CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-36139

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByteunsigned char...

CVE-2022-35106

SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksumunsigned char, int at /xpdf/FoFiTrueType.cc...

CVE-2022-36153

tifig v0.2.2 was discovered to contain a segmentation violation via std::vector ::size const at /bits/stlvector.h...

CVE-2022-36153

CVE-2022-36153 affects tifig v0.2.2, where a segmentation violation can occur through the use of std::vector::size() in /bits/stl_vector.h. The issue is documented across multiple sources (NVD entry and Red Hat/OSV/CVE lists) consistently describing a memory/segmentation fault in tifig 0.2.2. The...

CVE-2022-36139

SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByteunsigned char...

CVE-2022-36155

CVE-2022-36155 affects tifig v0.2.2 with a resource allocation issue in asan_new_delete.cpp (operator new(unsigned long)). The CVE entry notes availability impact as HIGH while confidentiality and integrity remain NONE. Public details consistently describe the issue but do not provide exploit/vec...

Supply Chain Attack

Policy-controller is vulnerable to supply chain attack. Due to a flaw in the function ValidatePolicyAttestationsForAuthority, images will be reported as false positives resulting in admission in specific conditions. An attacker can use this vulnerability to run unsigned images...

OESA-2022-1801 fwupd security update

aims to make updating firmware on Linux automatic, safe and reliable. Security Fixes: A PGP signature bypass flaw was found in fwupd all versions, which could lead to the installation of unsigned firmware. As per upstream, a signature bypass is theoretically possible, but not practical because th...

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

CVE-2022-30269

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...

CVE-2022-34762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...

CVE-2022-34762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...

CVE-2022-22997

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices...

CVE-2022-22997

Addressed a remote code execution vulnerability by resolving a command injection vulnerability and closing an AWS S3 bucket that potentially allowed an attacker to execute unsigned code on My Cloud Home devices...

CVE-2022-34762

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists that could cause unauthorized firmware image loading when unsigned images are added to the firmware image path. Affected Products: X80 advanced RTU Communication Module BMENOR2200H V2.01 an...

Emerson DeltaV Distributed Control System 数据伪造问题漏洞

Emerson DeltaV Distributed Control System is an automated distributed control system from Emerson. The system includes features such as network security management, alarm management, batch control, and change management. The Emerson DeltaV Distributed Control System is vulnerable to a data forger...

Fedora: Security Advisory for shim-unsigned-x64 (FEDORA-2022-98830efc68)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for shim-unsigned-aarch64 (FEDORA-2022-98830efc68)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...