The affected products are vulnerable of untrusted data due to deserialization without prior authorization/authentication, which may allow an attacker to remotely execute arbitrary code. Date published : 2022-05-31 https://www.cisa.gov/uscert/ics/advisories/icsa-22-146-01
Linux Kernel could allow a local attacker to execute arbitrary code on the system, caused by a concurrency use-after-free flaw in the bad_flp_intr function. By executing a specially-crafted program, an attacker could exploit this...
An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage...
The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object. Date published : 2022-05-31 https://bugzilla.redhat.com/show_bug.cgi?id=2077560
A format string vulnerability was found in libinput Date published : 2022-05-31 https://seclists.org/oss-sec/2022/q2/47
In KNIME Analytics Platform below 4.6.0, the Windows installer sets improper filesystem permissions. Date published : 2022-05-31 https://knime.com https://www.knime.com/security/advisories#CVE-2022-31500
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/user/index.php?view=edit&id=. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/janobe/online-ordering-system/SQLi-9.md
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/category/index.php?view=edit&id=. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/janobe/online-ordering-system/SQLi-10.md
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/loaddata.php. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/janobe/online-ordering-system/SQLi-7.md
Online Ordering System 2.3.2 is vulnerable to SQL Injection via /ordering/admin/stockin/index.php?view=edit&id=. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/janobe/online-ordering-system/SQLi-6.md
Online Ordering System By janobe 2.3.2 is vulnerable to SQL Injection via /ordering/admin/orders/loaddata.php. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/janobe/online-ordering-system/SQLi-8.md
Online Ordering System By janobe 2.3.2 has SQL Injection via /ordering/admin/products/index.php?view=edit&id=. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/janobe/online-ordering-system/SQLi-5.md
Online Ordering System By janobe 2.3.2 is vulneranle to SQL Injection via /ordering/index.php?q=products&id=. Date published : 2022-05-31 https://github.com/k0xx11/bug_report/blob/main/vendors/janobe/online-ordering-system/SQLi-1.md
We failed to apply the fix for CVE-2022-30126 to the 1.x branch in the 1.28.2 release. In Apache Tika, a regular expression in the StandardsText class, used by the StandardsExtractingContentHandler could lead to a...