PT-2023-18964

Name of the Vulnerable Software and Affected Versions UPX affected versions not specified Description A heap-based buffer overflow issue was discovered in UPX in the PackTmt::pack function in the p tmt.cpp file. The issue allows an attacker to cause a denial of service abort via a crafted file...

CVE-2022-42523

CVE-2022-42523 affects Android’s ril_service_1_6.cpp in the kernel’s RIL stack, with an out-of-bounds write caused by an incorrect bounds check in fillSetupDataCallInfo_V1_6. The vulnerability enables local escalation of privilege with System execution privileges required; exploitation reportedly...

PT-2023-15149

Name of the Vulnerable Software and Affected Versions p7zip version 16.02 Description A heap-buffer-overflow issue was discovered in the function NArchive::NZip::CInArchive::FindCdbool at CPP/7zip/Archive/Zip/ZipIn.cpp. This issue affects the p7zip software. Recommendations For p7zip version 16.0...

OESA-2022-2010 protobuf security update

Security Fixes: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can...

Denial Of Service (DoS)

protobuf-cpp is vulnerable to Denial of Service. The vulnerability exists in multiple functions due to out of memory failures which allows an attacker to cause an application crash via multiple key-value...

CVE-2022-32540

Information Disclosure in Operator Client application in BVMS 10.1.1, 11.0 and 11.1.0 and VIDEOJET Decoder VJD-7513 versions 10.23 and 10.30 allows man-in-the-middle attacker to compromise confidential video stream. This is only applicable for UDP encryption when target system contains cameras wi...

AZL-13172 CVE-2022-1941 affecting package mysql for versions less than 8.0.40-1

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of...

AZL-13174 CVE-2022-1941 affecting package protobuf for versions less than 3.17.3-3

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of...

AZL-35018 CVE-2022-1941 affecting package mysql for versions less than 8.0.40-1

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of...

AZL-35147 CVE-2022-1941 affecting package pytorch for versions less than 2.2.2-2

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of...

UBUNTU-CVE-2022-1941

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of...

Google protobuf 安全漏洞

Google protobuf is a data exchange format from Google Inc. in the United States. A security vulnerability exists in Google protobuf protobuf-cpp and protobuf-python, which stems from an out-of-memory OOM fault triggered during the processing of a specially crafted message, resulting in a denial o...

CVE-2022-1941 Out of Memory issue in ProtocolBuffers for cpp and python

A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of...

UBUNTU-CVE-2022-35090

SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via asanmemcpy at /asan/asaninterceptorsmemintrinsics.cpp:...

CVE-2022-35010

PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via asaninterceptorsmemintrinsics.cpp...

CVE-2022-35008

PNGDec commit 8abf6be was discovered to contain a stack overflow via /linux/main.cpp...

Security Bulletin: Multiple security vulnerabilities found in open source code that is shipped with IBM Security Verify Access

Summary Source code scanning has found several open source vulnerabilites in the IBM Security Verify Access product. Verify Access has updated the packages as required. Vulnerability Details CVEID: CVE-2018-20574 DESCRIPTION: yaml-cpp is vulnerable to a denial of service, caused by an error in th...

Orwell-Dev-Cpp Hijacking Vulnerability

Orwell-Dev-Cpp is a free, portable, fast and simple C/C++ IDE. A hijacking vulnerability exists in Orwell-Dev-Cpp v5.11, which can be exploited by an attacker to execute arbitrary code via a specially crafted exe file...

CVE-2022-33036

A binary hijack in Embarcadero Dev-CPP v6.3 allows attackers to execute arbitrary code via a crafted .exe file...

CVE-2022-33037

A binary hijack in Orwell-Dev-Cpp v5.11 allows attackers to execute arbitrary code via a crafted .exe file...