Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows

Overview Trend Micro Incorporated has released a security update for Trend Micro Deep Security and Cloud One - Workload Security agents for Windows. Trend Micro Incorporated reported these vulnerabilities to JPCERT/CC to notify users of the solutions through JVN. Impact Information disclosure due...

PT-2022-25698 · Sap · Sap 3D Visual Enterprise Author

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Author version 9 Description: The issue arises due to improper memory management when handling Enhanced Metafile .emf, emf.x3d files from untrusted sources. This can lead to Remote Code Execution when a manipulated fi...

CVE-2022-36946 affecting package kernel for versions less than 5.15.67.1-4

CVE-2022-36946 affecting package kernel for versions less than 5.15.67.1-4. A patched version of the package is available...

CVE-2022-1651 affecting package kernel for versions less than 5.15.67.1-4

CVE-2022-1651 affecting package kernel for versions less than 5.15.67.1-4. A patched version of the package is available...

CVE-2022-1198 affecting package kernel 5.10.134.1-2

CVE-2022-1198 affecting package kernel 5.10.134.1-2. A patched version of the package is available...

CVE-2022-1199 affecting package kernel 5.10.134.1-2

CVE-2022-1199 affecting package kernel 5.10.134.1-2. A patched version of the package is available...

GHSA-38HF-C37X-32HV LIEF vulnerable to denial of service through segmentation fault

A vulnerability in the LIEF::MachO::BinaryParser::initandparse function of LIEF v0.12.1 allows attackers to cause a denial of service DOS through a segmentation fault via a crafted MachO file. A patch for this issue is available at commit fde2c48986739fabd2cf9b40b9af149a89c57850...

PT-2022-26094 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.04 Description: A problem has been detected in the convertToType0 function in the fofi/FoFiType1C.cc file, causing a crash. This issue is distinct from other known vulnerabilities. Recommendations: For Xpdf version 4.04, consid...

CVE-2022-39245 Mist vulnerable to user providing a Sudo binary for authentication checks

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known...

CVE-2022-23464 Potential Server Side Request Forgery (SSRF) in Nepxion Discovery

Nepxion Discovery is a solution for Spring Cloud. Discovery is vulnerable to a potential Server-Side Request Forgery SSRF. RouterResourceImpl uses RestTemplate’s getForEntity to retrieve the contents of a URL containing user-controlled input, potentially resulting in Information Disclosure. There...

CVE-2022-36062 Grafana folders admin only permission privilege escalation

Grafana is an open-source platform for monitoring and observability. In versions prior to 8.5.13, 9.0.9, and 9.1.6, Grafana is subject to Improper Preservation of Permissions resulting in privilege escalation on some folders where Admin is the only used permission. The vulnerability impacts Grafa...

YetiForce CRM vulnerable to stored Cross-site Scripting via SlaPolicy module

YetiForce CRM versions 6.4.0 and prior are vulnerable to cross-site scripting via the SlaPolicy module. A patch is available at commit e55886781509fe39951fc7528347696474a17884...

PT-2022-22543 · Otfcc +1 · Otfcc +1

Name of the Vulnerable Software and Affected Versions: OTFCC commit 617837b Description: A heap buffer overflow issue has been discovered in OTFCC commit 617837b via the /release-x64/otfccdump+0x6c0bc3 endpoint. Recommendations: For OTFCC commit 617837b, as a temporary workaround, consider...

CVE-2022-0168 affecting package kernel 5.10.131.1-1

CVE-2022-0168 affecting package kernel 5.10.131.1-1. A patched version of the package is available...

CVE-2022-35974

TensorFlow is an open source platform for machine learning. If QuantizeDownAndShrinkRange is given nonscalar inputs for inputmin or inputmax, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

GHSA-PXRW-J2FV-HX3H TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite

Impact The GatherNd function takes arguments that determine the sizes of inputs and outputs. If the inputs given are greater than or equal to the sizes of the outputs, an out-of-bounds memory read is triggered. Patches We have patched the issue in GitHub commit...

OpenAM (OpenAM Consortium Edition) vulnerable to open redirect

Overview OpenAM OpenAM Consortium Edition provided by OpenAM Consortium contains an open redirect vulnerability CWE-601. OpenAM Consortium reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and OpenAM Consortium coordinated under the Information Securi...

CVE-2021-42523 affecting package colord for versions less than 1.4.4-9

CVE-2021-42523 affecting package colord for versions less than 1.4.4-9. A patched version of the package is available...

Multiple vulnerabilities in EC-CUBE

Overview EC-CUBE provided by EC-CUBE CO.,LTD. contains multiple vulnerabilities listed below. Directory traversal vulnerability CWE-22 - CVE-2022-40199 DOM-based cross-site scripting vulnerability CWE-79 - CVE-2022-38975 Noriaki Iwasaki of Cyber Defense Institute, Inc. reported these...

GHSA-XV7R-9VQ4-9WRQ Project Wonder WebObjects vulnerable to Arbitrary HTTP Header Injection and Cross-site Scripting

Project Wonder WebObjects 1.0 through 7.3 is vulnerable to Arbitrary HTTP Header injection and URL- or Header-based XSS reflection in all web-server adaptor interfaces. A patch for this issue is available at commit number b0d2d74f13203268ea254b02552600850f28014b...