MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local...
In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan....
CVEProject/cve-services is an open source project used to operate the CVE services API. A conditional in ‘data.js’ has potential for production secrets to be written to disk. The affected method writes the generated randomKey...
FriendsofFlarum (FoF) Upload is an extension that handles file uploads intelligently for your forum. If FoF Upload prior to version 1.2.3 is configured to allow the uploading of SVG files (‘image/svg+xml’), navigating directly to...
libImaging/TgaRleDecode.c in Pillow 9.1.0 has a heap buffer overflow in the processing of invalid TGA image files. Date published : 2022-05-25 https://github.com/python-pillow/Pillow/blob/main/src/libImaging/TgaRleDecode.c https://pillow.readthedocs.io/en/stable/releasenotes/9.1.1.html
In ginadmin through 05-10-2022, the incoming path value is not filtered, resulting in arbitrary file reading. Date published : 2022-05-25 https://github.com/gphper/ginadmin/issues/9
In ginadmin through 05-10-2022 the incoming path value is not filtered, resulting in directory traversal. Date published : 2022-05-25 https://github.com/gphper/ginadmin/issues/8
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 3 of 3). Date published : 2022-05-25 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 2 of 3). Date published : 2022-05-25 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
HashiCorp go-getter through 2.0.2 does not safely perform downloads (issue 1 of 3). Date published : 2022-05-25 https://discuss.hashicorp.com https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
An arbitrary file upload vulnerability in the Select Image function of Online Food Ordering System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Date published : 2022-05-25 https://hackmd.io/@d4rkp0w4r/Online_Food_Ordering_System_Remote_Code_Execution
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the Search parameter at /online-food-order/food-search.php. Date published : 2022-05-25 https://hackmd.io/@d4rkp0w4r/Online_Food_Ordering_System_Unauthenticated_Sql_Injection
Persistent Cross-Site Scripting (XSS) vulnerability in Vsourz Digital’s Advanced Contact form 7 DB plugin
In Apache Archiva, any registered user can reset password for any users. This is fixed in Archiva 2.2.8 Date published : 2022-05-25 https://archiva.apache.org/docs/2.2.8/release-notes.html