CVE-2021-21949

An improper array index validation vulnerability exists in the JPEG-JFIF Scan header parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to an out-of-bounds write and potential code exectuion. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-21943

A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

Denial of service

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-27817

SWHKD 1.1.5 consumes the keyboard events of unintended users. This could potentially cause an information leak, but is usually a denial of functionality...

CVE-2022-27817

CVE-2022-27817 affects the SWHKD hotkey daemon (SWHKD 1.1.5, Rust) which can consume keyboard events from unintended users. This behavior can lead to information disclosure and, more commonly, a denial of functionality. The connected documents confirm the impact but do not provide a concrete expl...

CVE-2022-1256

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation...

CVE-2022-1256

A local privilege escalation vulnerability in MA for Windows prior to 5.7.6 allows a local low privileged user to gain system privileges through running the repair functionality. Temporary file actions were performed on the local user's %TEMP% directory with System privileges through manipulation...

SWHKD 安全漏洞

SWHKD is a display protocol-independent hotkey daemon made in Rust. SWHKD has a security vulnerability that stems from keyboard events using an unintended user, which can be exploited by an attacker to cause information disclosure, but is usually a denial of functionality...

Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2022-1386)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

use of deprecated chainlink oracle method

Lines of code Vulnerability details Impact latestanswer , this method does not error if no answer has been reached, it will simply return 0, since we have checks in function requireanswer 0, "invalidoracleanswer"; we may not get the latest value of current price which can affect the functionality...

Service Update 037 for Microsoft Dynamics CRM (on-premises) 9.0

Service Update 037 for Microsoft Dynamics CRM on-premises 9.0 Dynamics 365 Introduction Service Update 9.0.37 for Microsoft Dynamics CRM on-premises 9.0 is now available. This article describes the hotfixes and updates that are included in Service Update 9.0.37. More information Update package|...

PT-2022-2523 · Mcafee · Mcafee Agent

Name of the Vulnerable Software and Affected Versions: McAfee Agent versions prior to 5.7.6 Description: The issue is related to a local privilege escalation vulnerability that allows a low-privileged user to gain system privileges. This is achieved by exploiting the repair functionality, which...

Hardcoded credentials

An unprivileged user could use the functionality of the NS WooCommerce Watermark WordPress plugin through 2.11.3 to load images that hide malware for example from passing malicious domains to hide their trace, by making them pass through the vulnerable domain...

Unrestricted file upload

eZiosuite v2.0.7 contains an authenticated arbitrary file upload via the Avatar upload functionality...

Oracle price does not compound

Lines of code Vulnerability details Impact The oracle does not correctly compound the monthly APRs - it resets on fulfill. Note that the oraclePrice storage variable is only set in updateCPIData as part of the oracle fulfill callback. It's set to the old price price from 1 month ago plus the...

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...

CVE-2022-22963

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources...