4604 matches found
CVE-2021-20231 affecting package gnutls for versions less than 3.6.14-5
CVE-2021-20231 affecting package gnutls for versions less than 3.6.14-5. A patched version of the package is available...
CVE-2021-3739 affecting package kernel 5.10.189.1-1
CVE-2021-3739 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
CVE-2021-3930 affecting package qemu-kvm 4.2.0-48
CVE-2021-3930 affecting package qemu-kvm 4.2.0-48. A patched version of the package is available...
CVE-2022-0561 affecting package libtiff 4.1.0-3
CVE-2022-0561 affecting package libtiff 4.1.0-3. A patched version of the package is available...
DEBIAN-CVE-2022-24786
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...
Design/Logic Flaw
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...
UBUNTU-CVE-2022-24786
PJSIP is a free and open source multimedia communication library written in C. PJSIP versions 2.12 and prior do not parse incoming RTCP feedback RPSI Reference Picture Selection Indication packet, but any app that directly uses pjmediartcpfbparserpsi will be affected. A patch is available in the...
AZL-35233 CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...
CVE-2022-24795
The CVE-2022-24795 issue affects yajl (and its ruby binding yajl-ruby). A 32-bit size_t-based integer overflow in the reallocation logic (yajl_buf.c) can cause under-allocation when handling very large inputs (~2 GB), leading to heap memory corruption and potential process availability impact. On...
CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...
CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...
CVE-2022-24813 Authentication Bypass Using an Alternate Path or Channel in CreateWiki
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Without the patch for this issue, anonymous comments can be made using Special:RequestWikiQueue when sent directly via POST. A patch for this issue is available in the master branch of CreateWiki's GitHub repository...
CVE-2022-24787 Incorrect Comparison in Vyper
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one en...
Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents
Overview Trend Micro Apex Central and Trend Micro Apex Central as a Service provided by Trend Micro Incorporated are vulnerable to improper check for file contents CWE-345, CVE-2022-26871. Trend Micro Incorporated states that attacks has been observed. Trend Micro Incorporated reported this...
GHSA-8M49-2XJ8-67V9 Data Loss/Denial of Service in SWHKD
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...
0day vulnerability discovered in Spring Core Framework
A vulnerability has been discovered in Spring Core Framework. Spring Core Framework is a set of Java libraries that can be used to develop applications in a structured way to develop applications that can can then run either standalone or in Web application environments such as Tomcat. A maliciou...
Insecure Temporary File in SWHKD
SWHKD is a display protocol-independent hotkey daemon made in Rust. In SWHKD versions 1.1.5 and prior, SWHKD uses the /tmp/swhkd.pid pathname. As /tmp is accessible to all users, there can be an information leak or denial of service. No known workarounds exist. A patch is available on the 1.1.0...
Data Loss/Denial of Service in SWHKD
SWHKD 1.1.5 unsafely uses the /tmp/swhks.pid pathname. There can be data loss or a denial of service. A patch is available on the 1.1.0 branch of the repository...
ALPINE-CVE-2022-24764
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...
CVE-2022-24764 Stack buffer overflow in pjproject
PJSIP is a free and open source multimedia communication library written in C. Versions 2.12 and prior contain a stack buffer overflow vulnerability that affects PJSUA2 users or users that call the API pjmediasdpprint, pjmediasdpmediaprint. Applications that do not use PJSUA2 and do not directly...