Remotely alerts

CVE-2021-25959

on Oct. 7, 2021, 1:21 p.m.

In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance.

Learn more

Tags:  Tool Signature

CVE-2020-9493

on March 31, 2022, 6:23 p.m.

A deserialization flaw was found in Apache Chainsaw versions prior to 2.1.0 which could lead to malicious code execution.

Learn more

Tags:  Mailing ListTool Signature

CVE-2021-3197

on Feb. 28, 2022, 8:50 p.m.

An issue was discovered in SaltStack Salt before 3002.5. The salt-api's ssh client is vulnerable to a shell injection by including ProxyCommand in an argument, or via ssh_options provided in an API request.

Learn more

Tags:  Third Party AdvisoryTool Signature

CVE-2017-16611

on Feb. 20, 2022, 6:06 a.m.

In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker can open (but not read) files on the system as root, triggering tape rewinds, watchdogs, or similar mechanisms that can be triggered by opening files.

Learn more

Tags:  Issue TrackingTool SignatureVDB EntryThird Party AdvisoryMailing ListPatch

CVE-2019-19079

on Aug. 24, 2020, 5:37 p.m.

A memory leak in the qrtr_tun_write_iter() function in net/qrtr/tun.c in the Linux kernel before 5.3 allows attackers to cause a denial of service (memory consumption), aka CID-a21b7f0cff19.

Learn more

Tags:  PatchTool Signature

CVE-2019-19035

on July 28, 2020, 3:15 a.m.

jhead 3.03 is affected by: heap-based buffer over-read. The impact is: Denial of service. The component is: ReadJpegSections and process_SOFn in jpgfile.c. The attack vector is: Open a specially crafted JPEG file.

Learn more

Tags:  ExploitIssue TrackingTool Signature

CVE-2021-3781

on Feb. 28, 2022, 7:52 p.m.

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document to execute arbitrary commands on the system in the context of the ghostscript interpreter. The highest threat from this vulnerability is to confidentiality, integrity, as …

Learn more

Tags:  Issue TrackingPatchThird Party AdvisoryUS Government ResourceTool Signature

CVE-2022-24058

on Feb. 28, 2022, 7:46 p.m.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro 11.8.7.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of J2K files. Crafted data in a J2K …

Learn more

Tags:  Third Party AdvisoryVDB EntryTool SignatureVendor Advisory

CVE-2022-0918

on March 28, 2022, 1:18 p.m.

A vulnerability was discovered in the 389 Directory Server that allows an unauthenticated attacker with network access to the LDAP port to cause a denial of service. The denial of service is triggered by a single message sent over a TCP connection, no bind or other authentication is required. The message triggers a segmentation fault …

Learn more

Tags:  Issue TrackingTool Signature

CVE-2022-21190

on May 24, 2022, 2:11 p.m.

This affects the package convict before 6.2.3. This is a bypass of [CVE-2022-22143](https://security.snyk.io/vuln/SNYK-JS-CONVICT-2340604). The [fix](https://github.com/mozilla/node-convict/commit/3b86be087d8f14681a9c889d45da7fe3ad9cd880) introduced, relies on the startsWith method and does not prevent the vulnerability: before splitting the path, it checks if it starts with __proto__ or this.constructor.prototype. To bypass this check it's possible to prepend the dangerous paths with any string value …

Learn more

Tags:  Broken LinkRelease NotesTool Signature

CVE-2021-44975

on June 1, 2022, 12:16 a.m.

radareorg radare2 5.5.2 is vulnerable to Buffer Overflow via /libr/core/anal_objc.c mach-o parser.

Learn more

Tags:  ExploitIssue TrackingPatchTool Signature

CVE-2022-31355

on June 27, 2022, 8:49 p.m.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/index.php?q=category&search=.

Learn more

Tags:  ExploitTool Signature

CVE-2022-31356

on June 27, 2022, 8:48 p.m.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/store/index.php?view=edit&id=.

Learn more

Tags:  ExploitTool Signature

CVE-2022-31357

on June 27, 2022, 8:47 p.m.

Online Ordering System v2.3.2 was discovered to contain a SQL injection vulnerability via /ordering/admin/inventory/index.php?view=edit&id=.

Learn more

Tags:  ExploitTool Signature