PT-2022-14752 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: In the parameterToHal function of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System...

ALPINE-CVE-2022-42323

Xenstore: Cooperating guests can create arbitrary numbers of nodes This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Since the fix of XSA-322 any Xenstore node owned by a removed domain will be modified to be owned by...

Reentrancy vulnerabilities

Lines of code Vulnerability details Impact A reentrancy attack can occur when the contract fails to update its state before the interaction, the attacker can make a recursive call back to the original function in an attempt to drain funds or token. Proof of Concept Contract Fed.sol. Function...

BELL-CVE-2022-3640 CVE-2022-3640 does not affect BellSoft software

Bulletin has no description...

CVE-2022-42961

An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performing signing operations with private ECC keys, such as in server-side TLS connections, might leak faulty ECC signatures. These signatures can be processed via ...

bind: BIND 9 resolvers configured to answer from cache with zero stale-answer-timeout may terminate unexpectedly

A flaw was found in the Bind package, where the resolver can crash when stale cache and stale answers are enabled, option stale-answer-client-timeout is set to 0 and there is a stale CNAME in the cache for an incoming query. By sending specific queries to the resolver, an attacker can cause named...

CVE-2022-2522

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061...

function mint() in FERC1155 don't follow check-effect-interact pattern, it's possible to call protocol contracts after tokens minted and before totalSupply updated

Lines of code Vulnerability details Impact Function mint mints new fractions for an ID and is only callable by VaultRegistry. code mints tokens then updates totalSupply value. when minting contract may make external call to target address, in that external call contract state is wrong, tokens are...

CVE-2020-36326

PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via addAttachment with a UNC pathname. NOTE: this is similar to CVE-2018-19296, but arose because 6.1.8 fixed a functionality problem in which UNC pathnames were always considered unreadable by PHPMailer, even in...

claimRewards() didnt follow the safe check effect pattern

Judge @GalloDaSballo has assessed the 2nd item in QA Report 230 as Medium risk. The relevant finding follows: … Impact a user can claim a reward by calling the claimRewards, however this function didnt follow the correct check effect pattern, where the zero address is set after making an external...

GHSA-VPGW-FFH3-648H Prototype Pollution in fullpage.js

fullPage utils are available to developers using window.fputils. They can use these utils for their own use-case other than fullPage as well. However, one of the utils deepExtend is vulnerable to Prototype Pollution vulnerability. Javascript is "prototype" language which means when a new "object"...

AlmaLinux 8 : firefox (ALSA-2022:0130)

The remote AlmaLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2022:0130 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reporte...

GHSA-6HR9-4692-FCH9 Withdrawn Advisory: OS Command Injection in effect

Withdrawn Advisory This advisory has been withdrawn because the npm package effect, for which alerts were issued, does not correspond with https://github.com/Javascipt/effect, the repository with the vulnerable code. https://github.com/Javascipt/effect is not in any supported ecosystem...

Withdrawn Advisory: OS Command Injection in effect

Withdrawn Advisory This advisory has been withdrawn because the npm package effect, for which alerts were issued, does not correspond with https://github.com/Javascipt/effect, the repository with the vulnerable code. https://github.com/Javascipt/effect is not in any supported ecosystem...

SUSE SLED15 / SLES15 Security Update : MozillaThunderbird (SUSE-SU-2022:0199-1)

The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0199-1 advisory. - It was possible to construct specific XSLT markup that would be able to bypass an iframe sandbox. This vulnerability affects Firefox...

Hackers Attempt to Exploit New SolarWinds Serv-U Bug in Log4Shell Attacks

Microsoft on Wednesday disclosed details of a new security vulnerability in SolarWinds Serv-U software that it said was being weaponized by threat actors to propagate attacks leveraging the Log4j flaws to compromise targets. Tracked as CVE-2021-35247 CVSS score: 5.3, the issue is an "input...

2022 Planning: Metrics That Matter and Curtailing the Cobra Effect

During the British rule of India, the British government became concerned about the number of cobras in the city of Delhi. The ambitious bureaucrats came up with what they thought was the perfect solution, and they issued a bounty for cobra skins. The plan worked wonderfully at first, as cobra...

Debian DLA-2880-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2880 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory...

Debian DLA-2881-1 : thunderbird - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2881 advisory. - Mozilla developers Calixte Denizet, Kershaw Chang, Christian Holler, Jason Kratzer, Gabriele Svelto, Tyson Smith, Simon Giesecke, and Steve Fink reported memory...

Denial Of Service (DoS)

firefox is vulnerable to denial of service. The vulnerability exists due to a heap-buffer-overflow in blendGaussianBlur allowing an attacker to crash the system by applying a CSS filter effect...