AZL-44748 CVE-2022-4743 affecting package SDL2 for versions less than 2.30.9-1

A potential memory leak issue was discovered in SDL2 in GLESCreateTexture function in SDLrendergles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected...

PT-2023-12769 · Com.Fasterxml · Java-Merge-Sort

Name of the Vulnerable Software and Affected Versions: com.fasterxml.util:java-merge-sort versions prior to 1.1.0 Description: The issue is related to an Insecure Temporary File in the StdTempFileProvider function, located in StdTempFileProvider.java. This function utilizes the permissive...

SDL 安全漏洞

github SDL is a software application. Simple Directmedia Layer A security vulnerability exists in SDL2 that stems from a potential memory leak in the GLESCreateTexture function in SDLrendergles.c, allowing attackers to cause a denial of service...

Insecure Temporary File

Overview com.fasterxml.util:java-merge-sort is a package for basic configurable disk-backed N-way merge sort Affected versions of this package are vulnerable to Insecure Temporary File. in the StdTempFileProvider function in StdTempFileProvider.java, which uses the permissive File.createTempFile...

Malicious code in create-or-update-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 529afddb0ce1c2ffee5a4ae20c89657596df9fb27440956e1f78e8f6b80cb67c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-212 Malicious code in create-or-update-comment (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 529afddb0ce1c2ffee5a4ae20c89657596df9fb27440956e1f78e8f6b80cb67c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2023-16006 · Keycloak +1 · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak where it did not properly check client tokens for possible revocation in its client credential flow. This allows an attacker to access or modify potentially...

CVE-2022-46258

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. The Create or Update file contents API should enforce workflow scope. This vulnerability...

Proxy creation isn't check in deployWallet function of SmartAccountFactory contract

Lines of code Vulnerability details The deployWallet function present in the SmartAccountFactory contract deploys a new wallet by creating a Proxy that points to a base implementation using assembly. function deployWalletaddress owner, address entryPoint, address handler public returnsaddress pro...

PT-2023-10809 · Unknown · Devent Globalpom-Utils

Name of the Vulnerable Software and Affected Versions: devent globalpom-utils versions up to 4.5.0 Description: A critical vulnerability has been found in devent globalpom-utils, affecting the createTmpDir function of the FileResourceManagerProvider.java file. This vulnerability leads to insecure...

EulerOS 2.0 SP9 : expat (EulerOS-SA-2023-1098)

According to the versions of the expat package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In libexpat through 2.4.9, there is a use-after free caused by overeager destruction of a shared DTD in XMLExternalEntityParserCreate in...

Cross-site Scripting (XSS)

github.com/usememos/memos is vulnerable to stored cross-site scriptingXSS attacks. An attacker is able to inject and execute malicious javascript via the create post functionality...

Cross-site Request Forgery (CSRF)

github.com/usememos/memos is vulnerable to cross site request forgery. The vulnerability exists in the NewServer function in server.go, which allows an attacker to manipulate the actions of authenticated users by tricking them into clicking on a malicious link or visiting a malicious website whil...

CVE-2022-45892

In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting XSS vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username...

OpenImageIO Project OpenImageIO IFFOutput wild write vulnerability

Talos Vulnerability Report TALOS-2022-1656 OpenImageIO Project OpenImageIO IFFOutput wild write vulnerability December 22, 2022 CVE Number CVE-2022-43601,CVE-2022-43600,CVE-2022-43599,CVE-2022-43602 SUMMARY Multiple code execution vulnerabilities exist in the IFFOutput::close functionality of...

CVE-2022-4597

A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2022-4597

A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2022-4597 Shoplazza LifeStyle Create Product v2_products cross site scripting

A vulnerability, which was classified as problematic, was found in Shoplazza LifeStyle 1.1. Affected is an unknown function of the file /admin/api/admin/v2products of the component Create Product Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely...

CVE-2022-20537

In createDialog of WifiScanModeActivity.java, there is a possible way for a Guest user to enable location-sensitive settings due to a missing permission check. This could lead to local escalation of privilege from the Guest user with no additional execution privileges needed. User interaction is...

GHSA-GQGQ-784Q-V9XP FeehiCMS Cross Site Scripting vulnerability

Cross Site Scripting XSS vulnerability in FeehiCMS-2.1.1 allows remote attackers to run arbitrary code via the title field of the create article page...