CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.
Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.
Privilege Chaining in GitHub repository cockpit-hq/cockpit prior to 2.3.8.
A vulnerability was found in glorylion JFinalOA 1.0.2 and classified as critical. This issue affects some unknown processing of the file src/main/java/com/pointlion/mvc/common/model/SysOrg.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-220469 was assigned to this vulnerability.
Advanced_intrusion_detection_environment, Aide, Cvsweb, Fetch, Freebsd-sendpr, Heimdal, Ja-xklock, Libfetch, Point-to-point_protocol_daemon, Ports_collection
2023-02-16
N/A
6.5 MEDIUM
When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key.
Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6.
2023-02-16
N/A
9.8 CRITICAL
Relative Path Traversal vulnerability in YugaByte, Inc. Yugabyte Managed (PlatformReplicationManager.Java modules) allows Path Traversal. This vulnerability is associated with program files PlatformReplicationManager.Java. This issue affects Yugabyte Managed: from 2.0 through 2.13.
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.