In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
Max CVSS
5.5
EPSS Score
0.09%
Published
2022-05-25
Updated
2023-02-23
In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
Max CVSS
5.5
EPSS Score
0.13%
Published
2022-05-25
Updated
2023-02-23
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-05-26
Updated
2022-06-08
MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-05-25
Updated
2022-11-05
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-05-25
Updated
2022-11-05
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-05-25
Updated
2022-11-05
MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
Max CVSS
5.5
EPSS Score
0.04%
Published
2022-05-25
Updated
2022-11-05
In libjpeg before 1.64, BitStream<false>::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.
Max CVSS
6.5
EPSS Score
0.08%
Published
2022-05-25
Updated
2022-07-19
Inout Blockchain AltExchanger 1.2.1 allows index.php/home/about inoutio_language cookie SQL injection.
Max CVSS
7.5
EPSS Score
0.18%
Published
2022-05-23
Updated
2022-05-30
Inout Blockchain AltExchanger 1.2.1 allows index.php/coins/update_marketboxslider marketcurrency SQL injection.
Max CVSS
7.5
EPSS Score
0.18%
Published
2022-05-23
Updated
2022-05-30
Inout Blockchain AltExchanger 1.2.1 and Inout Blockchain FiatExchanger 2.2.1 allow Chart/TradingView/chart_content/master.php symbol SQL injection.
Max CVSS
7.5
EPSS Score
0.19%
Published
2022-05-23
Updated
2022-05-30
A DLL hijacking vulnerability in the installed for Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, leading to execution of arbitrary code, via the installer not restricting the search path for required DLLs and then not verifying the signature of the DLLs it tries to load.
Max CVSS
7.9
EPSS Score
0.04%
Published
2022-05-23
Updated
2022-06-02
Time of Check - Time of Use (TOCTOU) vulnerability in Quick Heal Total Security prior to 12.1.1.27 allows a local attacker to achieve privilege escalation, potentially leading to deletion of system files. This is achieved through exploiting the time between detecting a file as malicious and when the action of quarantining or cleaning is performed, and using the time to replace the malicious file by a symlink.
Max CVSS
7.9
EPSS Score
0.04%
Published
2022-05-23
Updated
2022-06-02
A Path Traversal vulnerability in Gitblit 1.9.3 can lead to reading website files via /resources//../ (e.g., followed by a WEB-INF or META-INF pathname).
Max CVSS
7.5
EPSS Score
0.80%
Published
2022-05-21
Updated
2022-06-02
Gitblit 1.9.2 allows privilege escalation via the Config User Service: a control character can be placed in a profile data field, such as an emailAddress%3Atext 'attacker@example.com\n\trole = "#admin"' value.
Max CVSS
9.8
EPSS Score
0.21%
Published
2022-05-21
Updated
2022-06-07
The replay feature in the client in Wargaming World of Warships 0.11.4 allows remote attackers to execute code when a user launches a replay from an untrusted source.
Max CVSS
8.8
EPSS Score
0.46%
Published
2022-05-26
Updated
2022-06-08
Solana solana_rbpf before 0.2.29 has an addition integer overflow via invalid ELF program headers. elf.rs has a panic via a malformed eBPF program.
Max CVSS
7.5
EPSS Score
0.07%
Published
2022-05-21
Updated
2023-04-26
app/models/user.rb in Mastodon before 3.5.0 allows a bypass of e-mail restrictions.
Max CVSS
5.3
EPSS Score
0.07%
Published
2022-05-24
Updated
2022-06-02
An XXE issue was discovered in Morpheus through 5.2.16 and 5.4.x through 5.4.4. A successful attack requires a SAML identity provider to be configured. In order to exploit the vulnerability, the attacker must know the unique SAML callback ID of the configured identity source. A remote attacker can send a request crafted with an XXE payload to invoke a malicious DTD hosted on a system that they control. This results in reading local files that the application has access to.
Max CVSS
7.5
EPSS Score
0.13%
Published
2022-05-24
Updated
2022-06-08
The route lookup process in beego before 1.12.9 and 2.x before 2.0.3 allows attackers to bypass access control. When a /p1/p2/:name route is configured, attackers can access it by appending .xml in various places (e.g., p1.xml instead of p1).
Max CVSS
9.8
EPSS Score
0.17%
Published
2022-05-21
Updated
2023-02-17
In Checkmk before 1.6.0p29, 2.x before 2.0.0p25, and 2.1.x before 2.1.0b10, a site user can escalate to root by editing an OMD hook symlink.
Max CVSS
8.2
EPSS Score
0.04%
Published
2022-05-20
Updated
2022-06-07
mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs.
Max CVSS
9.0
EPSS Score
0.52%
Published
2022-05-20
Updated
2022-06-02
In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1, and Reach Client Agents before 10.1.11.
Max CVSS
6.5
EPSS Score
0.09%
Published
2022-05-20
Updated
2022-06-01
Waitress is a Web Server Gateway Interface server for Python 2 and 3. Waitress versions 2.1.0 and 2.1.1 may terminate early due to a thread closing a socket while the main thread is about to call select(). This will lead to the main thread raising an exception that is not handled and then causing the entire application to be killed. This issue has been fixed in Waitress 2.1.2 by no longer allowing the WSGI thread to close the socket. Instead, that is always delegated to the main thread. There is no work-around for this issue. However, users using waitress behind a reverse proxy server are less likely to have issues if the reverse proxy always reads the full response.
Max CVSS
6.5
EPSS Score
0.15%
Published
2022-05-31
Updated
2022-06-14
Chat Server is the chat server for Vartalap, an open-source messaging application. Versions 2.3.2 until 2.6.0 suffer from a bug in validating the access token, resulting in authentication bypass. The function `this.authProvider.verifyAccessKey` is an async function, as the code is not using `await` to wait for the verification result. Every time the function responds back with success, along with an unhandled exception if the token is invalid. A patch is available in version 2.6.0.
Max CVSS
9.8
EPSS Score
0.19%
Published
2022-05-31
Updated
2022-06-14
2023 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!