AZL-33639 CVE-2022-21698 affecting package rook for versions less than 1.6.2-18

clientgolang is the instrumentation library for Go applications in Prometheus, and the promhttp package in clientgolang provides tooling around HTTP servers and clients. In clientgolang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and...

Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server

Impact Authentication Bypass by Primary Weakness CWE-305 Commit: https://github.com/kongchuanhujiao/server/commit/9a125624f219e496bdf4b07b404816d5a309bdc1 ALL Users is impacted. Patches Yes, PLEASE UPGRADE TO v1.3.21-beta.d0ffc0a6...

PT-2022-1661 · Microsoft · Windows Print Spooler +1

Name of the Vulnerable Software and Affected Versions: Windows Print Spooler versions prior to the fixed version Description: The issue is related to errors in security settings, allowing an attacker to elevate their privileges. This can affect the system, potentially leading to further...

CVE-2021-44779

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

CVE-2021-44779 WordPress [GWA] AutoResponder plugin <= 2.3 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability discovered in GWA AutoResponder WordPress plugin versions = 2.3, vulnerable at &listid. No patched version available, plugin closed...

CSRF token missing in Symfony

Description ----------- The Symfony form component provides a CSRF protection mechanism by using a random token injected in the form and using the session to store and control the token submitted by the user. When using the FrameworkBundle, this protection can be enabled or disabled with the...

PT-2022-9652 · WordPress · Labtools

Name of the Vulnerable Software and Affected Versions: LabTools WordPress plugin versions 1.0 and earlier Description: The issue concerns a lack of proper authorization and CSRF check when deleting publications. This allows any authenticated users, such as subscribers, to delete arbitrary...

PT-2022-16117 · Nimforum · Nimforum

Name of the Vulnerable Software and Affected Versions: Nimforum versions prior to 2.2.0 Description: The issue allows any forum user to create a new thread or post that includes a reference to a local file on the host operating system. Nimforum will render the file if possible. This can be done...

UBUNTU-CVE-2022-21720

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation...

UBUNTU-CVE-2022-21722

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially...

CVE-2022-21723 Out-of-bounds read in multipart parsing in PJSIP

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause...

CVE-2022-21722

CVE-2022-21722 affects PJPROJECT (PJMEDIA) used by PJSCI/PJSIP. In 2.11.1 and earlier, certain incoming RTP/RTCP packets can cause out-of-bounds read access due to multiple code paths; this impacts users accepting RTP/RTCP streams. A patch is available as a commit in the master branch. There are ...

CVE-2022-21722

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there are various cases where it is possible that certain incoming RTP/RTCP packets can potentially...

CVE-2021-28715 affecting package kernel 5.10.189.1-1

CVE-2021-28715 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

CVE-2021-45480 affecting package kernel 5.10.189.1-1

CVE-2021-45480 affecting package kernel 5.10.189.1-1. A patched version of the package is available...

PT-2022-4912 · Tcl · Tcl Linkhub Mesh Wi-Fi

Name of the Vulnerable Software and Affected Versions: TCL LinkHub Mesh Wi-Fi MS1G 00 01.00 14 Description: A buffer overflow vulnerability exists in the GetValue functionality. This issue is related to the handling of the libcommonprod.so binary, where a specially-crafted configuration value can...

PT-2022-7540 · Hdf5 +3 · Hdf5 +3

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.13.1-1 Description: The issue is related to a Divide By Zero vulnerability in the H5T complete copy function, located in the H5T.c file of the HDF5 library. This vulnerability can cause an arithmetic exception, leading to a...

CVE-2021-41496 affecting package numpy 1.16.6-2

CVE-2021-41496 affecting package numpy 1.16.6-2. A patched version of the package is available...

PT-2022-1525 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in the Windows Certificate authentication procedure, allowing an attacker to conduct spoofing attacks. It is associated with data substitution, enabling...

PT-2022-12528 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC version 1.0.1 Description: A Pointer Dereference issue exists via the gf hinter finalize function. This issue allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world...