CVE-2022-44171

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formfastsettingwifiset...

CVE-2022-44176

Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function fromSetRouteStatic...

CVE-2022-44174

Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName...

DOLA can be borrowed without owning any DBR

Lines of code Vulnerability details Impact Although states that "one DBR token gives the right to borrow one DOLA for one year", and states that "a DOLA Fed mints DOLA to a market, which is then available to borrow for users holding DBR, using the Borrow function", users who do not own any DBR ar...

CVE-2022-43045

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gfdumpvrmlsffield at /scenemanager/scenedump.c...

CVE-2022-43044

GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gfisomgetmetaiteminfo at /isomedia/meta.c...

CVE-2022-42086

Tenda AX1803 USAX1803v2.0brv1.0.0.12994CNZGYD014 is vulnerable to Cross Site Request Forgery CSRF via function TendaAteMode...

PT-2022-34834 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.146 Description: The issue is related to a potential stack overflow in the mlxbf i2c smbus start transaction function. The actual impact and attack plausibility have not yet been proven. Recommendations: F...

CVE-2022-40827

B.C. Institute of Technology CodeIgniter =3.1.13 is vulnerable to SQL Injection via system\database\DBquerybuilder.php where function. Note: Multiple third parties have disputed this as not a valid vulnerability...

CVE-2022-2928

In ISC DHCP 4.4.0 - 4.4.3, ISC DHCP 4.1-ESV-R1 - 4.1-ESV-R16-P1, when the function optioncodehashlookup is called from addoption, it increases the option's refcount field. However, there is not a corresponding call to optiondereference to decrement the refcount field. The function addoption is on...

CVE-2022-41846

An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp...

Information disclosure

In 0.10.0 or older versions of Apache Pinot, Pinot query endpoint and realtime ingestion layer has a vulnerability in unprotected environments due to a groovy function support. In order to avoid this, we disabled the groovy function support by default from Pinot release 0.11.0. See...

PT-2022-37232 · Git +1 · Cras

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of Use-of-uninitialized-value. The crash state involves several functions: dbus marshal write basic, dbus type write...

PT-2022-14159 · Zephyrproject +1 · Zephyr

Name of the Vulnerable Software and Affected Versions: No specific software or version is mentioned. Description: The issue occurs in the tcp flags function within the subsys/net/ip/tcp.c file. When the incoming parameter flags is set to ECN or CWR, it causes an out-of-bounds write of a byte with...

CVE-2022-36747

Razor v0.8.0 was discovered to contain a cross-site scripting XSS vulnerability via the function uploadchannel...

CVE-2022-0644

Removed by vendor...

CVE-2022-37094

H3C H200 H200V100R004 was discovered to contain a stack overflow via the function EditBasicSSID5G...

CVE-2022-36469

H3C B5 Mini B5MiniV100R005 was discovered to contain a stack overflow via the function SetAPWifiorLedInfoById...

PT-2022-24101 · Tenda · Tenda Ax1803

Name of the Vulnerable Software and Affected Versions: Tenda AX1803 version 1.0.0.1 Description: A stack overflow issue was discovered in the Tenda AX1803, specifically via the function fromSetRouteStatic. Recommendations: For Tenda AX1803 version 1.0.0.1, consider disabling the fromSetRouteStati...

The vulnerability of the import function in GitHub’s software platform, based on Git, for collaborative code development on GitLab, allows a perpetrator to execute arbitrary code.

The vulnerability of the import function in GitHub’s software platform for Git-based collaborative code development on GitLab is related to insufficient validation of input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code within the target system...