ARM Mali GPU 缓冲区错误漏洞

ARM Mali GPUs are a family of mobile display chipsets GPUs from the British company ARM. Like other 3D display chips based on IP cores embedded technology, the Mali display chipset does not provide a display controller similar to a graphics card specifically designed to drive an LCD monitor to...

MySQLjs SQL Injection Authentication Bypass

An SQL injection occurs when a value originating from the client's request is used within a SQL query without prior sanitisation. Typically, query escape functions or placeholders are known to prevent SQL injections. However, mysqljs/mysql is known to have different escape methods over different...

WordPress WooCommerce Disable Payment Methods based on cart conditions plugin < 1.13.1.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress WooCommerce Disable Payment Methods based on cart conditions plugin versions 1.13.1.1. Solution Update the WordPress WooCommerce Disable Payment Methods based on cart conditions plugin to the latest available version at least...

WordPress WooCommerce Disable Payment Methods based on cart conditions plugin < 1.13.1.1 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WooCommerce Disable Payment Methods based on cart conditions plugin versions 1.13.1.1. Solution Update the WordPress WooCommerce Disable Payment Methods based on cart conditions plugin to the latest...

Security update for jasper (moderate)

openSUSE Security Update: Security update for jasper Announcement ID: openSUSE-SU-2022:0562-1 Rating: moderate References: 1188437 Cross-References: CVE-2021-27845 CVSS scores: CVE-2021-27845 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-27845 SUSE: 4...

Security update for jaw (moderate)

openSUSE Security Update: Security update for jaw Announcement ID: openSUSE-SU-2022:0045-1 Rating: moderate References: 1194358 Cross-References: CVE-2022-21653 CVSS scores: CVE-2022-21653 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Backports SLE-15-SP2 An...

Security update for rust (moderate)

openSUSE Security Update: Security update for rust Announcement ID: openSUSE-SU-2022:0491-1 Rating: moderate References: 1194767 Cross-References: CVE-2022-21658 CVSS scores: CVE-2022-21658 NVD : 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H CVE-2022-21658 SUSE: 6.2...

[WP-H3] Centralization Risk: Funds can be frozen when critical key holders lose access to their keys

Lines of code Vulnerability details The current implementation requires trusted key holders DEFAULTADMINROLE of BribeVault to send transactions transferBribes to move funds from BribeVault to RewardDistributor before the users can get rewards from the contract. This introduces a high centralizati...

[WP-H4] Input should be validated on-chain to avoid fund loss caused by admin's misinput

Lines of code Vulnerability details In the current design/implementation, the admin of BribeVault is a super privileged role of the system. However, the inputs of the admin to some of the most critical methods are not being validated properly. This can lead to loss of funds to users caused by the...

Emotet Now Spreading Through Malicious Excel Files

The infamous Emotet malware has switched tactics yet again, in an email campaign propagating through malicious Excel files, researchers have found. Researchers at Palo Alto Networks Unit 42 have observed a new infection approach for the high-volume malware, which is known to modify and change its...

ruby:2.6 security update

An update is available for rubygem-bson, rubygem-mysql2, ruby, rubygem-mongo, rubygem-pg, rubygem-abrt. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Ruby is a...

Denial Of Service (DoS)

github.com/prometheus/clientgolang is vulnerable to Denial Of Service DoS. Lack of proper handling of requests with non-standard HTTP methods allows an attacker to cause unbounded cardinality, and potential memory exhaustion...

AZL-41454 CVE-2022-23639 affecting package librsvg2 for versions less than 2.58.1-1

crossbeam-utils provides atomics, synchronization primitives, scoped threads, and other utilities for concurrent programming in Rust. crossbeam-utils prior to version 0.8.7 incorrectly assumed that the alignment of i,u64 was always the same as AtomicI,U64. However, the alignment of i,u64 on a...

CVE-2022-22770

The Web Server component of TIBCO Software Inc.'s TIBCO AuditSafe contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to execute API methods on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO AuditSafe: versions 1.1.0 and...

AZL-33639 CVE-2022-21698 affecting package rook for versions less than 1.6.2-18

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-35012 CVE-2022-21698 affecting package multus for versions less than 4.0.2-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-31981 CVE-2022-21698 affecting package kured for versions less than 1.13.2-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-34999 CVE-2022-21698 affecting package moby-engine for versions less than 25.0.3-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-33611 CVE-2022-21698 affecting package local-path-provisioner for versions less than 0.0.21-14

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

AZL-35122 CVE-2022-21698 affecting package prometheus-process-exporter for versions less than 0.8.2-1

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...