Siemens Simcenter Femap JT File Parsing Uninitialized Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Simcenter Femap. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

CVE-2022-3358

A flaw was found in OpenSSL, where it incorrectly handles legacy custom ciphers passed to the EVPEncryptInitex2, EVPDecryptInitex2 and EVPCipherInitex2 functions as well as other similarly named encryption and decryption initialization functions. Instead of using the custom cipher directly, it...

Altair HyperView Player H3D File Parsing Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Altair HyperView Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

USN-5678-1: Linux kernel vulnerabilities

It was discovered that the SUNRPC RDMA protocol implementation in the Linux kernel did not properly calculate the header size of a RPC message payload. A local attacker could use this to expose sensitive information kernel memory. CVE-2022-0812 Moshe Kol, Amit Klein and Yossi Gilad discovered tha...

CVE-2022-3358

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

Huawei EulerOS: Security Advisory for python-pillow (EulerOS-SA-2022-2532)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Excessive grant frame usage in Windows xenbus drivers after version 9.1.3

A VM with 2 VBD, 8 vCPUs, 7 VIFs may consume over 90 grant tables, but ONLY consume 26grant tables when running with xen PV driver version 9.1.2. It will lead to virtual NIC initialization failure issue after Windows VM startup. Device manager shows NICs are notinitialized: Setupapi.log : Device...

The vulnerability of the bpf_sys_bpf() function in the Linux operating system’s BPF subsystem allows a hacker to gain unauthorized access to protected information.

The vulnerability of the bpfsysbpf function in the Linux kernel’s BPF subsystem stems from the operation of pushing data out of the buffer into memory during pointer initialization. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...

After pool is initialized, user can perform a sandwich attack through front-running and back-running mint transaction by calling swap function twice to manipulate initial price to be much different than market price and gain much more of output token than expected

Lines of code Vulnerability details Impact After the following initialize function is called, the pool does not own any of the tokens at that moment since the mint function below is not called yet. When the mint transaction is sent, a malicious user can notice it in the mempool and front-run it b...

[NAZ-M3] initialize() Can be Front-Run

Lines of code Vulnerability details Impact AlgebraPool.sol is deployed and initialized in two different transactions. This allows an attacker to be able front-run the AlgebraPool.sol's initialize after it's deployed. Proof of Concept The attacker can do this for two different reasons: 1. Price =...

Upstash Adapter missing token verification

Impact Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected. Description The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checking for the identifier when verifying the token in t...

GHSA-4RXR-27MM-MXQ9 Upstash Adapter missing token verification

Impact Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected. Description The Upstash Redis adapter implementation did not check for both the identifier email and the token, but only checking for the identifier when verifying the token in t...

Autodesk AutoCAD PDF File Parsing Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PD...

Vulnerability in OpenSSL - Using a Custom Cipher with NID_undef may lead to NULL encryption

OpenSSL supports creating a custom cipher via the legacy EVPCIPHERmethnew function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0...

Design/Logic Flaw

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

CVE-2022-39263 NextAuth.js Upstash Adapter missing token verification

@next-auth/upstash-redis-adapter is the Upstash Redis adapter for NextAuth.js, which provides authentication for Next.js. Applications that use next-auth Email Provider and @next-auth/upstash-redis-adapter before v3.0.2 are affected by this vulnerability. The Upstash Redis adapter implementation...

UBUNTU-CVE-2022-40959

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

CVE-2022-40959

During iframe navigation, certain pages did not have their FeaturePolicy fully initialized leading to a bypass that leaked device permissions into untrusted subdocuments. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...

Ubuntu: Security Advisory (USN-5644-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: Bypassing FeaturePolicy restrictions on transient pages

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that certain pages did not have their FeaturePolicy fully initialized during iframe navigation, leading to a bypass that leaked device permissions into untrusted subdocuments...