Design/Logic Flaw

Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe...

CVE-2022-28999

CVE-2022-28999 concerns Dev-CPP v4.9.9.2 where insecure permissions in the installation directories and binaries (notably devcpp.exe) allow overwriting the binary to execute arbitrary code. Affected software: Dev-CPP 4.9.9.2. Root cause: insecure install/public write permissions enabling tamperin...

Embarcadero Technologies Dev-CPP 安全漏洞

Embarcadero Technologies Dev-CPP is a free, all-in-one development environment for C/C++ development from Embarcadero Technologies, USA. A security vulnerability exists in Embarcadero Technologies Dev-CPP version v4.9.9.2, which stems from insecure permissions in the installation directory and...

CVE-2022-1795

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV...

Design/Logic Flaw

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV...

CVE-2022-1795

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV...

CVE-2022-1795 Use After Free in gpac/gpac

Use After Free in GitHub repository gpac/gpac prior to v2.1.0-DEV...

Out-of-bound Reads

linux kernel is vulnerable to out-of bound reads. The vulnerability exists in drivers/usb/gadget/legacy/inode.c due to mishandling in dev-buf release which allows an attacker to cause an application crash...

GHSA-FH35-P8PH-P545 Silverstripe CMS Open Redirect

Open redirect vulnerability in SilverStripe CMS & Framework 3.1.13 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the returnURL parameter to dev/build...

GHSA-VPCV-78CP-WHR3 Use after free in Apache Mesos

When handling a libprocess message wrapped in an HTTP request, libprocess in Apache Mesos before 1.1.3, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.0-dev crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore...

@financialforcedev/orizuru-auth (=3.0.4), @kognifai/oidc-provider-fork (=2.5.1) +7 more potentially affected by CVE-2018-0114 via node-jose (=0.10.0)

node-jose NPM version =0.10.0 is affected by a known vulnerability. The following packages have a transitive dependency on node-jose and may be impacted: - @financialforcedev/orizuru-auth =3.0.4 - @kognifai/oidc-provider-fork =2.5.1 - @kognifai/poseidon-dev-host =2.0.0, =0.0.1, =2.4.0, =1.16.0,...

Denial of service

In GPAC 2.1-DEV-rev87-g053aae8-master, function BSReadByte in utils/bitstream.c has a failed assertion, which causes a Denial of Service. This vulnerability was fixed in commit 9ea93a2...

CVE-2022-29339

CVE-2022-29339 affects GPAC 2.1-DEV-rev87-g053aae8-master; the Denial of Service is caused by a failed assertion in BS_ReadByte() within utils/bitstream.c. The vulnerability is mitigated by the fix introduced in commit 9ea93a2 (upstream GPAC). Exploitation details beyond this are not provided in ...

EulerOS Virtualization 2.9.0 : openssl (EulerOS-SA-2022-1635)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of...

EulerOS Virtualization 2.9.1 : openssl (EulerOS-SA-2022-1612)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - There is a carry propagation bug in the MIPS32 and MIPS64 squaring procedure. Many EC algorithms are affected, including some of...

Mageia: Security Advisory (MGASA-2022-0158)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Remote Code Execution (RCE)

chrome is vulnerable to remote code execution. The vulnerability exists due to Insufficient data validation in Dev Tools which allows an attacker to bypass content security policy via a malicious HTML page...

Chromium: CVE-2022-1500 Insufficient data validation in Dev Tools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Chromium: CVE-2022-1493 Use after free in Dev Tools

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

KLA12519 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions, gain privileges, spoof user interface. Below is a complete list of vulnerabilities: 1. Use after free...