GSD-2022-1006668 usb: gadget: uvc: fix sg handling during video encode

usb: gadget: uvc: fix sg handling during video encode This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.7 by commit...

CVE-2022-3965

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smcencodestream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument ysize leads to out-of-bounds read. The attack can be initiated...

PT-2022-7212 · FFmpeg +2 · Ffmpeg +2

Name of the Vulnerable Software and Affected Versions: FFmpeg affected versions not specified Description: The issue is related to the smc encode stream function in the libavcodec/smcenc.c component of the FFmpeg library. It involves an out-of-bounds read due to the manipulation of the y size...

WP User Frontend < 3.5.29 - Obscure Registration as Admin

The plugin uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpufencryption. This could allow an attacker having access to the AUTHKEY and AUTHSALT constant via an arbitrary file access issue for...

CVE-2022-39350 @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details

@dependencytrack/frontend is a Single Page Application SPA used in Dependency-Track, an open source Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Due to the common practice of providing vulnerability details in markdown format, the...

AZL-11318 CVE-2021-46848 affecting package libtasn1 for versions less than 4.19.0-1

GNU Libtasn1 before 4.19.0 has an ETYPEOK off-by-one array size check that affects asn1encodesimpleder...

Huawei EulerOS: Security Advisory for perl-Encode (EulerOS-SA-2022-2433)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for perl-Encode (EulerOS-SA-2022-2420)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP10 : perl-Encode (EulerOS-SA-2022-2433)

According to the versions of the perl-Encode package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in th...

EulerOS 2.0 SP10 : perl-Encode (EulerOS-SA-2022-2420)

According to the versions of the perl-Encode package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library in th...

Kadence WooCommerce Email Designer < 1.5.7 - Admin+ PHP Objection Injection

The plugin unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog. To simulate a gadget chain, put the following code in a plugin class Evil public...

PT-2022-37310 · Oracle · Java

Name of the Vulnerable Software and Affected Versions: java versions affected versions not specified Description: The issue is related to a security exception. Technical details about the crash include the Parser.parseConditionalExpression function and the CESU 8$Encoder.encodeLoop method in...

Cross-site Scripting (XSS)

craftcms/cms is vulnerable to cross-site scripting. The vulnerability exists because the fldTabHtml and fldFieldSelectorsHtml functions of Cp.php does not properly encode the tab and groupName parameters, allowing an attacker to inject and execute malicious javascript...

Download Monitor < 4.5.98 - Admin+ Arbitrary File Download

The plugin does not ensure that files to be downloaded are inside the blog folders, and not sensitive, allowing high privilege users such as admin to download the wp-config.php or /etc/passwd even in an hardened environment or multisite setup. Create a new download on:...

PT-2022-5380

Name of the Vulnerable Software and Affected Versions GNU Libtasn1 versions prior to 4.19.0 Description The issue is related to an off-by-one error in the asn1 encode simple der function of the Libtasn1 library. This can be exploited by a remote attacker to disclose protected information or cause...

PT-2022-37213 · Git +1 · Opensc

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-double-free crash. Technical details about the crash include the function names sc pkcs15 encode df, sc pkcs15init update...

Security feature bypass

An exponential ReDoS Regular Expression Denial of Service can be triggered in the eth-account PyPI package, when an attacker is able to supply arbitrary input to the encodestructureddata method...

eth_account 安全漏洞

ethaccount is an ethereum account generator. A security vulnerability exists in versions of ethaccount prior to 0.5.9, which can be exploited by an attacker to trigger an exponential ReDoS in the eth-account PyPI package when providing arbitrary input to the encodestructureddata method...

PT-2022-4437 · Pypi · Eth-Account

Name of the Vulnerable Software and Affected Versions: eth-account affected versions not specified Description: The issue is related to an exponential ReDoS Regular Expression Denial of Service that can be triggered in the eth-account PyPI package. This occurs when an attacker is able to supply...

Malicious code in hexie-encode (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d480e2cc2e535605e7caaa7981e20f5ee3d64e5a0629c5196070869acc7e5a8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...