PT-2022-23218 · Churchcrm · Churchcrm

Name of the Vulnerable Software and Affected Versions: ChurchCRM version 4.4.5 Description: The issue allows attackers to store XSS via location input Deposit Comment. This enables potential malicious activities through the exploitation of this input field. Recommendations: For ChurchCRM version...

PT-2022-26208 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 2.1-DEV-rev490-g68064e101-master Description: A problematic vulnerability was found in GPAC, affecting the function lsr translate coords of the file laser/lsr dec.c. The manipulation leads to integer overflow. It is possible to...

PYSEC-2022-43175

Drag and Drop XBlock v2 implements a drag-and-drop style problem, where a learner has to drag items to zones on a target image. Versions prior to 3.0.0 are vulnerable to cross-site scripting in multiple XBlock Fields. Any platform that has deployed the XBlock may be impacted. Version 3.0.0 contai...

PT-2022-27151 · Totolink · Totolink Nr1800X

Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue concerns a command injection via the FileName parameter in the setUploadSetting function. This allows for potential malicious commands to be executed. No information is...

PT-2022-26142 · Google · Tensorflow

Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.11.0 TensorFlow versions 2.10.1 and earlier TensorFlow versions 2.9.3 and earlier TensorFlow versions 2.8.4 and earlier Description: The issue arises when printing a tensor, as the data is retrieved as a const...

PT-2022-6453 · Adobe · Dimension

Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as...

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

CVE-2022-39389 Witness Block Parsing DoS Vulnerability in lnd

Lightning Network Daemon lnd is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version v0.15.4 are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can continue to make payments a...

PT-2022-24516 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.146 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for several features. There are no known...

PT-2022-26223 · Tenda · Tenda Ac1200 Router

Name of the Vulnerable Software and Affected Versions: Tenda AC1200 Router Model W15Ev2 version V15.11.0.101576 Description: A command injection issue was discovered via the PortMappingServer parameter in the setPortMapping function. This allows for potential exploitation. Recommendations: For...

PT-2025-8624 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-rc2-syzkaller-00160-g274295c6e53f Description: A vulnerability has been resolved in the Linux kernel. The issue is related to the erspan module, where it was assumed that the transport header is always se...

UBUNTU-CVE-2022-3965

A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smcencodestream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument ysize leads to out-of-bounds read. The attack can be initiated...

UBUNTU-CVE-2022-3964

A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument ysize leads to out-of-bounds read. It is possible to initiate the attack remotely. The...

CVE-2022-41873 Out-of-bounds read and write in BLE L2CAP module

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to 4.9 are vulnerable to an Out-of-bounds read. While processing the L2CAP protocol, the Bluetooth Low Energy stack of Contiki-NG needs to map an incoming channel ID to its metadata...

CVE-2022-39388 Istio may allow identity impersonation if user has localhost access

Istio is an open platform to connect, manage, and secure microservices. In versions on the 1.15.x branch prior to 1.15.3, a user can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane. Version 1.15.3 contains a patch for this issue...

CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

PT-2022-5810 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high...

CVE-2022-39306 Grafana contains Improper Input Validation

Grafana is an open-source platform for monitoring and observability. Versions prior to 9.2.4, or 8.5.15 on the 8.X branch, are subject to Improper Input Validation. Grafana admins can invite other members to the organization they are an admin for. When admins add members to the organization, non...

PT-2022-5505

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A security feature bypass issue exists in the BitLocker Device Encryption of Windows operating systems due to security configuration errors. This flaw allows an attacker to bypass security...

CVE-2022-32611

In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340373; Issue ID: ALPS07340373...