Terminalfour before 8.3.8 allows XSS, aka RDSM-31817. 8.2.18.2.1 and 8.2.18.5 are also fixed versions. Date published : 2022-05-15 https://docs.terminalfour.com/release-notes/82/1821.html https://docs.terminalfour.com/release-notes/82/185.html
nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix...
Calibre-Web before 0.6.18 allows user table SQL Injection. Date published : 2022-05-15 https://github.com/janeczku/calibre-web/blob/master/SECURITY.md https://github.com/janeczku/calibre-web/releases/tag/0.6.18
Janet before 1.22.0 mishandles arrays. Date published : 2022-05-15 https://github.com/janet-lang/janet/compare/v1.21.1…v1.22.0 https://github.com/janet-lang/janet/releases/tag/v1.22.0
A Server-Side Request Forgery (SSRF) in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. Date published : 2022-05-15 https://github.com/getrebuild/rebuild/issues/460
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node, via an invalid proposal with an invalid header, will cause normal nodes to stop producing new blocks and processing new clients’ requests....
FISCO-BCOS release-3.0.0-rc2 was discovered to contain an issue where a malicious node can trigger an integer overflow and cause a Denial of Service (DoS) via an unusually large viewchange message packet. Date published :...
ERP-Pro v3.7.5 was discovered to contain a SQL injection vulnerability via the component /base/SysEveMenuAuthPointMapper.xml.. Date published : 2022-05-15 https://gitee.com/doc_wei01/erp-pro/issues/I515R4
Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the delid parameter at viewtreatmentrecord.php. Date published : 2022-05-15 https://github.com/cyberhomeless/vulnerabilitys/tree/main/HMS
Webmin through 1.991, when the Authentic theme is used, allows remote code execution when a user has been manually created (i.e., not created in Virtualmin or Cloudmin). This occurs because settings-editor_write.cgi does not properly...
URL Restriction Bypass in GitHub repository plantuml/plantuml prior to V1.2022.5. An attacker can abuse this to bypass URL restrictions that are imposed by the different security profiles and achieve server side request forgery (SSRF)....
Configuration defects in the secure OS module. Successful exploitation of this vulnerability can affect availability. Date published : 2022-05-13 https://consumer.huawei.com/en/support/bulletin/2022/5/ https://consumer.huawei.com/en/support/bulletin/2022/6/
Third-party pop-up window coverage vulnerability in the iConnect module.Successful exploitation of this vulnerability may cause system pop-up window may be covered to mislead users to perform incorrect operations. Date published : 2022-05-13 https://consumer.huawei.com/en/support/bulletin/2022/5/
The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to crash. Date published : 2022-05-13 https://consumer.huawei.com/en/support/bulletin/2022/5/ https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162