GSD-2022-1001556 udmabuf: validate ubuf->pagecount

udmabuf: validate ubuf-pagecount This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit a3728d32fc61eb0fe283cb8ff60b2c8f751e2202, it...

GSD-2022-1001247 udmabuf: validate ubuf->pagecount

udmabuf: validate ubuf-pagecount This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.2 by commit 9e9b4a269f84d3230f2af84ff42322db676440d9, it...

nuclei-templates

This repository is a collection of community-curated templates for the nuclei engine to find security vulnerabilities in applications. The templates are stored in the cves/ directory and are used by the nuclei scanner to identify potential vulnerabilities. The repository also contains workflows f...

PYSEC-2022-194

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

UBUNTU-CVE-2022-0998

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhostvdpaconfigvalidate function. This flaw allows a local user to crash or potentially escalate their privileges on the system...

Linux kernel 输入验证错误漏洞

Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux. A security vulnerability exists in the Linux kernel virtio device driver, which stems from an integer overflow flaw in the way a user triggers the vhostvdpaconfigvalidate function. An attacker could cras...

CVE-2022-0123

An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3, and between 14.6.0 and 14.6.1. GitLab does not validate SSL certificates for some of external CI services which makes it possible to perform MitM attacks on connections to these external services...

OESA-2022-1581 php security update

PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is...

pcs bug fix and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Bug Fixes and Enhancements: Enabling sbd before starting the cluster sets an incorrect validate-with value in /var/lib/pacemaker/cib/cib.xml BZ2042433...

ALBA-2022:0881 pcs bug fix and enhancement update

The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Bug Fixes and Enhancements: Enabling sbd before starting the cluster sets an incorrect validate-with value in /var/lib/pacemaker/cib/cib.xml BZ2042433...

TP-Link TL-WR886N Buffer Overflow Vulnerability (CNVD-2022-20075)

TP-Link TL-WR886N is a wireless router from China Pulink.A buffer overflow vulnerability exists in TP-Link TL-WR886N 20190826 2.3.8, which originates from the /cloudconfig/routerpost/modifyaccountpwd function on memory execution An authenticated attacker could use this vulnerability to execute...

Privilege Escalation

shopware/core is vulnerable to Privilege Escalation. The The vulnerability exists due to lack of validate API library which allows to an attacker to modify customers and create orders without permission...

Cross site scripting

The White Label CMS WordPress plugin before 2.2.9 does not sanitise and validate the wlcmslogincustomjs parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue...

DEBIAN-CVE-2021-21708

In PHP versions 7.4.x below 7.4.28, 8.0.x below 8.0.16, and 8.1.x below 8.1.3, when using filter functions with FILTERVALIDATEFLOAT filter and min/max limits, if the filter fails, there is a possibility to trigger use of allocated memory after free, which can result it crashes, and potentially in...

Google TensorFlow buffer overflow vulnerability (CNVD-2022-11509)

Google TensorFlow is an end-to-end open source platform for machine learning from Google Google. Google Tensorflow has a buffer overflow vulnerability that stems from the fact that Dequantize's implementation does not fully validate the value of axis, which can be exploited by an attacker to caus...

White Label MS < 2.2.9 - Reflected Cross-Site Scripting

The plugin does not sanitise and validate the wlcmslogincustomjs parameter before outputting it back in the response while previewing, leading to a Reflected Cross-Site Scripting issue PoC In v 2.2.8, both unauthenticated and authenticated users can be attacked with it. In 2.2.8, it will only...

GSD-2022-1000051 i2c: validate user data in compat ioctl

i2c: validate user data in compat ioctl This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.13 by commit...

GSD-2022-1000042 i2c: validate user data in compat ioctl

i2c: validate user data in compat ioctl This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.90 by commit...

CVE-2021-46052

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate...

DEBIAN-CVE-2021-46052

A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::Tuple::validate...