MGASA-2022-0074 Updated zxing-cpp packages fix security vulnerability

Buffer overflow vulnerability in function stbiextendreceive in stbimage.h in stb 2.26 via a crafted JPEG file. CVE-2021-28021 An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An...

Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...

@kamilic-pkg/toolbox (>=1.0.0 <=1.1.0), @q7/cli (>=0.0.2 <=0.2.0) +8 more potentially affected by CVE-2022-0748 via post-loader (>=1.1.2 <=2.0.0)

post-loader NPM version =1.1.2, =1.0.0, =0.0.2, =0.0.2, =0.1.0, =0.0.4, =0.0.1, =2.6.21, =0.0.2, =0.0.4 Source cves: CVE-2022-0748 Source advisory: SNYK:JS-POSTLOADER-2403737...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. PoC js const postLoader = require'post-loader' var payload =...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25178 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25178 Source advisory: OSV:GHSA-5HFV-MG5X-MV32...

Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

GHSA-2HJR-FG6C-V2H6 Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

Elfloader - An Architecture-Agnostic ELF File Flattener For Shellcode

elfloader is a super simple loader for ELF files that generates a flat in-memory representation of the ELF. Pair this with Rust and now you can write your shellcode in a proper, safe, high-level language. Any target that LLVM can target can be used, including custom target specifications for real...

ALEA-2022:0354 vulkan bug fix and enhancement update

The vulkan packages contain the reference ICD loader and validation layers for Vulkan, a graphics and compute API for cross-platform access to modern GPUs. Bug Fixes and Enhancements: Rebase vulkan-loader in 8.6 BZ2016391 Rebase vulkan-headers in 8.6 BZ2016392 Rebase spirv-headers in 8.6 BZ201639...

vulkan bug fix and enhancement update

An update is available for spirv-tools, vulkan-loader, vulkan-headers, vulkan-validation-layers, vulkan-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Th...

vulkan bug fix and enhancement update

The vulkan packages contain the reference ICD loader and validation layers for Vulkan, a graphics and compute API for cross-platform access to modern GPUs. Bug Fixes and Enhancements: Rebase vulkan-loader in 8.6 BZ2016391 Rebase vulkan-headers in 8.6 BZ2016392 Rebase spirv-headers in 8.6 BZ201639...

Mageia: Security Advisory (MGASA-2013-0322)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for zxing-cpp (important)

openSUSE Security Update: Security update for zxing-cpp Announcement ID: openSUSE-SU-2022:0157-1 Rating: important References: 1191743 1191942 1191944 Cross-References: CVE-2021-28021 CVE-2021-42715 CVE-2021-42716 CVSS scores: CVE-2021-28021 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H...

PT-2022-3811

Name of the Vulnerable Software and Affected Versions CentOS Web Panel versions prior to 0.9.8.1107 Description The issue is related to incorrect handling of code generation in CentOS Web Panel, allowing a remote attacker to execute arbitrary code using a specially crafted request. An...

OPENSUSE-SU-2022:0018-1 Security update for stb

This update for stb fixes the following issues: - CVE-2021-42716: fixed buffer overflow in stbimage PNM loader boo1191743...

Security update for stb (important)

openSUSE Security Update: Security update for stb Announcement ID: openSUSE-SU-2022:0018-1 Rating: important References: 1191743 Cross-References: CVE-2021-42716 CVSS scores: CVE-2021-42716 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 An...

The vulnerability in the implementation of the Setparam_prefix() function of the Grub2 operating system’s loader allows a perpetrator to gain access to confidential data, affect the integrity of the data, and cause service failures.

The vulnerability of the Setparamprefix function in the Grub2 operating system loader is related to the operation going beyond the buffer boundaries in memory. Exploiting this vulnerability could allow an attacker to access confidential data, compromise data integrity, and cause service failures...

The vulnerability in the implementation of Grub2 operating system loaders allows attackers to gain access to confidential data, affect the integrity of data, and cause service failures.

The vulnerability of the Grub2 operating system loader implementation is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to access confidential data, compromise data integrity, and cause service failures...

The vulnerability in the implementation of the rmmod command for the Grub2 operating system allows a hacker to gain access to confidential data, affect the integrity of the data, and cause service failures.

The vulnerability of the rmmod command, which is used by the Grub2 operating system loader, lies in the lack of checks to ensure that loaded modules are indeed present. Exploiting this vulnerability can allow an attacker to access confidential data, compromise data integrity, and cause service...