| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| vim is vulnerable to Use After Free |
| An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4, and 14.8 to 14.8.2. Private GitLab instances with restricted sign-ups may be vulnerable to user enumeration to unauthenticated users through the GraphQL API. |
| mruby is vulnerable to NULL Pointer Dereference |
| Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file |
| An information exposure flaw in openstack-tripleo-heat-templates allows an external user to discover the internal IP or hostname. An attacker could exploit this by checking the www_authenticate_uri parameter (which is visible to all end users) in configuration files. This would give sensitive information which may aid in additional system exploitation. This flaw affects openstack-tripleo-heat-templates versions prior to 11.6.1. |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| A arbitrary code execution flaw was found in the Fabric 8 Kubernetes client affecting versions 5.0.0-beta-1 and above. Due to an improperly configured YAML parsing, this will allow a local and privileged attacker to supply malicious YAML. |
| livehelperchat is vulnerable to Generation of Error Message Containing Sensitive Information |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2. |
| calibre-web is vulnerable to Business Logic Errors |
| calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| showdoc is vulnerable to Cross-Site Request Forgery (CSRF) |
| vim is vulnerable to Out-of-bounds Read |
| calibre-web is vulnerable to Cross-Site Request Forgery (CSRF) |
| archivy is vulnerable to Cross-Site Request Forgery (CSRF) |
| The affected products contain vulnerable firmware, which could allow an attacker to sniff the traffic and decrypt login credential details. This could give an attacker admin rights through the HTTP web server. |
| There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of the TLS 1.3 default curves. Impact was not analyzed in detail, because the pre-requisites for attack are considered unlikely and include reusing private keys. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH private key among multiple clients, which is no longer an option since CVE-2016-0701. This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.0. It was addressed in the releases of 1.1.1m and 3.0.1 on the 15th of December 2021. For the 1.0.2 release it is addressed in git commit 6fc1aaaf3 that is available to premium support customers only. It will be made available in 1.0.2zc when it is released. The issue only affects OpenSSL on MIPS platforms. Fixed in OpenSSL 3.0.1 (Affected 3.0.0). Fixed in OpenSSL 1.1.1m (Affected 1.1.1-1.1.1l). Fixed in OpenSSL 1.0.2zc-dev (Affected 1.0.2-1.0.2zb). |