| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Authorization in Packagist librenms/librenms prior to 22.2.0. |
| Code Injection in GitHub repository publify/publify prior to 9.2.8. |
| Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1. |
| Cross-site Scripting (XSS) - Generic in Packagist librenms/librenms prior to 22.1.0. |
| Cross-site Scripting (XSS) - Stored in Packagist librenms/librenms prior to 22.2.0. |
| Improper Access Control in GitHub repository publify/publify prior to 9.2.8. |
| JFrog Artifactory before 7.36.1 and 6.23.41, is vulnerable to Insecure Deserialization of untrusted data which can lead to DoS, Privilege Escalation and Remote Code Execution when a specially crafted request is sent by a low privileged authenticated user due to insufficient validation of a user-provided serialized object. |
| Cross-site Scripting (XSS) - Reflected in GitHub repository phoronix-test-suite/phoronix-test-suite prior to 10.8.2. |
| Heap-based Buffer Overflow in Homebrew mruby prior to 3.2. |
| A flaw was found in ovn-kubernetes. This flaw allows a system administrator or privileged attacker to create an egress network policy that bypasses existing ingress policies of other pods in a cluster, allowing network traffic to access pods that should not be reachable. This issue results in information disclosure and other attacks on other pods that should not be reachable. |
| Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c. |
| Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing() in tif_dirread.c in libtiff versions from 3.9.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, the fix is available with commit eecb0712. |
| Open Redirect in Packagist microweber/microweber prior to 1.2.11. |
| Use After Free in GitHub repository radareorg/radare2 prior to 5.6.2. |
| Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11. |
| OS Command Injection in Packagist microweber/microweber prior to 1.2.11. |
| A local privilege escalation vulnerability caused by incorrect permission assignment in some directories of the Zyxel AP Configurator (ZAC) version 1.1.4, which could allow an attacker to execute arbitrary code as a local administrator. |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. |
| A flaw was found in the original fix for the netty-codec-http CVE-2021-21409, where the OpenShift Logging openshift-logging/elasticsearch6-rhel8 container was incomplete. The vulnerable netty-codec-http maven package was not removed from the image content. This flaw affects origin-aggregated-logging versions 3.11. |
| Improper Input Validation vulnerability in project file upload in Nozomi Networks Guardian and CMC allows an authenticated attacker with admin or import manager roles to execute unattended commands on the appliance using web server user privileges. This issue affects: Nozomi Networks Guardian versions prior to 22.0.0. Nozomi Networks CMC versions prior to 22.0.0. |