‼ CVE-2022-39220 ‼
📖 Read
via "National Vulnerability Database".
SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known workarounds exist.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35089 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer-overflow via getTransparentColor at /home/bupt/Desktop/swftools/src/gif2swf.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35085 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35090 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via __asan_memcpy at /asan/asan_interceptors_memintrinsics.cpp:.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35086 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39221 ‼
📖 Read
via "National Vulnerability Database".
McWebserver mod runs a simple HTTP server alongside the Minecraft server in seperate threads. Path traversal in McWebserver Minecraft Mod for Fabric and Quilt up to and including 0.1.2.1 and McWebserver Minecraft Mod for Forge up to and including 0.1.1 allows all files, accessible by the program, to be read by anyone via HTTP request. Version 0.2.0 with patches are released to both platforms (Fabric and Quilt, Forge). As a workaround, the McWebserver mod can be disabled by removing the file from the `mods` directory.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35088 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a heap buffer-overflow via getGifDelayTime at /home/bupt/Desktop/swftools/src/src/gif2swf.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38619 ‼
📖 Read
via "National Vulnerability Database".
SmartVista SVFE2 v2.2.22 was discovered to contain a SQL injection vulnerability via the UserForm:j_id90 parameter at /SVFE2/pages/feegroups/mcc_group.jsf.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35087 ‼
📖 Read
via "National Vulnerability Database".
SWFTools commit 772e55a2 was discovered to contain a segmentation violation via MovieAddFrame at /src/gif2swf.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41222 ‼
📖 Read
via "National Vulnerability Database".
mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40604 ‼
📖 Read
via "National Vulnerability Database".
In Apache Airflow 2.3.0 through 2.3.4, part of a url was unnecessarily formatted, allowing for possible information extraction.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41218 ‼
📖 Read
via "National Vulnerability Database".
In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2315 ‼
📖 Read
via "National Vulnerability Database".
Database Software Accreditation Tracking/Presentation Module product before version 2 has an unauthenticated SQL Injection vulnerability. This is fixed in version 2.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41220 ‼
📖 Read
via "National Vulnerability Database".
** DISPUTED ** md2roff 1.9 has a stack-based buffer overflow via a Markdown file, a different vulnerability than CVE-2022-34913. NOTE: the vendor's position is that the product is not intended for untrusted input.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-40754 ‼
📖 Read
via "National Vulnerability Database".
In Apache Airflow 2.3.0 through 2.3.4, there was an open redirect in the webserver's `/confirm` endpoint.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-0495 ‼
📖 Read
via "National Vulnerability Database".
The library automation system product KOHA developed by Parantez Teknoloji before version 19.05.03 has an unauthenticated SQL Injection vulnerability. This has been fixed in the version 19.05.03.01.📖 Read
via "National Vulnerability Database".
🗓️ Prototype pollution bug in Chromium bypassed Sanitizer API 🗓️
📖 Read
via "The Daily Swig".
Issue highlights the challenges of preventing client-side attacks📖 Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Prototype pollution bug in Chromium bypassed Sanitizer API
Issue highlights the challenges of preventing client-side attacks
‼ CVE-2022-38177 ‼
📖 Read
via "National Vulnerability Database".
By spoofing the target resolver with responses that have a malformed ECDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38178 ‼
📖 Read
via "National Vulnerability Database".
By spoofing the target resolver with responses that have a malformed EdDSA signature, an attacker can trigger a small memory leak. It is possible to gradually erode available memory to the point where named crashes for lack of resources.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2795 ‼
📖 Read
via "National Vulnerability Database".
By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS resolution service.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3080 ‼
📖 Read
via "National Vulnerability Database".
By sending specific queries to the resolver, an attacker can cause named to crash.📖 Read
via "National Vulnerability Database".