Cookie Injection

react/http is vulnerable to cookie injection. The vulnerability exists due to a lack of sanitization in the decode function in urldecode in Message/ServerRequest.php allowing an attacker to counterfeit cookies...

Amazon Linux 2022 : php, php-bcmath, php-cli (ALAS2022-2022-073)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-073 advisory. A flaw was found in php. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup LanguageXML entity. A special character could allow an attacker to...

PT-2022-37237 · Libraw · Libraw

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the fuji decode strip and fuji decode loop functions within the LibRaw library...

PT-2022-6944 · Libraw +3 · Libraw +3

Name of the Vulnerable Software and Affected Versions: LibRaw affected versions not specified Description: The issue is related to an out-of-bounds read that can occur within the simple decode row function, specifically in the x3f utils patched.cpp component of the LibRaw image processing library...

Ox4Shell - Deobfuscate Log4Shell Payloads With Ease

Deobfuscate Log4Shell payloads with ease. Description Since the release of the Log4Shell vulnerability CVE-2021-44228, many tools were created to obfuscate Log4Shell payloads, making the lives of security engineers a nightmare. This tool intends to unravel the true contents of obfuscated Log4Shel...

PT-2022-7389 · Atlassian +5 · Confluence +5

Name of the Vulnerable Software and Affected Versions: decode-uri-component version 0.2.0 Confluence Data Center versions 7.0.1 through 9.0.x Description: The issue is related to improper input validation, which can result in a denial of service DoS. This can be exploited by a remote attacker,...

PT-2022-7546 · Hdf5 +2 · Hdf5 +2

Name of the Vulnerable Software and Affected Versions: HDF5 versions 1.14.3 and earlier Description: The issue is related to a stack buffer overflow in the H5R decode heap function of the HDF5 library. This overflow can cause corruption of the instruction pointer, leading to denial of service or...

PT-2022-7544 · Hdf5 +4 · Hdf5 +4

Name of the Vulnerable Software and Affected Versions: HDF5 versions prior to 1.14.4 Description: The issue is related to a buffer overflow in the H5O linfo decode function of the HDF5 library, which can lead to a denial of service or potentially allow for code execution. This occurs due to the...

CVE-2022-38230

XPDF commit ffaf11c was discovered to contain a floating point exception FPE via DCTStream::decodeImage at /xpdf/Stream.cc...

CVE-2022-35011

PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflatefast at /src/inffast.c...

UBUNTU-CVE-2022-38230

XPDF commit ffaf11c was discovered to contain a floating point exception FPE via DCTStream::decodeImage at /xpdf/Stream.cc...

XPDF 安全漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF has a security vulnerability that originates from DCTStream::decodeImage in /xpdf/Stream.cc contains a floating point exception FPE...

JPEGDEC 安全漏洞

JPEGDEC is a JPEG decoder optimized for Arduino by the individual developer Larry Bank. JPEGDEC suffers from a security vulnerability that originates from a global buffer overflow in the JPEGDecodeMCU module of the /src/jpeg.inl file...

CVE-2022-30635

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

CVE-2022-30635 Stack exhaustion when decoding certain messages in encoding/gob

Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures...

Possible signature replay in updateTaskHash() and updateProjectHash() function

Lines of code Vulnerability details Impact In updateProjectHash function, the data encoded only hash and nonce value but not the projectAddress. In case builder had 2 or more projects, the signature that builder used in updateProjectHash can also be used in other projects by attackers. bytes memo...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

PT-2022-37155 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow WRITE 4 crash type. The crash state involves functions such as decode preR13 section hdr, decode preR13, a...

golang: encoding/gob: stack exhaustion in Decoder.Decode

A flaw was found in golang. When calling Decoder, Decode on a message that contains deeply nested structures, a panic can occur due to stack exhaustion and allows an attacker to impact system availability...

OESA-2022-1783 golang security update

The Go Programming Language Security Fixes: When httputil.ReverseProxy.ServeHTTP was called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation. In the more...