Security Bulletin: Enterprise Content Management System Monitor is affected by a vulnerability CVE-2021-37136 in Netty netty-codec

Summary Vulnerability found in Netty netty-codec component used by Enterprise Content Management System Monitor. Enterprise Content Management System Monitor has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2021-37136 DESCRIPTION: Netty netty-codec is vulnerable to a denial of...

PT-2022-33331 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to a page fault in the snd hda codec shutdown function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...

PT-2022-33486 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.5 through v5.19.1 Description: A refcount leak was discovered in the cros ec codec platform probe function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel version...

Security Bulletin: IBM InfoSphere Identity Insight vulnerabilities in third party libraries (CVE-2021-39239, CVE-2022-23308, CVE-2021-29424, CVE-2020-15250, 177835)

Summary A vulnerability in the libxml2 library can cause a denial of service in IBM InfoSphere Identity Insight. Other vulnerabilities that do not impact Identity Insight are present in four libraries that are currently included with the product but not used. Vulnerability Details...

netty: control chars in header names may lead to HTTP request smuggling

A flaw was found in Netty, specifically in the netty-codec-http package. This flaw allows unauthorized control characters at the beginning and end of a request, does not follow the specification, and can cause HTTP request smuggling...

Security Bulletin: IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j and issues in other open source components (CVE-2021-4104)

Summary IBM Security Identity Manager virtual appliance is vulnerable to arbitrary code execution due to Apache Log4j CVE-2021-4104. Apache Log4j is used by IBM Security Identity Manager virtual appliance as part of its logging infrastructure. This fix upgrades to Apache Log4j v2.17.1, as well as...

CVE-2022-26428

In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260...

CVE-2022-26428

In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260...

CVE-2022-26428

In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260...

Race condition

In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260...

CVE-2022-26428

In video codec, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06521260; Issue ID: ALPS06521260...

CVE-2022-26428

CVE-2022-26428 describes a race condition in the MediaTek video codec that can cause memory corruption and local privilege escalation. The vulnerability is triggered without user interaction and requires local access with high privileges; the base CVSSv3.1 vector indicates Local attack, High atta...

PT-2022-17836 · Unknown · Video Codec

Name of the Vulnerable Software and Affected Versions: Video codec affected versions not specified Description: The issue is related to a possible memory corruption due to a race condition in the video codec. This could lead to local escalation of privilege, with System execution privileges neede...

MediaTek video codec 竞争条件问题漏洞

MediaTek video codec is a video codec from MediaTek, a Chinese company. The MediaTek video codec is vulnerable to a race condition issue, which stems from a race condition that could lead to memory corruption. This could result in a local privilege escalation that requires system execution...

EulerOS 2.0 SP10 : libsndfile (EulerOS-SA-2022-2160)

According to the versions of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via...

EulerOS 2.0 SP10 : libsndfile (EulerOS-SA-2022-2135)

According to the versions of the libsndfile package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file via...

Huawei EulerOS: Security Advisory for libsndfile (EulerOS-SA-2022-2160)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5472-1: FFmpeg vulnerabilities | Cloud Foundry

usn-5472-1 Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Description It was discovered that FFmpeg would attempt to divide by zero when using Linear Predictive Coding LPC or AAC codecs. An attacker could possibly use this issue to cause a denial of service. This...

CVE-2022-27937

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264...

CVE-2022-27937

Pexip Infinity before 27.3 allows remote attackers to trigger excessive resource consumption via H.264...