7654 matches found
WordPress Simple File List cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Simple File List versions prior to 4.4.12 are vulnerable to cross-site request forgery, which stems...
ruby: buffer overflow in CGI.escape_html
A flaw was found in the ruby. This issue occurs due to improper bounds checking by a buffer overrun in CGI.escapehtml. By sending an overly long string using the sizet parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system...
CVE-2022-36360
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker t...
The amount of an ERC1155 token should be checked.
Lines of code Vulnerability details Impact For NFT token of type ERC1155, there may be multiple tokens with the same tokenId. Therefore, when processing orders of type ERC1155, it is necessary to check not only whether the tokenId of the NFT for both buyers and sellers are matched, but also the...
Multiple MediaTek chip ril denial-of-service vulnerabilities
MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them available worldwide each year...
Multiple MediaTek chip wlan local privilege elevation vulnerabilities
MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices a year with MediaTek chips built into them available around the world...
MediaTek 芯片输入验证错误漏洞
MediaTek Inc. is the world's fourth largest fab semiconductor company and a market leader in mobile devices, smart home applications, wireless connectivity technologies and IoT products, with approximately 1.5 billion devices with MediaTek chips built into them available worldwide each year...
SUSE SLES12: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:3492-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3492-1 advisory. Updated to version 2.36.8 bsc1203530: - CVE-2022-32886: Fixed a buffer overflow issue that could potentially lead to code execution...
USN-5619-1: LibTIFF vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Canonical Ubuntu 18.04 Description It was discovered that LibTIFF was not properly performing the calculation of data that would eventually be used as a reference for bound-checking operations. An attacker could...
AIX is vulnerable to denial of service due to zlib and zlibNX
IBM SECURITY ADVISORY First Issued: Wed Sep 28 13:38:50 CDT 2022 The most recent version of this document is available here: http://aix.software.ibm.com/aix/efixes/security/zlibadvisory.asc https://aix.software.ibm.com/aix/efixes/security/zlibadvisory.asc...
SUSE SLES15: libjavascriptcoregtk-4_0-18 / libwebkit2gtk-4_0-37 / etc (SUSE-SU-2022:3352-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3352-1 advisory. - CVE-2022-32893: Fixed processing maliciously crafted web content may lead to arbitrary code execution bsc1202807. Bugfixes: - Fixed...
SUSE SLED15: libjavascriptcoregtk-4_0-18 / libjavascriptcoregtk-4_0-18-32bit / etc (SUSE-SU-2022:3351-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3351-1 advisory. - CVE-2022-32893: Fixed several crashes and rendering issues bsc1202807. - Fixed WebKitGTK not allow to b...
CVE-2022-32817
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory...
CVE-2022-32799
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information...
CVE-2022-32787
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code...
CVE-2022-32787
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code...
CVE-2022-32799
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Monterey 12.5. A user in a privileged network position may be able to leak sensitive information...
Information disclosure
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-005 Catalina, macOS Big Sur 11.6.8, macOS Monterey 12.5. Processing a maliciously crafted Postscript file may result in unexpected app termination or disclosure of process memory...
Design/Logic Flaw
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, watchOS 8.7, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. Processing maliciously crafted web content may lead to arbitrary code...
Design/Logic Flaw
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to disclose kernel memory...