c3ca1db53ed3cfc394cf5948e9c948ad1c10e
The RSS extension before 2022-04-29 for MediaWiki allows XSS via an rss element (if the feed is in $wgRSSUrlWhitelist and $wgRSSAllowLinkTag is true). Date published : 2022-05-02 https://gerrit.wikimedia.org/r/c/787807 https://phabricator.wikimedia.org/T307028
An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private. Date published : 2022-05-02 https://github.com/torvalds/linux/commit/32452a3eb8b64e01e2be717f518c0be046975b9d
In libxml2 before 2.9.14, several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*) don’t check for integer overflows. This can result in out-of-bounds memory writes. Exploitation requires a victim to open a crafted,...
Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin
A vulnerability in the HCI Modbus TCP COMPONENT of Hitachi Energy RTU500 series CMU Firmware that is caused by the validation error in the length information carried in MBAP header allows an ATTACKER to...