CVE-2022-41853 Using Statement or PreparedStatement in hsqldb may be vulnerable to remote code execution.
This issue was previously fixed in hsqldb (HyperSQL DataBase) but a regression allowing untrusted inputs to be executed was reintroduced in 2.7.1.
The
CVE-2022-40160 JXPath is vulnerable to DOS attacks if the parser is running on user supplied input.
There are two ways this can happen. The first is when input data is supplied that the parser doesn’t understand, such as an illegal
CVE-2022-32171 Zinc versions v0.1.9 - v0.3.1 are vulnerable to Stored XSS when using the delete user functionality.
The following example shows how to create a XSS payload by injecting javascript into the user id field of a user.
When making changes to
CVE-2022-42302 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products
An authenticated user with a valid username and password can execute arbitrary SQL commands in the database. The SQL Injection can be exploited by remote
CVE-2022-42304 An issue was discovered in Veritas NetBackup through 10.0 and related Veritas products
A remote attacker could exploit this issue and inject SQL code to potentially impact the availability of your backup data, cause information disclosure, or execute
Episode
00:00:00
00:00:00