CVE-2022-47543

An issue was discovered in Siren Investigate before 12.1.7. There is an ACL bypass on global objects...

CVE-2022-47543

Siren Investigate contains a CVE-2022-47543 ACL bypass on global objects for versions before 12.1.7. Affected software: Siren Investigate (pre-12.1.7). Root cause: improper access control on global objects. Impact: limited integrity, potential exposure of global object access (as per CVSS 3.1 met...

PT-2025-37525

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/amdgpu module related to the amddrm buddy fini function. A call trace warning is observed during the removal of the amdgpu driver, caused by...

GHSA-F8CC-G7J8-XXPM XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow

Impact The vulnerability may allow a remote attacker to terminate the application with a stack overflow error resulting in a denial of service only by manipulating the processed input stream. Patches XStream 1.4.20 handles the stack overflow and raises an InputManipulationException instead...

CVE-2022-41966

XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for...

CVE-2022-43594

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...

Null pointer dereference

Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially crafted ImageOutput Objects can lead to multiple null pointer dereferences. An attacker can provide malicious multiple inputs to trigger these...

CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

CVE-2022-31745

If array shift operations are not used, the Garbage Collector may have become confused about valid objects. This vulnerability affects Firefox 101...

CVE-2022-22740

Certain network request objects were freed too early when releasing a network request handle. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-1097

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

CVE-2022-1097

NSSToken objects were referenced via direct points, and could have been accessed in an unsafe way on different threads, leading to a use-after-free and potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and Firefox ESR 91.8...

OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability

Talos Vulnerability Report TALOS-2022-1653 OpenImageIO Project OpenImageIO Image Output Close denial of service vulnerability December 22, 2022 CVE Number CVE-2022-43594,CVE-2022-43595 SUMMARY Multiple denial of service vulnerabilities exist in the image output closing functionality of OpenImageI...

[SECURITY] Fedora 36 Update: snakeyaml-1.32-1.fc36

SnakeYAML features: a complete YAML 1.1 parser. In particular, SnakeYAML can parse all examples from the specification. Unicode support including UTF-8/UTF-16 input/output. high-level API for serializing and deserializing native Java objects. support for all types from the YAML types repository...

Cross site scripting vulnerability in pimcore

Description Cross site scripting vulnerability in pimcore/pimcore "title field " in data objects Proof of Concept 1. Login with dev account https://11.x-dev.pimcore.fun/admin/?dc=1670962076&perspective= 2. Go to setting -- data objects -- classes -- events 3. Click media under genaral settings 4...

CVE-2022-41267

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrit...

CVE-2022-41267

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrit...

Design/Logic Flaw

SAP Business Objects Platform - versions 420, and 430, allows an attacker with normal BI user privileges to upload/replace any file on Business Objects server at the operating system level, enabling the attacker to take full control of the system causing a high impact on confidentiality, integrit...