PT-2022-10072 · Exemsi · Exemsi Msi Wrapper

Name of the Vulnerable Software and Affected Versions: EXEMSI MSI Wrapper versions prior to 10.0.50 Description: The issue introduces a local privilege escalation vulnerability in installers created by the affected software. Recommendations: For versions prior to 10.0.50, update to version 10.0.5...

CVE-2021-32415

EXEMSI MSI Wrapper Versions prior to 10.0.50 and at least since version 6.0.91 will introduce a local privilege escalation vulnerability in installers it creates...

PT-2023-1000 · Google +7 · Android Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Android kernel affected versions not specified Description: The issue is related to a logic error in the code of efi rt asm wrapper in efi-rt-wrapper.S, which could lead to a bypass of shadow stack...

PT-2022-28181 · Packagist · Phpxmlrpc/Phpxmlrpc

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue involves code injection in the Wrapper::buildClientWrapperCode function through manipulation of the $client argument. This allows an attacker to force the client to access loc...

DEBIAN-CVE-2009-1142

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled...

Design/Logic Flaw

An issue was discovered in open-vm-tools 2009.03.18-154848. Local users can gain privileges via a symlink attack on /tmp files if vmware-user-suid-wrapper is setuid root and the ChmodChownDirectory function is enabled...

VMware open-vm-tools 后置链接漏洞

VMware open-vm-tools is a set of services and modules from VMware, Inc. It includes kernel modules to enhance the performance of virtual machines running Linux or other VMware-supported Unix-like guest operating systems. A security vulnerability exists in VMware open-vm-tools version...

Rocky Linux 8 : php:7.4 (RLSA-2022:6542)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6542 advisory. - ArchiveTar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack such as file:// to...

Archive_Tar: improper filename sanitization leads to file overwrites

A flaw was found in the ArchiveTar package. PEAR ArchiveTar could allow a local authenticated attacker to bypass security restrictions caused by a stream-wrapper attack. An attacker can overwrite arbitrary files on the system using a specially-crafted tar archive...

Exploit for Argument Injection in Zmanda Amanda

Suggested description A privilege escalation flaw was foun...

GHSA-WHPX-Q3RQ-W8JC Hardening of TypedArrays with non-canonical numeric property names in SES

Impact What kind of vulnerability is it? Who is impacted? In Hardened JavaScript, programs can harden objects to safely share objects with co-tenant programs without risk of these other programs tampering with their API surface. Hardening does not guarantee that objects are pure or immutable, so ...

TCPDF vulnerable to attackers triggering deserialization of arbitrary data

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

GHSA-5HW4-M7F3-HHX8 TCPDF vulnerable to attackers triggering deserialization of arbitrary data

An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper...

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

DEBIAN-CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

UBUNTU-CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...

PT-2022-6920 · Atlassian +4 · Bitbucket Data Center/Server +9

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.4.0-rc1 through 2.12.7.1 FasterXML jackson-databind versions 2.13.x through 2.13.4.1 Bamboo Data Center and Server versions 9.1.0 through 9.2.4 Bamboo Data Center and Server versions 9.3.0 through 9.3.2...

CVE-2022-42003

In FasterXML jackson-databind before versions 2.13.4.1 and 2.12.17.1, resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAPSINGLEVALUEARRAYS feature is enabled...