Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-42052PUBLISHED: 2022-08-16IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.
CVE-2022-25799PUBLISHED: 2022-08-16
An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site...
CVE-2022-38235PUBLISHED: 2022-08-16XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
CVE-2022-38236PUBLISHED: 2022-08-16XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
CVE-2022-38237PUBLISHED: 2022-08-16XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.
User Rank: Apprentice
12/29/2014 | 7:24:12 AM
Thanks