PT-2022-6134 · Sap · Sap Sql Anywhere

Name of the Vulnerable Software and Affected Versions: SAP SQL Anywhere version 17.0 Description: The issue is related to the lack of protection for the SQL query structure in SAP SQL Anywhere. An authenticated attacker can exploit this by crashing the server with specially crafted queries that u...

CVE-2022-42722 affecting package kernel for versions less than 5.15.74.1-3

CVE-2022-42722 affecting package kernel for versions less than 5.15.74.1-3. A patched version of the package is available...

CVE-2022-3543 affecting package kernel 5.10.145.1-1

CVE-2022-3543 affecting package kernel 5.10.145.1-1. A patched version of the package is available...

PT-2022-26743 · Unknown · Fast Food Ordering System

Name of the Vulnerable Software and Affected Versions: Fast Food Ordering System version 1.0 Description: The issue is related to a SQL injection vulnerability. It affects the /fastfood/purchase.php component. Recommendations: For Fast Food Ordering System version 1.0, consider restricting access...

PT-2022-26777 · Timg · Timg

Name of the Vulnerable Software and Affected Versions: timg version 1.4.4 Description: A memory leak was discovered in the function timg::QueryBackgroundColor at /timg/src/term-query.cc. Recommendations: For version 1.4.4, consider disabling the timg::QueryBackgroundColor function as a temporary...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2022:10180-1 Rating: important References: 1204732 1204819 Cross-References: CVE-2022-3652 CVE-2022-3653 CVE-2022-3654 CVE-2022-3655 CVE-2022-3656 CVE-2022-3657 CVE-2022-3658 CVE-2022-3659 CVE-2022-3660...

Vulnerability Spotlight: Vulnerabilities in InHand router could give attackers access to console, delete files

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in InHand Networks InRouter302 that could allow an attacker to access the routers console and make changes to the routers settings, including security protocols. The InRout...

PT-2022-5285 · Keylime +4 · Keylime +4

Name of the Vulnerable Software and Affected Versions: keylime versions prior to 6.5.1 Description: The issue is related to improperly handled exceptions in keylime, which can be exploited to create errors on the verifier, stopping attestation attempts and leaving a host in an attested state...

PT-2022-21869 · Horner Automation · Cscape

Name of the Vulnerable Software and Affected Versions: Horner Automation's Cscape versions 9.90 SP 6 and prior Description: The issue arises from improper validation of user-supplied data. If a user opens a maliciously formed FNT file, an attacker could execute arbitrary code within the current...

CVE-2022-3704

A vulnerability classified as problematic has been found in Ruby on Rails. This affects an unknown part of the file actionpack/lib/actiondispatch/middleware/templates/routes/table.html.erb. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The real...

PT-2022-6529 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: The issue is related to a use-after-free vulnerability in the parsing of TIF files, which can be exploited by remote attackers to execute arbitrary code on affected installations...

CVE-2022-39312 Dataease Mysql Data Source JDBC Connection Parameters Not Verified Leads to Deserialization Vulnerability

Dataease is an open source data visualization analysis tool. Dataease prior to 1.15.2 has a deserialization vulnerability. In Dataease, the Mysql data source in the data source function can customize the JDBC connection parameters and the Mysql server target to be connected. In...

CVE-2022-39305 Gin-vue-admin vulnerable to Unrestricted Upload of File with Dangerous Type

Gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. Versions prior to 2.5.4 contain a file upload ability. The affected code fails to validate fileMd5 and fileName parameters, resulting in an arbitrary file being read. This...

DEBIAN-CVE-2022-3646

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfsattachlogwriter of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply ...

CVE-2022-3620

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...

UBUNTU-CVE-2022-3621

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsbmaplookupatlevel of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is...

UBUNTU-CVE-2022-3543

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function unixsockdestructor/unixreleasesock of the file net/unix/afunix.c of the component BPF. The manipulation leads to memory leak. It is recommended to apply a patch to fix this issue...

PT-2022-36681 · Git +1 · Curl

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack buffer overflow error, as indicated by the crash type 'Stack-buffer-overflow WRITE'. The crash state points to functions...

PT-2022-26238 · Tenda · Tenda Ac1206

Name of the Vulnerable Software and Affected Versions: Tenda AC1206 version US AC1206V1.0RTL V15.03.06.23 multi TD01 Description: The issue concerns a Cross Site Request Forgery CSRF vulnerability. It occurs via the fromSysToolReboot function. Recommendations: For Tenda AC1206 version US...

Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows

Overview Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Information disclosure due...