‼ CVE-2022-3812 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability was found in Axiomatic Bento4. It has been rated as problematic. Affected by this issue is the function AP4_ContainerAtom::AP4_ContainerAtom of the component mp4encrypt. The manipulation leads to memory leak. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-212678 is the identifier assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3656 ‼
📖 Read
via "National Vulnerability Database".
Insufficient data validation in File System in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3660 ‼
📖 Read
via "National Vulnerability Database".
Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 107.0.5304.62 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3813 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability classified as problematic has been found in Axiomatic Bento4. This affects an unknown part of the component mp4edit. The manipulation leads to memory leak. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-212679.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3723 ‼
📖 Read
via "National Vulnerability Database".
Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3658 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Feedback service on Chrome OS in Google Chrome on Chrome OS prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3654 ‼
📖 Read
via "National Vulnerability Database".
Use after free in Layout in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3655 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Media Galleries in Google Chrome prior to 107.0.5304.62 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: Medium)📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3815 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability, which was classified as problematic, has been found in Axiomatic Bento4. This issue affects some unknown processing of the component mp4decrypt. The manipulation leads to memory leak. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212681 was assigned to this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3653 ‼
📖 Read
via "National Vulnerability Database".
Heap buffer overflow in Vulkan in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chrome security severity: High)📖 Read
via "National Vulnerability Database".
👍2
🛠 OpenSSL Toolkit 3.0.7 🛠
📖 Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide. The 3.x series is the current major version of OpenSSL.📖 Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 3.0.7 ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
🛠 OpenSSL Toolkit 1.1.1s 🛠
📖 Read
via "Packet Storm Security".
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.📖 Read
via "Packet Storm Security".
Packetstormsecurity
OpenSSL Toolkit 1.1.1s ≈ Packet Storm
Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers
‼ CVE-2021-45447 ‼
📖 Read
via "National Vulnerability Database".
Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43253 ‼
📖 Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_unweighted_pred_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43248 ‼
📖 Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_weighted_pred_avg_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43241 ‼
📖 Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain an unknown crash via ff_hevc_put_hevc_qpel_v_3_8_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43995 ‼
📖 Read
via "National Vulnerability Database".
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the compiler and processor architecture.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43237 ‼
📖 Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a stack-buffer-overflow vulnerability via void put_epel_hv_fallback<unsigned short> in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43240 ‼
📖 Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via ff_hevc_put_hevc_qpel_h_2_v_1_sse in sse-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43252 ‼
📖 Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a heap-buffer-overflow vulnerability via put_epel_16_fallback in fallback-motion.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43245 ‼
📖 Read
via "National Vulnerability Database".
Libde265 v1.0.8 was discovered to contain a segmentation violation via apply_sao_internal<unsigned short> in sao.cc. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted video file.📖 Read
via "National Vulnerability Database".