BlogEngine.NET v3.3.8.0 was discovered to contain an arbitrary file deletion vulnerability which allows attackers to delete files within the web server root directory via a crafted HTTP request. Date published : 2022-05-13 https://blogengine.io/ https://www.0xlanks.me/blog/cve-2022-25591-advisory/
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). Versions prior to 3.16.1 are vulnerable to SQL injection due to the use of string concatenation to create...
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write,...
IBM WebSphere Application Server Liberty 17.0.0.3 through 22.0.0.5 , with the adminCenter-1.0 feature configured, could allow an authenticated user to issue a request to obtain the status of HTTP/HTTPS ports which are accessible by...
IBM MQ (IBM MQ for HPE NonStop 8.1.0) can inadvertently disclose sensitive information under certain circumstances to a local user from a stack trace. IBM X-Force ID: 218853. Date published : 2022-05-13 https://www.ibm.com/support/pages/node/6585780 https://exchange.xforce.ibmcloud.com/vulnerabilities/218853
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts access to a resource using HTTP connections from an unauthorized actor leading to Improper Access Control vulnerability. Date published : 2022-05-13 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
A buffer overflow vulnerability in the SonicWall SSL-VPN NetExtender Windows Client (32 and 64 bit) in 10.2.322 and earlier versions, allows an attacker to potentially execute arbitrary code in the host windows operating system....
The HiAIserver has a vulnerability in verifying the validity of the weight used in the model.Successful exploitation of this vulnerability will affect AI services. Date published : 2022-05-13 https://consumer.huawei.com/en/support/bulletin/2022/5/ https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162
The kernel module has a UAF vulnerability.Successful exploitation of this vulnerability will affect data integrity and availability. Date published : 2022-05-13 https://consumer.huawei.com/en/support/bulletin/2022/5/ https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202205-0000001245813162
The DFX module has a UAF vulnerability.Successful exploitation of this vulnerability may affect system stability. Date published : 2022-05-13 https://consumer.huawei.com/en/support/bulletin/2022/4/ https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294
This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The [fix](https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d45da7fe3ad9cd880) introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if...
Account Takeover in GitHub repository neorazorx/facturascripts prior to 2022.07. Date published : 2022-05-13 https://huntr.dev/bounties/58918962-ccb5-47f9-bb43-ffd8cae1ef24 https://github.com/neorazorx/facturascripts/commit/714bebf4c35e3eedda138f5ee912a8031bc8b1ab
Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.7.0. The bug causes the program reads data past the end of the intented buffer. Typically, this can allow attackers to read sensitive information from...
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions accept a user-controlled input that specifies a link to an external site and uses that link in a redirect which leads to Open redirection vulnerability....