CVE-2022-33114 (jfinal_cms)

Jfinal CMS v5.1.0 was discovered to contain a SQL injection vulnerability via the attrVal parameter at /jfinal_cms/system/dict/list.

Source

/by

CVE-2022-34173 (jenkins)

In Jenkins 2.340 through 2.355 (both inclusive) the tooltip of the build button in list views supports HTML without escaping the job display name, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

Source

/by

CVE-2022-33025 (libredwg)

LibreDWG v0.12.4.4608 was discovered to contain a heap-use-after-free via the function decode_preR13_section at decode_r11.c.

Source

/by

CVE-2022-34176 (junit)

Jenkins JUnit Plugin 1119.va_a_5e9068da_d7 and earlier does not escape descriptions of test results, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Run/Update permission.

Source

/by

CVE-2022-33032 (libredwg)

LibreDWG v0.12.4.4608 was discovered to contain a heap-buffer-overflow via the function decode_preR13_section_hdr at decode_r11.c.

Source

/by

CVE-2022-33033 (libredwg)

LibreDWG v0.12.4.4608 was discovered to contain a double-free via the function dwg_read_file at dwg.c.

Source

/by

CVE-2021-40955 (laiketui)

SQL injection exists in LaiKetui v3.5.0 the background administrator list.

Source

/by

CVE-2022-33105 (redis)

Redis v7.0 was discovered to contain a memory leak via the component streamGetEdgeID.

Source

/by

CVE-2022-34183 (agent_server_parameter)

Jenkins Agent Server Parameter Plugin 1.1 and earlier does not escape the name and description of Agent Server parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

Source

/by

CVE-2022-33034 (libredwg)

LibreDWG v0.12.4.4608 was discovered to contain a stack overflow via the function copy_bytes at decode_r2007.c.

Source

/by