Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

CVE-2023-21850: Oracle Critical Patch Update Advisory - January 2023

Vulnerability in the Oracle Demantra Demand Management product of Oracle Supply Chain (component: E-Business Collections). Supported versions that are affected are 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Demantra Demand Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Demantra Demand Management accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).

CVE
Open in Source
#sql#vulnerability#web#mac#windows#apple#google#linux#apache#nodejs#js#java#oracle#kubernetes#intel#php#c++#perl#pdf#log4j#graalvm#auth#ssh#zero_day#docker#webkit#kotlin#ssl
CVE-2023-23637: [Security] IMPatienT v1.5.0 Stored Cross-Site Scripting (XSS) - CVE-2023-23637 · Issue #101 · lambda-science/IMPatienT

IMPatienT before 1.5.2 allows stored XSS via onmouseover in certain text fields within a PATCH /modify_onto request to the ontology builder. This may allow attackers to steal Protected Health Information.

CVE-2022-47853: ttt/16 at main · Am1ngl/ttt

TOTOlink A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection Vulnerability in the httpd service. An attacker can obtain a stable root shell through a specially constructed payload.

CVE-2022-46093: z-vulnerabilitys/Hospital-Management-System.md at main · Frank-Z7/z-vulnerabilitys

Hospital Management System v1.0 is vulnerable to SQL Injection. Attackers can gain administrator privileges without the need for a password.

WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free

WebKit suffers from a RenderMathMLToken use-after-free vulnerability in CSSCrossfadeValue::crossfadeChanged.

CVE-2022-46502: bug_report/SQLi-1.md at main · snowingllll/bug_report

Online Student Enrollment System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at /student_enrollment/admin/login.php.

CVE-2022-46471: bug_report/SQLi-1.md at main · dreamwonly/bug_report

Online Health Care System v1.0 was discovered to contain a SQL injection vulnerability via the consulting_id parameter at /healthcare/Admin/consulting_detail.php.

CVE-2022-40983: TALOS-2022-1617 || Cisco Talos Intelligence Group

An integer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an integer overflow during memory allocation, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.

CVE-2022-43591: TALOS-2022-1650 || Cisco Talos Intelligence Group

A buffer overflow vulnerability exists in the QML QtScript Reflect API of Qt Project Qt 6.3.2. A specially-crafted javascript code can trigger an out-of-bounds memory access, which can lead to arbitrary code execution. Target application would need to access a malicious web page to trigger this vulnerability.