CVE-2022-1172

Null Pointer Dereference Caused Segmentation Fault in GitHub repository gpac/gpac prior to 2.1.0-DEV...

CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

CVE-2022-0343

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

Design/Logic Flaw

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

CVE-2022-0343

CVE-2022-0343 affects Perfetto Dev scripts. A local attacker who can run the dev server (./tools/run-dev-server) may trigger HTTP requests to 127.0.0.1:10000, enabling a local privilege/escalation scenario. The issue is tied to the dev-server workflow rather than a remote vector. Remediation: upg...

CVE-2022-0343 Local Priviledge escalation in Perfetto Dev scripts

A local attacker, as a different local user, may be able to send a HTTP request to 127.0.0.1:10000 after the user typically a developer manually invoked the ./tools/run-dev-server script. It is recommended to upgrade to any version beyond 24.2...

Google perfetto 安全漏洞

Google perfetto is a Google Inc. program for collecting performance information on Android devices via the Android Debug Bridge ADB. Google perfetto suffers from a security vulnerability that originates when a user usually a developer manually invokes the . /tools/run-dev-server script can send...

dev-smt.netstream.ch Cross Site Scripting vulnerability OBB-2451865

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

DEV-0537 criminal actor targeting organizations for data exfiltration and destruction

March 24, 2022 update - As Microsoft continues to track DEV-0537’s activities, tactics, and tools, were sharing new detection, hunting, and mitigation information to give you additional insights on remaining vigilant against these attacks. In recent weeks, Microsoft Security teams have been...

CVE-2022-1035

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV...

CVE-2022-1035

GPAC: CVE-2022-1035 is a segmentation fault in MP4Box -lsr affecting gpac/gpac prior to 2.1.0-DEV. Connected sources indicate GPAC multiple-vulnerability advisories across Debian and Gentoo and confirm remediation via upgrading to newer GPAC versions (e.g., Gentoo GL SA recommends >= gpac-2.2....

CVE-2022-1035 Segmentation Fault caused by MP4Box -lsr in gpac/gpac

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV...

GPAC 代码问题漏洞

GPAC is an open-source multimedia framework. there is a security vulnerability in MP4Box before GPAC version 2.1.0-DEV, and no detailed vulnerability details are available...

CVE-2022-1035 Segmentation Fault caused by MP4Box -lsr in gpac/gpac

Segmentation Fault caused by MP4Box -lsr in GitHub repository gpac/gpac prior to 2.1.0-DEV...

PT-2022-3211 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak flaw was found in the Linux kernel in the acrn dev ioctl function in the drivers/virt/acrn/hsm.c file, related to how the ACRN Device Model emulates virtual NICs in VM...

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-dev-spaces (>=3.0.0 <=3.0.3) potentially affected by CVE-2022-27208 via org.jenkins-ci.plugins:kubernetes-cd (>=0.1.0 <=0.2.3)

org.jenkins-ci.plugins:kubernetes-cd MAVEN version =0.1.0, =0.1.0, =3.0.0, =3.0.3 Source cves: CVE-2022-27208 Source advisory: OSV:GHSA-FPXQ-W7P9-R924...

org.jenkins-ci.plugins:azure-acs (>=0.1.0 <=0.2.4), org.jenkins-ci.plugins:azure-dev-spaces (>=3.0.0 <=3.0.3) potentially affected by CVE-2022-27211 via org.jenkins-ci.plugins:kubernetes-cd (>=0.1.0 <=0.2.3)

org.jenkins-ci.plugins:kubernetes-cd MAVEN version =0.1.0, =0.1.0, =3.0.0, =3.0.3 Source cves: CVE-2022-27211 Source advisory: OSV:GHSA-794J-HX96-4W3M...

PT-2022-13488 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs versions prior to 0.12.5 Description: The issue is related to Server-Side Request Forgery SSRF in the repository migration functionality of gogs. This allows a malicious user to discover services in the internal network. All installation...

wordpress -- multiple issues

wordpress developers reports: This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. The security team would li...

CVE-2022-0855

CVE-2022-0855 affects microweber-dev/whmcs_plugin prior to version 0.0.4. The root cause is an improper resolution of path equivalence in the plugin, which can enable an open redirect or misrouting of a request. Exploitation details in the connected records describe an open-redirect scenario that...