βΌ CVE-2022-43859 βΌ
π Read
via "National Vulnerability Database".
IBM Navigator for i 7.3, 7.4, and 7.5 could allow an authenticated user to obtain sensitive information for an object they are authorized to but not while using this interface. By performing a UNION based SQL injection an attacker could see file permissions through this interface. IBM X-Force ID: 239304.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41977 βΌ
π Read
via "National Vulnerability Database".
An out of bounds read vulnerability exists in the way OpenImageIO version v2.3.19.0 processes string fields in TIFF image files. A specially-crafted TIFF file can lead to information disclosure. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41684 βΌ
π Read
via "National Vulnerability Database".
A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3805 βΌ
π Read
via "National Vulnerability Database".
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the plugin settings in versions up to, and including, 2.5.6. Unauthenticated users can use an easily available nonce, obtained from pages edited by the plugin, to update the MailChimp API key, global styles, 404 page settings, and enabled elements.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3794 βΌ
π Read
via "National Vulnerability Database".
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX actions in versions up to, and including, 2.5.6. Authenticated users can use an easily available nonce value to create header templates and make additional changes to the site, as the plugin does not use capability checks for this purpose.π Read
via "National Vulnerability Database".
βΌ CVE-2020-26302 βΌ
π Read
via "National Vulnerability Database".
is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service (ReDoS). is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to loop ΓΒ’Γ’βΒ¬Γ
βforever." This vulnerability was found using a CodeQL query which identifies inefficient regular expressions. is.js has no patch for this issue.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41649 βΌ
π Read
via "National Vulnerability Database".
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-22457 βΌ
π Read
via "National Vulnerability Database".
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43598 βΌ
π Read
via "National Vulnerability Database".
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43592 βΌ
π Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43857 βΌ
π Read
via "National Vulnerability Database".
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41838 βΌ
π Read
via "National Vulnerability Database".
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43600 βΌ
π Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`π Read
via "National Vulnerability Database".
βΌ CVE-2022-43593 βΌ
π Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41794 βΌ
π Read
via "National Vulnerability Database".
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43597 βΌ
π Read
via "National Vulnerability Database".
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`.π Read
via "National Vulnerability Database".
βΌ CVE-2022-41639 βΌ
π Read
via "National Vulnerability Database".
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-38143 βΌ
π Read
via "National Vulnerability Database".
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43599 βΌ
π Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`π Read
via "National Vulnerability Database".
π΄ Security Is a Second-Class Citizen in High-Performance Computing π΄
π Read
via "Dark Reading".
Vendors and operators attempt to balance power and security, but right now, power is the highest goal.π Read
via "Dark Reading".
Dark Reading
Security Is a Second-Class Citizen in High-Performance Computing
Vendors and operators attempt to balance power and security, but right now, power is the highest goal.
βΌ CVE-2022-40898 βΌ
π Read
via "National Vulnerability Database".
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.π Read
via "National Vulnerability Database".