Security
Headlines
HeadlinesLatestCVEs

Tag

#java

CVE-2022-22327: Security Bulletin: CVE-2022-22327 Urbancode Deploy Web-Agent communication uses system default TLS protocol instead of application configured value.

IBM UrbanCode Deploy (UCD) 7.0.5, 7.1.0, 7.1.1, and 7.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 218859.

CVE
Open in Source
#vulnerability#web#java
CVE-2022-25017: Hitron CHITA OS Command Injection (UPC Branded)

Hitron CHITA 7.2.2.0.3b6-CD devices contain a command injection vulnerability via the Device/DDNS ddnsUsername field.

CVE-2022-24802: Build software better, together

deepmerge-ts is a typescript library providing functionality to deep merging of javascript objects. deepmerge-ts is vulnerable to Prototype Pollution via file deepmerge.ts, function defaultMergeRecords(). This issue has been patched in version 4.0.2. There are no known workarounds for this issue.

CVE-2021-42869: CVE-2021-42869: Chikitsa 2.0.2 XSS vulnerability

A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages.

CVE-2021-42867: CVE-2021-42967: HTMLy 2.8.1 XSS vulnerability

A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages.

CVE-2021-42868: CVE-2021-42868: Chikitsa 2.0.2 XSS vulnerability

A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. .

CVE-2021-42866: CVE-2021-42866: Pixelimity 1.0 XSS vulnerability

A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php

CVE-2021-43505

Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.

RHSA-2022:0737: Red Hat Security Advisory: Red Hat build of Eclipse Vert.x 4.2.5 security update

An update is now available for Red Hat build of Eclipse Vert.x. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. For more information, see the CVE pages listed in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-38153: Kafka: Timing Attack Vulnerability for Apache Kafka Connect and Clients

CVE-2022-26644: CVE/CVE-2022-26644 at main · erik-451/CVE

Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management.