CVE-2022-0544

An integer underflow in the DDS loader of Blender leads to an out-of-bounds read, possibly allowing an attacker to read sensitive data using a crafted DDS image file. This flaw affects Blender versions prior to 2.83.19, 2.93.8 and 3.1...

CVE-2022-25366

Cryptomator through 1.6.5 allows DYLIB injection because, although it has the flag 0x1000 for Hardened Runtime, it has the com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables entitlements. An attacker can exploit this by creating a malicious...

User Interface (UI) Misrepresentation Of Critical Information

next is having User Interface UI Misrepresentation of Critical Information. The vulnerability exists because next.config.js file has images.loader assigned as the default loader configuration, leading to misrepresentation of critical user Information...

MGASA-2022-0074 Updated zxing-cpp packages fix security vulnerability

Buffer overflow vulnerability in function stbiextendreceive in stbimage.h in stb 2.26 via a crafted JPEG file. CVE-2021-28021 An issue was discovered in stb stbimage.h 1.33 through 2.27. The HDR loader parsed truncated end-of-file RLE scanlines as an infinite sequence of zero-length runs. An...

Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0

Next.js is a React framework. Starting with version 10.0.0 and prior to version 12.1.0, Next.js is vulnerable to User Interface UI Misrepresentation of Critical Information. In order to be affected, the next.config.js file must have an images.domains array assigned and the image host assigned in...

@kamilic-pkg/toolbox (>=1.0.0 <=1.1.0), @q7/cli (>=0.0.2 <=0.2.0) +8 more potentially affected by CVE-2022-0748 via post-loader (>=1.1.2 <=2.0.0)

post-loader NPM version =1.1.2, =1.0.0, =0.0.2, =0.0.2, =0.1.0, =0.0.4, =0.0.1, =2.6.21, =0.0.2, =0.0.4 Source cves: CVE-2022-0748 Source advisory: SNYK:JS-POSTLOADER-2403737...

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution which uses a markdown parser in an unsafe way so that any javascript code inside the markdown input files gets evaluated and executed. PoC js const postLoader = require'post-loader' var payload =...

com.btc.ep:btc-embeddedplatform (>=1.9.2-beta <=2.5.9), com.qasymphony.ci.jenkins:qtest (>=1.3.0 <=1.4.6) +16 more potentially affected by CVE-2022-25178 via org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (>=0.1-beta-5 <=2.17)

org.jenkins-ci.plugins.workflow:workflow-cps-global-lib MAVEN version =0.1-beta-5, =1.9.2-beta, =1.3.0, =1.0, =1.0, =1.0, =0.1-beta-5, =1.12.1, =2.2, =1.0.4, =0.1, =1.0, =2.3, =1.0, =1.5 and more Source cves: CVE-2022-25178 Source advisory: OSV:GHSA-5HFV-MG5X-MV32...

Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

GHSA-2HJR-FG6C-V2H6 Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

Iranian state-sponsored APT group MuddyWater targeting organizations via malicious executables

THREAT LEVEL: Red. United States Cyber Command USCYBERCOM has warned of an ongoing cyber attack by Iranian state sponsored actor named as MuddyWater. This APT group is currently targeting Middle Eastern countries and has also targeted European and North American nations. The Iranian-backed...

Elfloader - An Architecture-Agnostic ELF File Flattener For Shellcode

elfloader is a super simple loader for ELF files that generates a flat in-memory representation of the ELF. Pair this with Rust and now you can write your shellcode in a proper, safe, high-level language. Any target that LLVM can target can be used, including custom target specifications for real...

vulkan bug fix and enhancement update

The vulkan packages contain the reference ICD loader and validation layers for Vulkan, a graphics and compute API for cross-platform access to modern GPUs. Bug Fixes and Enhancements: Rebase vulkan-loader in 8.6 BZ2016391 Rebase vulkan-headers in 8.6 BZ2016392 Rebase spirv-headers in 8.6 BZ201639...

ALEA-2022:0354 vulkan bug fix and enhancement update

The vulkan packages contain the reference ICD loader and validation layers for Vulkan, a graphics and compute API for cross-platform access to modern GPUs. Bug Fixes and Enhancements: Rebase vulkan-loader in 8.6 BZ2016391 Rebase vulkan-headers in 8.6 BZ2016392 Rebase spirv-headers in 8.6 BZ201639...

vulkan bug fix and enhancement update

An update is available for spirv-tools, vulkan-loader, vulkan-headers, vulkan-validation-layers, vulkan-tools. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Th...

Mageia: Security Advisory (MGASA-2013-0322)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for zxing-cpp (important)

openSUSE Security Update: Security update for zxing-cpp Announcement ID: openSUSE-SU-2022:0157-1 Rating: important References: 1191743 1191942 1191944 Cross-References: CVE-2021-28021 CVE-2021-42715 CVE-2021-42716 CVSS scores: CVE-2021-28021 NVD : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H...

PT-2022-3811

Name of the Vulnerable Software and Affected Versions CentOS Web Panel versions prior to 0.9.8.1107 Description The issue is related to incorrect handling of code generation in CentOS Web Panel, allowing a remote attacker to execute arbitrary code using a specially crafted request. An...

OPENSUSE-SU-2022:0018-1 Security update for stb

This update for stb fixes the following issues: - CVE-2021-42716: fixed buffer overflow in stbimage PNM loader boo1191743...

Security update for stb (important)

openSUSE Security Update: Security update for stb Announcement ID: openSUSE-SU-2022:0018-1 Rating: important References: 1191743 Cross-References: CVE-2021-42716 CVSS scores: CVE-2021-42716 NVD : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP3 An...