MAL-2022-6038 Malicious code in setup-gamma (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware deba7e063fe3b4609326e55cea28db816c7049297f8cef8b23d8c2d7589f69f8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Image Optimizer, Resizer and CDN < 6.8.1 - Admin+ Stored XSS

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Step 1: Install the plugin and register for a...

WP-Lister Lite for Amazon < 2.4.4 - Reflected XSS

The plugin does not sanitize and escapes a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which can be used against high-privilege users such as admin. PoC 1. Install and activate WooCommerce dependency, no setup required 2. Install and activate the...

GSD-2022-1007937 riscv: fix reserved memory setup

riscv: fix reserved memory setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.79 by commit 518e49f0590de66555503aabe199ba8d3f2e24ac, it...

GSD-2022-1007911 cifs: Fix connections leak when tlink setup failed

cifs: Fix connections leak when tlink setup failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.81 by commit...

GSD-2022-1007777 riscv: fix reserved memory setup

riscv: fix reserved memory setup This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.9 by commit 93598deb101540c4f9e7de15099ea8255b965fc2, it w...

GSD-2022-1007744 cifs: Fix connections leak when tlink setup failed

cifs: Fix connections leak when tlink setup failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.10 by commit...

PT-2024-11819 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A buffer overflow issue has been identified in the Linux kernel's USB gadget UVC setup handler. The setup function uvc function setup allows control transfer requests with up to 64 byt...

py7zr 0.20.0 Directory Traversal Vulnerability

CVE-2022-44900: path traversal vulnerability in py7zr Directory traversal vulnerability in SevenZipFile.extractall function of the python library py7zr version 0.20.0 and earlier allow attackers to read arbitrary files on the local machine via malicious 7z file extraction. CVE-2022-44900...

CVE-2022-42778

In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed...

CVE-2022-42777

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

Design/Logic Flaw

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

Design/Logic Flaw

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

Design/Logic Flaw

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

CVE-2022-42776

In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed...

PT-2022-26568 · Unknown · Uscaiengine Service

Name of the Vulnerable Software and Affected Versions: UscAIEngine service affected versions not specified Description: The issue is related to a missing permission check in the UscAIEngine service. This could allow setting up the UscAIEngine service without requiring additional execution...

CVE-2022-39093

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

UNISOC chipset 安全漏洞

The UNISOC chipset is an integrated circuit chipset from China's Unisplendour UNISOC. A security vulnerability exists in the UNISOC chipset that stems from a lack of privilege checking in the power management service, which could result in setting up the power management service without additiona...

UNISOC chipset 安全漏洞

The UNISOC chipset is an integrated circuit chipset from China's Unisolar Corporation UNISOC. The UNISOC chipset suffers from a security vulnerability that stems from a lack of privilege checking in its UscAIEngine service that allows an attacker to set up the UscAIEngine service without addition...

CVE-2022-39096

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...