Amazon Linux 2022 : python-jwt (ALAS2022-2022-241)

It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-241 advisory. - PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT...

PT-2024-11848 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc7-00103-gef4d3ea40565 Description: The issue is related to a null pointer dereference bug in the io tctx exit cb function. This bug can cause a kernel panic when the task exits to userspace. The problem...

CVE-2022-32631

In Wi-Fi, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453613; Issue ID: ALPS07453613...

PT-2022-26572 · Sourcecodester · Sourcecodester Human Resource Management System +1

Name of the Vulnerable Software and Affected Versions: SourceCodester Human Resource Management System version 1.0 SourceCodester Book Store Management System version 1.0 Description: A critical issue affects the processing of the file /hrm/employeeadd.php, where the manipulation of the empid...

PT-2022-26304 · WordPress · Chained Quiz

Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2.4 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the manage function. This allows unauthenticated attackers to delete...

PT-2022-27335 · D Link · D-Link Dhp-W310Av

Name of the Vulnerable Software and Affected Versions: D-Link DHP-W310AV version 3.10EU Description: A command injection issue was discovered via the System Checks function. This allows for potential exploitation. Recommendations: For D-Link DHP-W310AV version 3.10EU, consider disabling the Syste...

CVE-2022-4202 GPAC lsr_dec.c lsr_translate_coords integer overflow

A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsrtranslatecoords of the file laser/lsrdec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclose...

PT-2022-27114 · Dedecmdv6 · Dedecmdv6

Name of the Vulnerable Software and Affected Versions: dedecmdv6 version 6.1.9 Description: The issue allows for Remote Code Execution RCE via the file manage control.php endpoint. Recommendations: For dedecmdv6 version 6.1.9, consider restricting access to the file manage control.php endpoint...

UBUNTU-CVE-2022-3970

A vulnerability was found in LibTIFF. It has been classified as critical. This affects the function TIFFReadRGBATileExt of the file libtiff/tifgetimage.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and m...

PT-2022-24986 · Emlog · Emlog

Name of the Vulnerable Software and Affected Versions: emlog affected versions not specified Description: A vulnerability has been found in emlog, classified as problematic, affecting an unknown functionality of the file admin/article save.php. The manipulation of the tag argument leads to...

CVE-2022-3956 tsruban HHIMS Patient Portrait sql injection

A vulnerability classified as critical has been found in tsruban HHIMS 2.1. Affected is an unknown function of the component Patient Portrait Handler. The manipulation of the argument PID leads to sql injection. It is possible to launch the attack remotely. It is recommended to apply a patch to f...

PT-2022-1389 · Fortinet · Fortianalyzer +1

Name of the Vulnerable Software and Affected Versions: FortiManager versions 6.0.0 through 7.0.4 FortiAnalyzer versions 6.0.0 through 7.0.4 Description: The issue is related to an improper neutralization of input during web page generation, which may allow a low privilege level attacker to perfor...

UBUNTU-CVE-2022-3625

A vulnerability was found in Linux Kernel. It has been classified as critical. This affects the function devlinkparamset/devlinkparamget of the file net/core/devlink.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...

CVE-2022-3646 Linux Kernel BPF segment.c nilfs_attach_log_writer memory leak

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfsattachlogwriter of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply ...

CVE-2022-3621 Linux Kernel nilfs2 inode.c nilfs_bmap_lookup_at_level null pointer dereference

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsbmaplookupatlevel of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is...

Code injection

In versions 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5, and all versions of 13.1.x, when BIG-IP is provisioned with PEM or AFM module, an undisclosed input can cause Traffic Management Microkernel TMM to terminate...

DEBIAN-CVE-2022-3594

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function intrcallback of the file drivers/net/usb/r8152.c of the component BPF. The manipulation leads to logging of excessive data. The attack can be launched remotely. It is...

DEBIAN-CVE-2022-3567

A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function inet6streamops/inet6dgramops of the component IPv6 Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. VDB-211090 is the...

DEBIAN-CVE-2022-3553

A vulnerability, which was classified as problematic, was found in X.org Server. This affects an unknown part of the file hw/xquartz/X11Controller.m of the component xquartz. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier VDB-2110...

UBUNTU-CVE-2022-3526

A vulnerability classified as problematic was found in Linux Kernel. This vulnerability affects the function macvlanhandleframe of the file drivers/net/macvlan.c of the component skb. The manipulation leads to memory leak. The attack can be initiated remotely. It is recommended to apply a patch t...