Code injection

Prototype pollution vulnerability in tschaub gh-pages 3.1.0 via the partial variable in util.js...

Twig Field Value - Moderately critical - Access bypass - SA-CONTRIB-2022-058

This module enables themers to get partial data from field render arrays. It gives them more control over the output without drilling deep into the render array or using preprocess functions. The module doesn't sufficiently apply access restrictions when using the filters fieldlabel, fieldvalue,...

Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2511)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.6 : libdb (EulerOS-SA-2022-2511)

According to the versions of the libdb packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to...

Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2350)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Cognos BI 8.4 Partial Denial of Service Vulnerability

Abstract A malicious IBM Cognos BI 8.4 user is able to send a crafted request to the Cognos server which triggers high CPU utilization that may cause a partial denial of service condition due to CPU consumption. This vulnerability can only be exploited by authenticated users, and is not applicabl...

EulerOS Virtualization 2.9.0 : libdb (EulerOS-SA-2022-2386)

According to the versions of the libdb package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to...

mysql: InnoDB unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...

mysql: Server: Security: Encryption unspecified vulnerability (CPU Jul 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Encryption. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server...

mysql: InnoDB unspecified vulnerability (CPU Apr 2022)

Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.28 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

PT-2022-34027 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.138 Description: The issue concerns the ext4 file system, specifically avoiding resizing to a partial cluster size. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

PT-2022-34469 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.14.291 Description: The issue concerns the ext4 filesystem in the Linux Kernel, specifically with avoiding resizing to a partial cluster size. The actual impact and attack plausibility have not yet been prove...

PT-2022-34357 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.256 Description: The issue concerns the ext4 filesystem, specifically avoiding resizing to a partial cluster size. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

GSD-2022-1005082 ext4: avoid resizing to a partial cluster size

ext4: avoid resizing to a partial cluster size This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.4 by commit...

PT-2022-33340 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue concerns the ext4 filesystem in the Linux Kernel, specifically with avoiding resizing to a partial cluster size. The actual impact and attack plausibility have not yet been proven...

Bento4 缓冲区错误漏洞

Bento4 is an open source C++ library for reading and writing MP4 files. A security vulnerability exists in Bento4 version 1.6.0-639, which stems from its AP4ByteStream::Write and AP4HdlrAtom::WriteFields components calling the System/StdC/Ap4StdCFileByteStream.cpp component's AP4...

Huawei EulerOS: Security Advisory for libdb (EulerOS-SA-2022-2323)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-25384 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: A buffer overflow issue exists in the AP4 MemoryByteStream::WritePartial function in mp42aac, which can be exploited by attackers to cause a denial of service. This can be achieved by providing a crafted...

PT-2022-24782 · Siemens · Ruggedcom M2100 +62

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, so: Affected software affected versions not specified Description: The issue is related to the improper handling of partial HTTP requests, making devices susceptible to slowloris attacks. This could...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.20.4.5)

The version of AOS installed on the remote host is prior to 5.20.4.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.20.4.5 advisory. - If a web application sends a WebSocket message concurrently with the WebSocket connection closing when running on Apache...