CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Nessus, Appliance, Jira_cloud, Log_correlation_engine, Nessus_agent, Nessus_amazon_machine_image, Nessus_network_monitor, Plugin-set, Securitycenter, Tenable.io
2022-10-06
N/A
9.8 CRITICAL
addBinding in xmlparse.c in Expat (aka libexpat) before 2.4.3 has an integer overflow.
NVIDIA NeMo before 1.6.0 contains a vulnerability in ASR WebApp, in which ../ Path Traversal may lead to deletion of any directory when admin privileges are available.
Due to the lack of media file checks before rendering, it was possible for an attacker to cause abnormal CPU consumption for message recipient by sending specially crafted gif image in LINE for Windows before 7.4.
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This CVE has been rejected as it was incorrectly assigned. All references and descriptions in this candidate have been removed to prevent accidental usage.
NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers (ROM version 1B) have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted unsigned update.
The {% debug %} template tag in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2 does not properly encode the current context. This may lead to XSS.
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such as ones that use the Python exec method. A lambda expression could also be used,
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization of ImagePath.Path.
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path.
The System Diagnosis service of MyASUS before 3.1.2.0 allows privilege escalation.
