PT-2023-22892 · Unknown · Libsec-Ril

Name of the Vulnerable Software and Affected Versions: libsec-ril versions prior to SMR Aug-2023 Release 1 Description: The issue is related to an out-of-bounds write in the DoOemFactorySendFactoryBypassCommand of libsec-ril, allowing a local attacker to execute arbitrary code. Recommendations: F...

Spoofing Attack

chromium is vulnerable to Spoofing Attack. The vulnerability exists due to the inappropriate implementation in Prompts in the library, which allows an attacker to spoof the contents of the security UI via a maliciously crafted HTML page...

CVE-2023-30670

Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code...

SAMSUNG Mobile devices 缓冲区错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR Jul-2023 Release 1 version, which originates from an out-of-bounds write in the...

SAMSUNG Mobile device 输入验证错误漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile device SMR Jul-2023 Release 1 version, which stems from an incorrect input validation vulnerability ...

big-map-archive-api-client (>=0.0.1 <=1.2.0), dash-tools (>=1.6.0 <=1.11.1) +16 more potentially affected by CVE-2023-31543 via pipreqs (>=0.4.10 <=0.4.11)

pipreqs PYPI version =0.4.10, =0.0.1, =1.6.0, =0.0.6, =1.0.3, =1.1.5, =0.3.37, =0.0.5, =0.2.20, =0.0.1, =1.0.0, =1.0.2 and more Source cves: CVE-2023-31543 Source advisory: OSV:GHSA-V4F4-23WC-99MH...

CLSA-2023-1685023815 sysstat: Fix of CVE-2022-39377

CVE-2022-39377: fix overflow...

XSS in Library Description and Synopsis

Description The 'description' and 'synopsis' fields of libraries are vulnerable to stored XSS injection. If a user sets the synopsis or description of a library to ''"' they can set a stored XSS payload that fires whenever someone visits the /libraries page. Normally libraries are only editable b...

@211la/search-client (>=0.1.0 <=0.5.0), @2bad/bitrix (>=2.0.0 <=2.3.0) +15 more potentially affected by CVE-2022-24999 via qs (=6.8.0)

qs NPM version =6.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on qs and may be impacted: - @211la/search-client =0.1.0, =2.0.0, =0.0.0-GO-183-update-bb-types.1714, =9.1.23-alpha2.60, =0.6.4, =2.1.1, =0.1.0, =3.4.5, =1.0.0, =0.1.0, =1.0.2, =1.0.3 a...

a2ml (>=1.0.20 <=1.0.55), accelerometer (>=4.2.1 <=7.5.0) +371 more potentially affected by CVE-2022-21797 via joblib (>=0.9.4 <=1.1.1)

joblib PYPI version =0.9.4, =1.0.20, =4.2.1, =1.0.88, =1.0.32, =1.3.0, =1.0.1, =1.0.0, =0.20211108144632.0, =0.2.7, =0.1.0, =0.1.5, =0.53.0, =0.0.1, =1.0.1, =1.3.1 and more Source cves: CVE-2022-21797 Source advisory: OSV:GHSA-6HRG-QMVC-2XH8...

CLSA-2022-1654804099 Fix CVE(s): CVE-2022-1851, CVE-2022-1886, CVE-2022-0319, CVE-2022-1898

SECURITY UPDATE: mlget error when exchanging windows in Visual mode - debian/patches/CVE-2022-0319.patch: Correct end of Visual area when entering another buffer - CVE-2022-0319 SECURITY UPDATE: Cursor may be in an invalid position after text formatting - debian/patches/CVE-2022-1851.patch: Corre...

com.cosium.murmur:vysper (=0.8), com.day.cq:cq-compat-codeupgrade (>=1.0.2 <=1.2.10) +39 more potentially affected by CVE-2015-1833 via org.apache.jackrabbit:jackrabbit-core (>=1.2.1 <=2.0.5)

org.apache.jackrabbit:jackrabbit-core MAVEN version =1.2.1, =1.0.2, =5.3.4, =3.2.10-1-SP3seam2hibernate5, =3.2.10-1-SP3seam2hibernate5, =3.2.10-1-SP3seam2hibernate5, =3.2.10-1-SP3seam2hibernate5, =3.2.10-1-SP3seam2hibernate5, =3.2.10-1-SP3seam2hibernate5, =6.0.2, =1.1.2, =0.4.0-incubating, =1.3.0...

GHSA-6XWR-Q98W-RVG7 Prototype Pollution in nconf

nconf before 0.11.4. When using the memory engine, it is possible to store a nested JSON representation of the configuration. The .set function, that is responsible for setting the configuration properties, is vulnerable to Prototype Pollution. By providing a crafted property, it is possible to...

PJSIP 缓冲区错误漏洞

PJSIP is a free and open source multimedia communication library written in C that implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. There is a security vulnerability in PJSIP, there is no information about the vulnerability at the moment, please stay tuned to CNNVD...

CLSA-2022-1646666491 Fix of CVE: CVE-2021-3445

CVE-2021-3445: fix signature verification bypass leading to code execution RhBug:1932079...

libsolv Heap Overflow Vulnerability

libsolv is a library for checking package dependencies. libsolv has a security vulnerability, and no details of the vulnerability are currently provided...

colorcat (>=0.0.2 <=0.2.10), karg (=0.1.2) +10 more potentially affected by CVE-2020-7618 +1 more via sds (>=1.14.1 <=4.4.0)

sds NPM version =1.14.1, =0.0.2, =0.2.2, =0.55.1, =1.0.0, =0.0.1, =0.1.1, =0.0.1, =1.0.3, =0.4.16, =0.1.1, =1.0.1, =1.0.2 Source cves: CVE-2020-7618, CVE-2022-25862 Source advisory: SNYK:JS-SDS-2385944...

apprise-transactions (=1.0.0) potentially affected by CVE-2021-39229 via apprise (=0.8.5)

apprise PYPI version =0.8.5 is affected by a known vulnerability. The following packages have a transitive dependency on apprise and may be impacted: - apprise-transactions =1.0.0 Source cves: CVE-2021-39229 Source advisory: OSV:PYSEC-2021-327...

Important: Red Hat Security Advisory: libsndfile security update

An update for libsndfile is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

atacworks (>=0.3.0 <=0.3.3), chronix2grid (>=0.1.0rc1 <=1.0.2) +11 more potentially affected by CVE-2021-32797 via jupyterlab (>=2.0.1 <=2.2.1)

jupyterlab PYPI version =2.0.1, =0.3.0, =0.1.0rc1, =0.8.14, =0.1.0, =0.3.2, =0.8.22, =0.1.6, =0.8.25, =0.0.4, =0.3.0, =0.2.0, =0.0.4, =0.0.14 Source cves: CVE-2021-32797 Source advisory: OSV:GHSA-4952-P58Q-6CRX...