DEBIAN-CVE-2022-31003

Sofia-SIP is an open-source Session Initiation Protocol SIP User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, rest = record + 2 will access the memory behind \0 and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causin...

PT-2022-2722

Name of the Vulnerable Software and Affected Versions Microsoft Office versions prior to the fixed version Microsoft Windows Support Diagnostic Tool MSDT affected versions not specified Microsoft Windows Server 2012, Microsoft Windows 10, Microsoft Windows 8.1, Microsoft Windows Server 2016,...

Argo CD will blindly trust JWT claims if anonymous access is enabled

Impact A critical vulnerability has been discovered in Argo CD which would allow unauthenticated users to impersonate as any Argo CD user or role, including the admin user, by sending a specifically crafted JSON Web Token JWT along with the request. In order for this vulnerability to be exploited...

CVE-2022-29189 Buffer for inbound DTLS fragments has no limit

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, a buffer that was used for inbound network traffic had no upper limit. Pion DTLS would buffer all network traffic from the remote user until the handshake completes or timed out. An attacker could explo...

CVE-2022-29190 Header reconstruction method can be thrown into an infinite loop in Pion DTLS

Pion DTLS is a Go implementation of Datagram Transport Layer Security. Prior to version 2.1.4, an attacker can send packets that sends Pion DTLS into an infinite loop when processing. Version 2.1.4 contains a patch for this issue. There are currently no known workarounds available...

CVE-2022-29198 Missing validation causes denial of service in TensorFlow via `SparseTensorToCSRSparseMatrix`

TensorFlow is an open source platform for machine learning. Prior to versions 2.9.0, 2.8.1, 2.7.2, and 2.6.4, the implementation of tf.rawops.SparseTensorToCSRSparseMatrix does not fully validate the input arguments. This results in a CHECK-failure which can be used to trigger a denial of service...

CVE-2022-29177 DoS via malicious p2p message in Go-Ethereum

Go Ethereum is the official Golang implementation of the Ethereum protocol. Prior to version 1.10.17, a vulnerable node, if configured to use high verbosity logging, can be made to crash when handling specially crafted p2p messages sent from an attacker node. Version 1.10.17 contains a patch that...

CVE-2022-24394

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “updatecheckfile” value for the “filename” parameter. The vulnerability could allow a specially crafted HTTP request to execute system commands on the CommandPost...

Cross site scripting

A remote cross-site scripting xss vulnerability was discovered in HPE OneView versions: Prior to 7.0. HPE has provided a software update to resolve this vulnerability in HPE OneView...

Improper kubeconfig validation allows arbitrary code execution

Flux2 can reconcile the state of a remote cluster when provided with a kubeconfig with the correct access rights. Kubeconfig files can define commands to be executed to generate on-demand authentication tokens. A malicious user with write access to a Flux source or direct access to the target...

openSUSE 15 Security Update : php-composer (openSUSE-SU-2022:0132-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0132-1 advisory. - Composer is an open source dependency manager for the PHP language. In affected versions windows users running Composer to install...

Remote code execution

Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a callsignCommand, which is used to obtain...

PT-2022-18712 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader versions prior to 12.0.1 Foxit PDF Editor versions prior to 12.0.1 Description: The issue allows an exportXFAData NULL pointer dereference. Recommendations: For Foxit PDF Reader versions prior to 12.0.1, update to version...

PT-2022-13929 · Matio +4 · Matio +4

Name of the Vulnerable Software and Affected Versions: matio versions 1.5.21 and earlier Description: A memory leak was discovered in the Mat VarReadNextInfo5 function in mat5.c via a crafted file, potentially resulting in Denial of Service DoS. Recommendations: For matio versions 1.5.21 and...

16k.de Cross Site Scripting vulnerability OBB-2532592

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

SUSE-SU-2022:1252-1 Security update for openjpeg2

This update for openjpeg2 fixes the following issues: - CVE-2018-5727: Fixed integer overflow vulnerability in theopjt1encodecblks function bsc1076314. - CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opjj2ksetupencoder function bsc1076967. - CVE-2018-6616: Fixe...

urijs: Authorization Bypass Through User-Controlled Key

A flaw was found in urijs due to the fix of CVE-2021-3647 not considering case-sensitive protocol schemes in the URL. This issue allows attackers to bypass the patch...

rochellesellsyourhome.com Cross Site Scripting vulnerability OBB-2515696

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-JM35-H8Q2-73MP Improper one time password handling in devise-two-factor

Impact As a result of an incomplete fix for CVE-2015-7225, in versions of devise-two-factor prior to 4.0.2 it is possible to reuse a One-Time-Password OTP for one and only one immediately trailing interval. Patches This vulnerability has been patched in version 4.0.2 which was released on March...

CVE-2022-24785 Path Traversal in Moment.js

Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm server users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly used to switch moment locale. This...