| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| snipe-it is vulnerable to Cross-Site Request Forgery (CSRF) |
| It was found that the original fix for log4j CVE-2021-44228 and CVE-2021-45046 in the OpenShift metering hive containers was incomplete, as not all JndiLookup.class files were removed. This CVE only applies to the OpenShift Metering hive container images, shipped in OpenShift 4.8, 4.7 and 4.6. |
| janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF) |
| It was found that a specially crafted LUKS header could trick cryptsetup into disabling encryption during the recovery of the device. An attacker with physical access to the medium, such as a flash disk, could use this flaw to force a user into permanently disabling the encryption layer of that medium. |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| snapd 2.54.2 fails to perform sufficient validation of snap content interface and layout paths, resulting in the ability for snaps to inject arbitrary AppArmor policy rules via malformed content interface and layout declarations and hence escape strict snap confinement. Fixed in snapd versions 2.54.3+18.04, 2.54.3+20.04 and 2.54.3+21.10.1 |
| bookstack is vulnerable to Improper Access Control |
| pytorch-lightning is vulnerable to Deserialization of Untrusted Data |
| yetiforcecrm is vulnerable to Business Logic Errors |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| There is a flaw in polkit which can allow an unprivileged user to cause polkit to crash, due to process file descriptor exhaustion. The highest threat from this vulnerability is to availability. NOTE: Polkit process outage duration is tied to the failing process being reaped and a new one being spawned |
| A flaw was found in ansible-tower where the default installation is vulnerable to job isolation escape. This flaw allows an attacker to elevate the privilege from a low privileged user to an AWX user from outside the isolated environment. |
| yetiforcecrm is vulnerable to Business Logic Errors |
| mruby is vulnerable to NULL Pointer Dereference |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| A vulnerability in Snow Inventory Java Scanner allows an attacker to run malicious code at a higher level of privileges. This issue affects: SNOW Snow Inventory Java Scanner 1.0 |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34. |
| Heap buffer overflow in Swiftshader in Google Chrome prior to 96.0.4664.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
