USN-4797-1 libass vulnerabilities

It was discovered that LibASS incorrectly handled certain ASS files. A remote attacker could possibly use this issue to cause a denial of service. One of the issues, CVE-2016-7970, only affected Ubuntu 16.04 ESM. CVE-2016-7969, CVE-2016-7970, CVE-2016-7972 It was discovered that LibASS incorrectl...

[slackware-security] libxml2

New libxml2 packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libxml2-2.9.14-i586-1slack15.0.txz: Upgraded. This update fixes bugs and the following security issues: Fix intege...

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convert_strings in tinfo/read_entry.c in the terminfo library.

...

Apache Maven Command Injection Vulnerability

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

USN-5388-1: OpenJDK vulnerabilities

It was discovered that OpenJDK incorrectly limited memory when compiling a specially crafted XPath expression. An attacker could possibly use this issue to cause a denial of service. CVE-2022-21426 It was discovered that OpenJDK incorrectly handled converting certain object arguments into their...

CVE-2022-27455

A flaw was found in the MariaDB Server. It contains a use-after-free in the component, mywildcmp8bitimpl at /strings/ctype-simple.c, affecting availability...

Apache Maven 命令注入漏洞

Apache Maven is an application from the Apache USA Foundation. A software project management and understanding tool. Apache Maven Shared Utils suffers from a command injection vulnerability that stems from improper input validation when handling double-quoted strings. A remote attacker could...

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component my_wildcmp_8bit_impl at /strings/ctype-simple.c.

...

AZL-9497 CVE-2022-29458 affecting package ncurses for versions less than 6.3-2

ncurses 6.3 before patch 20220416 has an out-of-bounds read and segmentation violation in convertstrings in tinfo/readentry.c in the terminfo library...

CVE-2022-0765

The Loco Translate WordPress plugin before 2.6.1 does not properly remove inline events from elements in the source translation strings before outputting them in the editor in the plugin admin panel, allowing any user with access to the plugin Translator and Administrator by default to add...

EulerOS Virtualization 2.10.0 : openssl (EulerOS-SA-2022-1417)

According to the versions of the openssl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In order to decrypt SM2 encrypted data an application is expected to call the API function EVPPKEYdecrypt. Typically an...

CVE-2022-28345

The Signal app before 5.34 for iOS allows URI spoofing via RTLO injection. It incorrectly renders RTLO encoded URLs beginning with a non-breaking space, when there is a hash character in the URL. This technique allows a remote unauthenticated attacker to send legitimate looking links, appearing t...

Design/Logic Flaw

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

AZL-9416 CVE-2022-27457 affecting package mariadb for versions less than 10.6.8-1

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

ALPINE-CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...

ALPINE-CVE-2022-27455

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mywildcmp8bitimpl at /strings/ctype-simple.c...

DEBIAN-CVE-2022-27455

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mywildcmp8bitimpl at /strings/ctype-simple.c...

UBUNTU-CVE-2022-27455

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mywildcmp8bitimpl at /strings/ctype-simple.c...

CVE-2022-27457

MariaDB Server v10.6.3 and below was discovered to contain an use-after-free in the component mymbwclatin1 at /strings/ctype-latin1.c...