Kategori: NIST-Güvenlik Açıkları

CVE-2022-3370

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML…

Devamını oku

CVE-2022-2572

In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted…

Devamını oku

CVE-2021-27784

The provided HCL Launch Container images contain non-unique HTTPS certificates and a database encryption key. The fix provides directions and tools to replace the non-unique…

Devamını oku

CVE-2022-3059

The application was vulnerable to multiple instances of SQL injection (authenticated and unauthenticated) through a vulnerable parameter. Due to the stacked query support, complex SQL…

Devamını oku

CVE-2020-23255

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was…

Devamını oku

CVE-2022-27583

A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the…

Devamını oku

CVE-2022-28763

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious…

Devamını oku

CVE-2022-31690

Spring Security, versions 5.7 prior to 5.7.5, and 5.6 prior to 5.6.9, and older unsupported versions could be susceptible to a privilege escalation under certain…

Devamını oku

CVE-2022-31692

Spring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or include dispatcher types.…

Devamını oku