120 matches found
freerdp -- multiple vulnerabilities
FreeRDP reports: GHSA-5w4j-mrrh-jjrm: Out of bound read in zgfx decoder. GHSA-99cm-4gw7-c8jh: Undefined behaviour in zgfx decoder. GHSA-387j-8j96-7q35: Division by zero in urbdrc channel. GHSA-mvxm-wfj2-5fvh: Missing length validation in urbdrc channel. GHSA-qfq2-82qr-7f4j: Heap buffer overflow i...
USN-5686-1 git vulnerabilities
Cory Snider discovered that Git incorrectly handled certain symbolic links. An attacker could possibly use this issue to cause an unexpected behaviour. CVE-2022-39253 Kevin Backhouse discovered that Git incorrectly handled certain command strings. An attacker could possibly use this issue to...
SUSE SLED12 / SLES12 Security Update : ImageMagick (SUSE-SU-2022:3138-1)
The remote SUSE Linux SLED12 / SLEDSAP12 / SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3138-1 advisory. - An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c...
GHSA-C439-CHV8-8G2J `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...
RUSTSEC-2022-0052 `os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
The ossocketaddr crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. These layout were changed into idiomatic rust...
CVE-2021-20224
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead t...
CVE-2021-20224
An integer overflow issue was discovered in ImageMagick's ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values outside the range of representable for the 'unsigned char'. When ImageMagick processes a crafted pdf file, this could lead t...
CVE-2022-31180
Shescape is a simple shell escape package for JavaScript. Affected versions were found to have insufficient escaping of white space when interpolating output. This issue only impacts users that use the escape or escapeAll functions with the interpolation option set to true. The result is that if ...
Malicious code in @atlasmonorepo/atlas-custom-behaviour (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 241e90046a2f4135dcc138d96ad982737c720bd59ec8eaabec8140551267660b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-87 Malicious code in @atlasmonorepo/atlas-custom-behaviour (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 241e90046a2f4135dcc138d96ad982737c720bd59ec8eaabec8140551267660b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in atlas-custom-behaviour (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 172632abe6319080d07f94e343d1a3fdf400a1df4042c7d8a1e9af0de5ce3287 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1157 Malicious code in atlas-custom-behaviour (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 172632abe6319080d07f94e343d1a3fdf400a1df4042c7d8a1e9af0de5ce3287 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Upgraded Q -> M from 225 [1655746069175]
Judge has assessed an item in Issue 225 as Medium risk. The relevant finding follows: C4-010 : The Dutch Auction Parameters Can be Manipulated By Owner After The Auction Started - LOW Impact - LOW Dutch Auction parameters can be changed by a malicious owner, after It is started. The malicious own...
Emotet Testing New Delivery Ideas After Microsoft Disables VBA Macros by Default
The threat actor behind the prolific Emotet botnet is testing new attack methods on a small scale before co-opting them into their larger volume malspam campaigns, potentially in response to Microsoft's move to disable Visual Basic for Applications VBA macros by default across its products. Calli...
OPENSUSE-SU-2021:4063-1 Security update for icu.691
This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. jscSLE-17893 - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as...
Security update for icu.691 (important)
openSUSE Security Update: Security update for icu.691 Announcement ID: openSUSE-SU-2021:4063-1 Rating: important References: 1158955 1159131 1161007 1162882 1167603 1182252 1182645 SLE-17893 Affected Products: openSUSE Leap 15.3 An update that contains security fixes and contains one feature can...
CVE-2020-25717
A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation...
CVE-2021-41135
The Cosmos-SDK is a framework for building blockchain applications in Golang. Affected versions of the SDK were vulnerable to a consensus halt due to non-deterministic behaviour in a ValidateBasic method in the x/authz module. The MsgGrant of the x/authz module contains a Grant field which includ...
Unsound casting in flatbuffers
The implementation of impl Follow for bool allows to reinterpret arbitrary bytes as a bool. In Rust bool has stringent requirements for its in-memory representation. Use of this function allows to violate these requirements and invoke undefined behaviour in safe code...