Vulnerability Summary for the Week of September 26, 2022
acer — altos_t110_f3 There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this…
Vulnerability Summary for the Week of September 19, 2022
10-strike — network_inventory_explorer 10-Strike Network Inventory Explorer v9.3 was discovered to contain a buffer overflow via the Add Computers function. 2022-09-23 not yet calculated CVE-2022-38573MISCMISC acer — multiple_products There is…
Vulnerability Summary for the Week of September 12, 2022
adobe — animate Adobe Animate version 21.0.11 (and earlier) and 22.0.7 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a…
Vulnerability Summary for the Week of September 5, 2022
apache — airflow In Apache Airflow versions 2.2.4 through 2.3.3, the `database` webserver session backend was susceptible to session fixation. 2022-09-02 not yet calculated CVE-2022-38054CONFIRMMLIST apache — airflow In Apache…
Vulnerability Summary for the Week of August 29, 2022
advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a segmentation fault. 2022-08-29 not yet calculated CVE-2022-35019MISCMISC advancecomp — advancecomp Advancecomp v2.3 was discovered to contain a segmentation fault. 2022-08-29…
Vulnerability Summary for the Week of August 22, 2022
72crm — wukong_crm 72crm 9.0 has an Arbitrary file upload vulnerability. 2022-08-24 not yet calculated CVE-2022-37181MISC 72crm — wukong_crm An issue was discovered in 72crm 9.0. There is a SQL…
Vulnerability Summary for the Week of August 15, 2022
activerecord — update_by_case This Rails gem adds two methods to the ActiveRecord::Base class that allow you to update many records on a single database hit, using a case sql statement…
Vulnerability Summary for the Week of August 8, 2022
accusoft — imagegear An out-of-bounds write vulnerability exists in the PSD Header processing memory allocation functionality of Accusoft ImageGear 20.0. A specially-crafted malformed file can lead to memory corruption. An…
Vulnerability Summary for the Week of August 1, 2022
@acrontum — filesystem-template The package @acrontum/filesystem-template before 0.0.2 are vulnerable to Arbitrary Command Injection due to the fetchRepo API missing sanitization of the href field of external input. 2022-08-05 not…
Vulnerability Summary for the Week of July 25, 2022
@ianwalter/merge — @ianwalter/merge All versions of package @ianwalter/merge are vulnerable to Prototype Pollution via the main (merge) function. Maintainer suggests using @generates/merger instead. 2022-07-25 not yet calculated CVE-2021-23397CONFIRM adobe —…