PT-2022-33213 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.8 Description: The issue is related to a data-race condition for max midi devs access in the ALSA seq: oss component. The actual impact and attack plausibility have not yet been proven. Recommendations: Fo...

PT-2022-25815 · Kitty +4 · Kitty +4

Name of the Vulnerable Software and Affected Versions: Kitty versions prior to 0.26.2 Description: The issue is related to insufficient validation in the desktop notification escape sequence, which can lead to arbitrary code execution. This occurs when a user displays attacker-controlled content ...

Debian: Security Advisory (DLA-3095-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

UBUNTU-CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

CVE-2022-36647

PKUVCL davs2 v1.6.205 was discovered to contain a global buffer overflow via the function parsesequenceheader at source/common/header.cc:269...

PT-2022-23527 · Unknown · Pkuvcl Davs2

Name of the Vulnerable Software and Affected Versions: PKUVCL davs2 version 1.6.205 Description: A global buffer overflow was discovered in the parse sequence header function at source/common/header.cc:269. This issue affects the specified version of PKUVCL davs2. Recommendations: For PKUVCL davs...

PKUVCL davs2 安全漏洞

davs2 is an open source decoder for AVS2-P2/IEEE1857.4 video coding standard open source by PKUVCL in China. A security vulnerability exists in PKUVCL davs2 v1.6.205, which stems from a global buffer overflow in the parsesequenceheader function in its source/common/header.cc:269 component...

Fixed 13 CVEs in expat

CVE-2022-25236: Fix insertion of namespace-separator characters into namespace URIs - CVE-2022-25235: Fix malformed UTF-8 sequences which can lead to arbitrary code execution - CVE-2022-25315: Fix integer overflow in storeRawNames - CVE-2022-22822: Fix integer overflow in addBinding -...

CVE-2022-24952

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket...

Denial of service

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket...

CVE-2022-35623

In Nordic nRF5 SDK for Mesh 5.0, a heap overflow vulnerability can be triggered by sending a series of segmented control packets and access packets with the same SeqAuth...

Nordic Semiconductor nRF5 SDK 缓冲区错误漏洞

The Nordic Semiconductor nRF5 SDK is a software development kit from Nordic Semiconductor, Norway. It provides a rich development environment for the nRF51 and nRF52 family of SoCs. A security vulnerability exists in Nordic Semiconductor nRF5 SDK version 5.0, which is a heap overflow vulnerabilit...

PT-2022-14601 · Google · Android Kernel

Name of the Vulnerable Software and Affected Versions: Android kernel versions affected versions not specified Description: The issue is related to a possible use after free due to improper locking in the trusty log seq start function of trusty-log.c. This could lead to local escalation of...

[SECURITY] Fedora 36 Update: golang-github-schollz-mnemonicode-1.0.1-3.fc36

Mnemonicode is a method for encoding binary data into a sequence of words whi ch can be spoken over the phone, for example, and converted back to data on the other side...

Amazon Linux 2 : thunderbird (ALAS-2022-1818)

The version of thunderbird installed on the remote host is prior to 91.6.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1818 advisory. crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versio...

CVE-2022-32214

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling HRS...

The vulnerability of the SEPCOS Single Package control and protection system from Secheron SEPCOS allows a intruder to trigger a system reboot.

The vulnerability of the SEPCOS Single Package control and protection relay software is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability can allow an attacker, operating remotely, to trigger a system reboot by executing the JS functi...

The vulnerability of the SEPCOS Single Package control and protection relay software allows a intruder to modify user credentials and permissions without authentication.

The vulnerability of the SEPCOS Single Package control and protection relay software is related to the improper implementation of the sequence of actions to be performed. Exploiting this vulnerability allows a malicious actor to modify user credentials and permissions without authentication...