CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
A heap-based-buffer-over-read flaw was found in ImageMagick's GetPixelAlpha() function of 'pixel-accessor.h'. This vulnerability is triggered when an attacker passes a specially crafted Tagged Image File Format (TIFF) image to convert it into a PICON file format. This issue can potentially lead to a denial of service and information disclosure.
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect vulnerability was fixed in GitLab integration with Jira that a could cause the web application to redirect the request to the attacker specified URL.
Code Injection in Packagist microweber/microweber prior to 1.2.11.
Exposure of Sensitive Information to an Unauthorized Actor in Packagist microweber/microweber prior to 1.2.11.
Total_protection, Data_loss_prevention_endpoint, True_key, Endpoint_security, Client_proxy, Active_response, Active_virus_defense, Active_virusscan, Advanced_threat_defense, Agent
2022-03-21
N/A
6.3 MEDIUM
A race condition vulnerability exists in the QuickClean feature of McAfee Total Protection for Windows prior to 16.0.43 that allows a local user to gain privilege elevation and perform an arbitrary file delete. This could lead to sensitive files being deleted and potentially cause denial of service. This attack exploits the way symlinks are created and how the product works with them.
The AnyComment WordPress plugin before 0.2.18 is affected by a race condition when liking/disliking a comment/reply, which could allow any authenticated user to quickly raise their rating or lower the rating of other users
Cross-site Scripting (XSS) - Stored in Packagist microweber/microweber prior to 1.2.11.
Improper Access Control in Packagist microweber/microweber prior to 1.2.11.
Cross-site Scripting (XSS) - Stored in NuGet OrchardCore.Application.Cms.Targets prior to 1.2.2.
Improper Access Control in Pypi calibreweb prior to 0.6.16.