‼ CVE-2022-39170 ‼
📖 Read
via "National Vulnerability Database".
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36759 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36594 ‼
📖 Read
via "National Vulnerability Database".
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39177 ‼
📖 Read
via "National Vulnerability Database".
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39176 ‼
📖 Read
via "National Vulnerability Database".
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text]
Latest episode – listen now!
👍1
‼ CVE-2022-22059 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25680 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22101 ‼
📖 Read
via "National Vulnerability Database".
Denial of service in multimedia due to uncontrolled resource consumption while parsing an incoming HAB message in Snapdragon Auto📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25668 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22069 ‼
📖 Read
via "National Vulnerability Database".
Devices with keyprotect off may store unencrypted keybox in RPMB and cause cryptographic issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22097 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in graphic driver due to use after free while calling multiple threads application to driver. in Snapdragon Consumer IOT📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22104 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35132 ‼
📖 Read
via "National Vulnerability Database".
Out of bound write in DSP service due to improper bound check for response buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2021-35135 ‼
📖 Read
via "National Vulnerability Database".
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22080 ‼
📖 Read
via "National Vulnerability Database".
Improper validation of backend id in PCM routing process can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22099 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in multimedia due to improper validation of array index in Snapdragon Auto📖 Read
via "National Vulnerability Database".
‼ CVE-2021-44718 ‼
📖 Read
via "National Vulnerability Database".
wolfSSL through 5.0.0 allows an attacker to cause a denial of service and infinite loop in the client component by sending crafted traffic from a Machine-in-the-Middle (MITM) position. The root cause is that the client module accepts TLS messages that normally are only sent to TLS servers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25659 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36078 ‼
📖 Read
via "National Vulnerability Database".
Binary provides encoding/decoding in Borsh and other formats. The vulnerability is a memory allocation vulnerability that can be exploited to allocate slices in memory with (arbitrary) excessive size value, which can either exhaust available memory or crash the whole program. When using `github.com/gagliardetto/binary` to parse unchecked (or wrong type of) data from untrusted sources of input (e.g. the blockchain) into slices, it's possible to allocate memory with excessive size. When `dec.Decode(&val)` method is used to parse data into a structure that is or contains slices of values, the length of the slice was previously read directly from the data itself without any checks on the size of it, and then a slice was allocated. This could lead to an overflow and an allocation of memory with excessive size value. Users should upgrade to `v0.7.1` or higher. A workaround is not to rely on the `dec.Decode(&val)` function to parse the data, but to use a custom `UnmarshalWithDecoder()` method that reads and checks the length of any slice.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-37458 ‼
📖 Read
via "National Vulnerability Database".
Discourse through 2.8.7 allows admins to send invitations to arbitrary email addresses at an unlimited rate.📖 Read
via "National Vulnerability Database".