Security
Headlines
HeadlinesLatestCVEs

Tag

#webkit

RHSA-2022:7704: Red Hat Security Advisory: webkit2gtk3 security and bug fix update

An update for glib2 and webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-22624: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22628: webkitgtk: Use-after-free leading to arbitrary code execution * CVE-2022-22629: webkitgtk: Buffer overflow leading to arbitrary code execution * CVE-2022-22662: webkitgtk: Cookie management issue leading to sensitive user information disclosure * CVE-202...

Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#js#perl#buffer_overflow#ibm#webkit
CVE-2022-43049: bug_report_canteen/SQLi.md at master · sdpyly/bug_report_canteen

Canteen Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the component /youthappam/add-food.php.

CVE-2022-43046: bug_report/XSS-1.md at main · Oudaorui/bug_report

Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.

CVE-2022-3878: GitHub - huclilu/CVE_Add

A vulnerability classified as critical has been found in Maxon ERP. This affects an unknown part of the file /index.php/purchase_order/browse_data. The manipulation of the argument tb_search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-213039.

CVE-2022-43317: bug_report/XSS-1.md at main · ImaizumiYui/bug_report

A cross-site scripting (XSS) vulnerability in /hrm/index.php?msg of Human Resource Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVE-2022-43318: bug_report/SQLi-1.md at main · ImaizumiYui/bug_report

Human Resource Management System v1.0 was discovered to contain a SQL injection vulnerability via the stateedit parameter at /hrm/state.php.

WebKit HTMLSelectElement Use-After-Free

WebKit suffers from an HTMLSelectElement use-after-free vulnerability.

CVE-2022-43108: IOT_FIRMWARE/ac23.md at main · ppcrab/IOT_FIRMWARE

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.

CVE-2022-43107: IOT_FIRMWARE/ac23.md at main · ppcrab/IOT_FIRMWARE

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function.

CVE-2022-43106: IOT_FIRMWARE/ac23.md at main · ppcrab/IOT_FIRMWARE

Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function.