Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-1445PUBLISHED: 2022-04-24Stored Cross Site Scripting vulnerability in the checked_out_to parameter in GitHub repository snipe/snipe-it prior to 5.4.3. The vulnerability is capable of stolen the user Cookie.
CVE-2022-1444PUBLISHED: 2022-04-23heap-use-after-free in GitHub repository radareorg/radare2 prior to 5.7.0. This vulnerability is capable of inducing denial of service.
CVE-2022-1427PUBLISHED: 2022-04-23Out-of-bounds Read in mrb_obj_is_kind_of in in GitHub repository mruby/mruby prior to 3.2. # Impact: Possible arbitrary code execution if being exploited.
CVE-2021-4211PUBLISHED: 2022-04-22A potential vulnerability in the SMI callback function used in the SMBIOS event log driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.
CVE-2021-4212PUBLISHED: 2022-04-22A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.