‼ CVE-2022-41649 ‼
📖 Read
via "National Vulnerability Database".
A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-22457 ‼
📖 Read
via "National Vulnerability Database".
IBM Security Verify Governance, Identity Manager 10.0.1 stores sensitive information including user credentials in plain clear text which can be read by a local privileged user. IBM X-Force ID: 225007.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43598 ‼
📖 Read
via "National Vulnerability Database".
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT16`.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43592 ‼
📖 Read
via "National Vulnerability Database".
An information disclosure vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to leaked heap data. An attacker can provide malicious input to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43857 ‼
📖 Read
via "National Vulnerability Database".
IBM Navigator for i 7.3, 7.4 and 7.5 could allow an authenticated user to access IBM Navigator for i log files they are authorized to but not while using this interface. The remote authenticated user can bypass the interface checks and download log files by modifying servlet filter. IBM X-Force ID: 239301.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41838 ‼
📖 Read
via "National Vulnerability Database".
A code execution vulnerability exists in the DDS scanline parsing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially-crafted .dds can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43600 ‼
📖 Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT16`📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43593 ‼
📖 Read
via "National Vulnerability Database".
A denial of service vulnerability exists in the DPXOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to null pointer dereference. An attacker can provide malicious input to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41794 ‼
📖 Read
via "National Vulnerability Database".
A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43597 ‼
📖 Read
via "National Vulnerability Database".
Multiple memory corruption vulnerabilities exist in the IFFOutput alignment padding functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to arbitrary code execution. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `m_spec.format` is `TypeDesc::UINT8`.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41639 ‼
📖 Read
via "National Vulnerability Database".
A heap based buffer overflow vulnerability exists in tile decoding code of TIFF image parser in OpenImageIO master-branch-9aeece7a and v2.3.19.0. A specially-crafted TIFF file can lead to an out of bounds memory corruption, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38143 ‼
📖 Read
via "National Vulnerability Database".
A heap out-of-bounds write vulnerability exists in the way OpenImageIO v2.3.19.0 processes RLE encoded BMP images. A specially-crafted bmp file can write to arbitrary out of bounds memory, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43599 ‼
📖 Read
via "National Vulnerability Database".
Multiple code execution vulnerabilities exist in the IFFOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.4.2. A specially crafted ImageOutput Object can lead to a heap buffer overflow. An attacker can provide malicious input to trigger these vulnerabilities.This vulnerability arises when the `xmax` variable is set to 0xFFFF and `m_spec.format` is `TypeDesc::UINT8`📖 Read
via "National Vulnerability Database".
🕴 Security Is a Second-Class Citizen in High-Performance Computing 🕴
📖 Read
via "Dark Reading".
Vendors and operators attempt to balance power and security, but right now, power is the highest goal.📖 Read
via "Dark Reading".
Dark Reading
Security Is a Second-Class Citizen in High-Performance Computing
Vendors and operators attempt to balance power and security, but right now, power is the highest goal.
‼ CVE-2022-40898 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-47931 ‼
📖 Read
via "National Vulnerability Database".
IO FinNet tss-lib before 2.0.0 allows a collision of hash values.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40897 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in Python Packaging Authority (PyPA) setuptools 65.3.0 and earlier allows remote attackers to cause a denial of service via crafted HTML package or custom PackageIndex page.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-40899 ‼
📖 Read
via "National Vulnerability Database".
An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46493 ‼
📖 Read
via "National Vulnerability Database".
Default version of nbnbk was discovered to contain an arbitrary file upload vulnerability via the component /api/User/download_img.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-23513 ‼
📖 Read
via "National Vulnerability Database".
Pi-Hole is a network-wide ad blocking via your own Linux hardware, AdminLTE is a Pi-hole Dashboard for stats and more. In case of an attack, the threat actor will obtain the ability to perform an unauthorized query for blocked domains on `queryads` endpoint. In the case of application, this vulnerability exists because of a lack of validation in code on a root server path: `/admin/scripts/pi-hole/phpqueryads.php.` Potential threat actor(s) are able to perform an unauthorized query search in blocked domain lists. This could lead to the disclosure for any victims' personal blacklists.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-46491 ‼
📖 Read
via "National Vulnerability Database".
A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.📖 Read
via "National Vulnerability Database".