PT-2022-8380 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue. It appears to be a notification about a candidate number that is not in use...

PT-2022-8360 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue. It appears to be a notification about a candidate number that is not in use...

CVE-2022-3032

When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specified in the nested document, for example images or videos, were not blocked. Rather, the network was accessed, the objects were loaded and displayed...

PT-2022-27785 · Tauri · Tauri

Name of the Vulnerable Software and Affected Versions: Tauri versions prior to the latest release Tauri versions 1.x prior to the backported patch Description: The filesystem glob pattern wildcards , ?, and ... match file path literals and leading dots by default, which unintentionally exposes su...

GHSA-RC58-QR9J-CPGW Apache Airflow Hive Provider vulnerable to Command Injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider before 5.0.0...

Auto desktop launch feature is not working for receiver for web

The auto desktop launch feature is not working...

PYSEC-2022-43155

wasm3 commit 7890a2097569fde845881e0b352d813573e371f9 was discovered to contain a segmentation fault via the component opCallIndirect at /m3exec.h...

ASB-A-252943954

In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel...

ASB-A-250470698

In widevine, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

Leak in Aliyun KeySecret

Users of this library will be affected when using this library, the incoming secret will be disclosed unintentionally...

GSD-2022-1007044 thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash

thermal: intelpowerclamp: Use getcpu instead of smpprocessorid to avoid crash This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

OPENSUSE-SU-2022:10202-1 Security update for jhead

This update for jhead fixes the following issues: CVE-2021-34055: Fix out of bounds write in ClearOrientation due to unchecked error boo1205167...

ASB-A-244109033

A module in camera driver do not check the data of ioctl parameter, which may cause deny of service happens...

OctoPrint vulnerable to Special Element Injection

OctoPrint prior to 1.8.3 is vulnerable to Special Element Injection...

CVE-2022-43037

An issue was discovered in Bento4 1.6.0-639. There is a memory leak in the function AP4File::ParseStream in /Core/Ap4File.cpp...

Attachments that are added to drafts while collaborative editing is off are searchable when collaborative editing is turned on

h3. Issue Summary This is reproducible on Data Center: yes h3. Steps to Reproduce Turn OFF collaborative editing Create a page Add attachment to the page Do not publish the page Try searching for the draft or attachment Enable Collaborative Editing Perform Reindexing Try searching for the draft o...

PT-2022-21678 · Unknown · Nopcommerce

Name of the Vulnerable Software and Affected Versions: nopcommerce version 4.50.2 Description: The issue is related to an access control problem, allowing attackers to modify any customer's address. This is achieved through the "addressedit" endpoint. Recommendations: For nopcommerce version...

Magento Open Source allows Improper Access Control

Adobe Commerce versions 2.4.3-p3 and earlier, 2.4.4-p1 and earlier and 2.4.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the availability of a user's minor feature...

CVE-2022-3479

A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash...

CWA for HTML5 "Multi-Monitor setup requires permission" message appears even with single monitor

Below message is seen after launching a session using the HTML5 client .Multi-monitor setup requires permission Do you want to give permission to use multiple monitors? The message is seebn even though there is only 1 monitor on the client device...