Security News

Security news from: cvedetails.com

  • – 23. november 2022CVE-2022-45873
    systemd 250 and 251 allows local users to achieve a systemd-coredump deadlock by triggering a crash that has a long backtrace. This occurs in parse_elf_object in shared/elf-util.c. The exploitation me …
  • – 23. november 2022CVE-2022-45462
    Alarm instance management has command injection when there is a specific command configured. It is only for logged-in users. We recommend you upgrade to version 2.0.6 or higher (CVSS:0.0) (Last Update …
  • – 23. november 2022CVE-2022-45472
    CAE LearningSpace Enterprise (with Intuity License) image 267r patch 639 allows DOM XSS, related to ontouchmove and onpointerup. (CVSS:0.0) (Last Update:2022-11-23)
  • – 22. november 2022CVE-2022-45535
    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the edit parameter at \admin\categories.php. This vulnerability allows attackers to access database information. (CVSS:0.0) ( …
  • – 22. november 2022CVE-2022-45536
    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the id parameter at \admin\post_comments.php. This vulnerability allows attackers to access database information. (CVSS:0.0) …
  • – 22. november 2022CVE-2022-45529
    AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the post_category_id parameter at \admin\includes\edit_post.php. This vulnerability allows attackers to access database infor …
  • – 21. november 2022CVE-2022-45470
    ** UNSUPPORTED WHEN ASSIGNED ** missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be f …
  • – 21. november 2022CVE-2022-45422
    When LG SmartShare is installed, local privilege escalation is possible through DLL Hijacking attack. The LG ID is LVE-HOT-220005. (CVSS:0.0) (Last Update:2022-11-23)
  • – 18. november 2022CVE-2022-45471
    In JetBrains Hub before 2022.3.15181 Throttling was missed when sending emails to a particular email address (CVSS:0.0) (Last Update:2022-11-21)
  • – 18. november 2022CVE-2022-45474
    drachtio-server 0.8.18 has a request-handler.cpp event_cb use-after-free for any request. (CVSS:0.0) (Last Update:2022-11-25)