Security Vulnerabilities - CVEs Published In 2021
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-12-22
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-12-22
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.
CVSS Score
8.8
EPSS Score
0.014
Published
2021-12-22
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2021-12-22
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds.
CVSS Score
7.3
EPSS Score
0.003
Published
2021-12-22
IBM Cloud Pak for Security (CP4S) 1.7.2.0, 1.7.1.0, and 1.7.0.0 could allow an authenticated user to obtain sensitive information in HTTP responses that could be used in further attacks against the system. IBM X-Force ID: 213651.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-12-22
A use-after-free exists in drivers/tee/tee_shm.c in the TEE subsystem in the Linux kernel through 5.15.11. This occurs because of a race condition in tee_shm_get_from_id during an attempt to free a shared memory object.
CVSS Score
7.0
EPSS Score
0.003
Published
2021-12-22
A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2021-12-22
An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function.
CVSS Score
5.5
EPSS Score
0.003
Published
2021-12-22
A stack overflow vulnerability exists in gpac 1.1.0 via the gf_bifs_dec_proto_list function, which causes a segmentation fault and application crash.
CVSS Score
5.5
EPSS Score
0.002
Published
2021-12-22