4604 matches found
PT-2022-2681 · Pjsip +4 · Pjsip +4
Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.12 and prior Description: The issue is related to a stack buffer overflow vulnerability in the PJSIP multimedia communication library, specifically affecting users of PJSUA2 or those who call the API endpoints pjmedia sdp pri...
CVE-2022-0778 affecting package openssl 1.1.1k-16
CVE-2022-0778 affecting package openssl 1.1.1k-16. A patched version of the package is available...
GHSA-8V3J-JFG3-V3FV Prototype Pollution in Sails.js
Sails.js = 1.5.2 is vulnerable to Prototype Pollution via controller/load-action-modules.js, function loadActionModules. A patch is available in the master branch of Sails.js's GItHub repository...
PT-2022-17295 · Tenda · Tenda Ac9
Name of the Vulnerable Software and Affected Versions: Tenda AC9 version 15.03.2.21 Description: A stack overflow issue was discovered via the ntpserver parameter in the SetSysTimeCfg function. Recommendations: For Tenda AC9 version 15.03.2.21, consider restricting access to the SetSysTimeCfg...
CVE-2022-24770 Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
gradio is an open source framework for building interactive machine learning models and demos. Prior to version 2.8.11, gradio suffers from Improper Neutralization of Formula Elements in a CSV File. The gradio library has a flagging functionality which saves input/output data into a CSV file on t...
Attackers could gain root access using vulnerability in Linux Kernel Netfilter Firewall
THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. A flaw in the Linux kernel has been discovered. If exploited, this flaw could allow a local attacker to gain privileges on targeted systems, allowing them to escape containers, execute arbitrary code, or cause a kernel pani...
Cross-site Scripting in ShowDoc
ShowDoc is vulnerable to stored cross-site scripting through file upload in versions 2.10.3 and prior. A patch is available and anticipated to be part of version 2.10.4...
CVE-2021-45402 affecting package kernel 5.10.189.1-1
CVE-2021-45402 affecting package kernel 5.10.189.1-1. A patched version of the package is available...
Vulnerability fixed in AMD processors
AMD has fixed a vulnerability with reference CVE-2021-26401 for the Ryzen and Athlon processors. This vulnerability has the same cause as the vulnerability known as Spectre, with attribute CVE-2017-5717. This vulnerability allows a malicious party to obtain sensitive data from the memory of a loc...
CVE-2022-21716 Buffer Overflow in Twisted
Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to 22.2.0, Twisted SSH client and server implement is able to accept an infinite amount of data for the peer's SSH version identifier. This ends up with a buffer using all the available memory. The attach...
ALPINE-CVE-2022-23608
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set or forking scenario, a hash key shared by multiple UAC dialogs can...
CVE-2022-23608 Use after free in PJSIP
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set or forking scenario, a hash key shared by multiple UAC dialogs can...
PT-2022-1909 · Canonical +3 · Snapd +4
Name of the Vulnerable Software and Affected Versions: snapd versions 2.54.2 Description: The issue is related to a race condition in the snap-confine binary of the snapd utility, which can be exploited to gain root privileges by executing arbitrary code. This can be achieved by a local attacker...
AZL-33639 CVE-2022-21698 affecting package rook for versions less than 1.6.2-18
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
DEBIAN-CVE-2022-21698
clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server
Impact Authentication Bypass by Primary Weakness CWE-305 Commit: https://github.com/kongchuanhujiao/server/commit/9a125624f219e496bdf4b07b404816d5a309bdc1 ALL Users is impacted. Patches Yes, PLEASE UPGRADE TO v1.3.21-beta.d0ffc0a6...
PT-2022-1661 · Microsoft · Windows Print Spooler +1
Name of the Vulnerable Software and Affected Versions: Windows Print Spooler versions prior to the fixed version Description: The issue is related to errors in security settings, allowing an attacker to elevate their privileges. This can affect the system, potentially leading to further...
CVE-2021-44779
Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...
CVE-2021-44779 WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability
Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...
CSRF token missing in Symfony
Description ----------- The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the...