5604 matches found
CVE-2022-39261
Twig is a template language for PHP. Versions 1.x prior to 1.44.7, 2.x prior to 2.15.3, and 3.x prior to 3.4.3 encounter an issue when the filesystem loader loads templates for which the name is a user input. It is possible to use the source or include statement to read arbitrary files from outsi...
pyFlipper - Unoffical Flipper Zero Cli Wrapper Written In Python
Unoffical Flipper Zero cli wrapper written in Python Functions and characteristics: Flipper serial CLI wrapper Websocket client interface Setup instructions: $ git clone https://github.com/wh00hw/pyFlipper.git $ cd pyFlipper $ python3 -m venv venv $ source venv/bin/activate $ pip install -r...
OESA-2022-1942 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: Non-transparent sharing of return predictor targets between contexts in some IntelR Processors may allow an authorized user to potentially enable information disclosure via local access.CVE-2022-26373 A heap-based buffer overflow...
DENX Software Engineering Das U-Boot 缓冲区错误漏洞
DENX Software Engineering Das U-Boot is a Universal Bootloader from DENX Software Engineering, Germany. A security vulnerability exists in DENX Software Engineering Das U-Boot that originates from an unchecked download size and direction in the USB DFU, which can be exploited by an attacker to...
steal 安全漏洞
steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal version 2.2.4, which stems from prototype contamination via alias variables in babel.js...
GSD-2022-1005566 powerpc/spufs: Fix refcount leak in spufs_init_isolated_loader
powerpc/spufs: Fix refcount leak in spufsinitisolatedloader This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...
PT-2022-34261 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.211 Description: A refcount leak was discovered in the spufs init isolated loader function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v2.6.20 a...
PT-2022-33824 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.61 Description: A refcount leak was discovered in the spufs init isolated loader function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v2.6.20 a...
GSD-2022-1004973 firmware_loader: Fix memory leak in firmware upload
firmwareloader: Fix memory leak in firmware upload This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.8 by commit...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35972 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35972 Source advisory: OSV:GHSA-4PC4-M9MJ-V2R9...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35964 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35964 Source advisory: OSV:GHSA-F7R5-Q7CX-H668...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35996 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35996 Source advisory: OSV:GHSA-Q5JV-M6QW-5G37...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-35959 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-35959 Source advisory: OSV:GHSA-WXJJ-CGCX-R3VQ...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-36012 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-36012 Source advisory: OSV:GHSA-JVHC-5HHR-W3V5...
acuity (=6.18.0), acuitypro (=6.18.0) +60 more potentially affected by CVE-2022-36026 via tensorflow (>=2.8.0 <=2.8.0rc1)
tensorflow PYPI version =2.8.0, =1.2.8, =1.0.43, =0.2.2, =0.0.1, =0.0.2, =0.2.8, =0.14.0, =0.1.3, =0.0.9, =0.2.27, =0.2.41 - complaintclassify =0.0.5 - conversational-sentence-encoder =0.0.6 and more Source cves: CVE-2022-36026 Source advisory: OSV:GHSA-9CR2-8PWR-FHFQ...
Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services
Cybersecurity researchers have exposed new connections between a widely used pay-per-install PPI malware service known as PrivateLoader and another PPI platform offered by a cybercriminal actor dubbed ruzki. "The threat actor ruzki aka les0k, zhigalsz advertises their PPI service on underground...
CVE-2022-40307
A race condition in the Linux kernel's EFI capsule loader driver was found in the way it handled write and flush operations on the device node of the EFI capsule. A local user could potentially use this flaw to crash the system...
PT-2022-33233 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.19 through v5.19.7 Description: A use-after-free issue was discovered during the unregister process in the firmware loader. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linu...
An issue was discovered in the Linux kernel through 5.19.8. drivers/firmware/efi/capsule-loader.c has a race condition with a resultant use-after-free.
...
steal 安全漏洞
steal is StealJS open source an extensible general-purpose module loader . It can load JavaScript modules defined in ES6, AMD and CommonJS formats. A security vulnerability exists in steal 2.2.4, which results in a steal Regular Expression Denial of Service ReDoS via input variables in main.js...