CVE-2022-45399

A missing permission check in Jenkins Cluster Statistics Plugin 0.4.6 and earlier allows attackers to delete recorded Jenkins Cluster Statistics...

CVE-2022-40735

CVE-2022-40735 describes a Diffie-Hellman Key Agreement Page vulnerability: long exponents may lead to expensive DHE modular-exponentiation and potential server-side resource consumption. The issue is tied to exponent size under subgroup constraints, with applicability depending on protocol (e.g....

Huawei EulerOS: Security Advisory for dhcp (EulerOS-SA-2022-2724)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the vector graphics editor CorelDRAW Graphics Suite (formerly CorelDRAW) lies in insufficient checking of the length of user data before it is copied to the stack-based buffer. This allows attackers to execute arbitrary code.

The vulnerability of the CorelDRAW Graphics Suite formerly CorelDRAW graphic editor lies in the insufficient checking of the length of user data before it is copied to the stack-based buffer during CGM-file syntax analysis. Exploiting this vulnerability allows an attacker to execute arbitrary cod...

Buyers unused ETH funds can be stolen (Direct theft of funds)

Lines of code Vulnerability details Impact The protocol has recognized the need to track buyers ETH in order to refund unused ETH by implementing the returnDust function and setupExecution modifier. The implementation creates an attack vector that allows the seller to steal the unused ETH...

UBUNTU-CVE-2022-3957

A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svgparsepreserveaspectratio of the file scenegraph/svgattributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the...

GPAC 安全漏洞

GPAC is an open source multimedia framework. GPAC suffers from a security vulnerability that originates from an unknown function in the file scenegraph/svgattributes.c of the SVG Parser component, which can be exploited by an attacker to cause a memory leak by manipulating the...

GHSA-RC39-G977-687W Use of unclaimed s3 bucket in tests and examples

Impact People who use some older NLP examples that reference the old S3 bucket. Patches The problem has been patched. Upgrade to snapshots for now. A release will be published later to address this due to the vulnerability mostly being examples and 1 class in the actual code base. Workarounds...

SpigotedLineLib::trade won’t work with tokens with approval race protection (USDT)

Lines of code Vulnerability details Proof of Concept Some tokens e.g. USDT, KNC do not allow approving an amount M 0 when an existing amount N 0 is already approved. This is to protect from an ERC20 attack vector described here. The problem is the code in trade is the following...

PT-2022-23121 · Unknown · Deeplearning4J

Name of the Vulnerable Software and Affected Versions: Deeplearning4J versions through 1.0.0-M2.1 Description: The issue affects users of older NLP examples that reference an old S3 bucket. The problem arises from the use of some unclaimed S3 buckets in tests and examples. The estimated number of...

Experts Warn of Browser Extensions Spying On Users via Cloud9 Chrome Botnet Network

The Keksec threat actor has been linked to a previously undocumented malware strain, which has been observed in the wild masquerading as an extension for Chromium-based web browsers to enslave compromised machines into a botnet. Called Cloud9 by security firm Zimperium, the malicious browser add-...

Security Bulletin: IBM Security Guardium is affected by a postgresql-42.0.0.jar vulnerability

Summary IBM Security Guardium has fixed this vulnerability Vulnerability Details CVEID:CVE-2020-13692 DESCRIPTION: PostgreSQL JDBC Driver could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity XXE error when processing XML data. By sending...

Bidder can abuse the bidIndices[] in finalize()

Lines of code Vulnerability details Impact finalize could be called by anyone, and the input array bidIndices is not sanity checked. Some malicious bidder can trick the bidIndices to always get the reserveQuotePerBase price. The seller would incur some loss. The other bidders are grieved, wasting...

Microsoft Excel 安全漏洞

Microsoft Excel is a spreadsheet processing software in the Office suite from Microsoft USA. A remote code execution vulnerability exists in Microsoft Excel, which can be exploited by an attacker to execute code on the target host...

CVE-2022-2711 WP All Import < 3.6.9 - Admin+ Directory traversal via file upload

The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vect...

SUSE: Security Advisory (SUSE-SU-2022:3825-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Vulnerabilities in IBM Java affect IBM FlashSystem models FS900 and V9000

Summary Multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI. The Command Line Interface is unaffected. Vulnerability Details CVEID:CVE-2021-35550 DESCRIPTION: An unspecified vulnerability in Java SE related to the JSSE component could...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29427)

Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29425)

Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability

Corel CorelDRAW Graphics Suite is a vector graphics creation tool from Corel. A buffer overflow vulnerability exists in Corel CorelDRAW Graphics Suite, which can be exploited by attackers to execute code in the context of the current process...