CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

CVE-2022-2436 Download Manager <= 3.2.49 - Authenticated (Contributor+) PHAR Deserialization

The Download Manager plugin for WordPress is vulnerable to deserialization of untrusted input via the 'filepackagedir' parameter in versions up to, and including 3.2.49. This makes it possible for authenticated attackers with contributor privileges and above to call files using a PHAR wrapper tha...

CVE-2022-2434 String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization

The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site...

CVE-2022-2438 Broken Link Checker <= 1.11.16 - Authenticated (Admin+) PHAR Deserialization

The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$logfile' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that...

CVE-2022-2433 WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'almrepeatersexport' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they...

PT-2022-16623

Name of the Vulnerable Software and Affected Versions String Locator plugin for WordPress versions up to, and including 2.5.0 Description The issue allows deserialization of untrusted input via the string-locator-path parameter. This enables unauthenticated users to call files using a PHAR wrappe...

CVE-2022-2738

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code executio...

PT-2022-18404 · Red Hat · Podman

Name of the Vulnerable Software and Affected Versions: podman versions prior to the version fixed via RHSA-2020:2117 Description: The issue could potentially be used to crash or cause code execution in Go applications using the Go GPGME wrapper library under certain conditions during GPG signatur...

CVE-2022-36034

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of and with many repetitions of |. This issue has been patched in all versions above 0.2.5. There are currently no known workarounds...

CVE-2022-36034 Possible Regular Expression Denial of Service (ReDoS) used on uncontrolled data in nitrado.js

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of and with many repetitions of |. This issue has been patched in all versions above 0.2.5. There are currently no known workarounds...

CVE-2022-36034 Possible Regular Expression Denial of Service (ReDoS) used on uncontrolled data in nitrado.js

nitrado.js is a type safe wrapper for the Nitrado API. Possible ReDoS with lib input of and with many repetitions of |. This issue has been patched in all versions above 0.2.5. There are currently no known workarounds...

nitrado.js 安全漏洞

nitrado.js is a type-safe wrapper for the Nitrado API by Cain Personal Developers. A security vulnerability exists in versions of nitrado.js prior to 0.2.5, which stems from the presence of polynomial regular expressions with uncontrolled data...

OPENSUSE-SU-2022:10099-1 Security update for chromium

This update for chromium fixes the following issues: Chromium 104.0.5112.101 boo1202509: CVE-2022-2852: Use after free in FedCM CVE-2022-2854: Use after free in SwiftShader CVE-2022-2855: Use after free in ANGLE CVE-2022-2857: Use after free in Blink CVE-2022-2858: Use after free in Sign-In Flow...

podman: Security regression of CVE-2020-8945 due to source code management issue

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117. This issue could possibly be used to crash or cause potential code executio...

Red Hat Enterprise Linux 资源管理错误漏洞

Red Hat Enterprise Linux is a Linux operating system for business users from Red Hat, Inc. A security vulnerability exists in Red Hat Enterprise Linux 7 that stems from the inclusion of an incorrect version of podman, which could cause Go applications using the Go GPGME wrapper library to crash o...

CVE-2022-36024 Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the application.commands scope without the bot scope. Currently, it appears that all public bots that use slash commands are...

CVE-2022-36024

CVE-2022-36024 affects py-cord, a Python Discord API wrapper used by bots. In version 2.0.0, bots added to a server with the application.commands scope without the bot scope are vulnerable to remote shutdown. The issue appears to affect public bots using slash commands. Remediation: upgrade to ve...

Malicious Package

Overview ctv-tachyon-wrapper is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...

GSD-2022-1004148 efi/x86: use naked RET on mixed mode call wrapper

efi/x86: use naked RET on mixed mode call wrapper This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.14 by commit...

Command Injection

sonar-wrapper is vulnerable to command injection. The vulnerability exists due to a lack of sanitization of input via the run function allowing an attacker to inject maliciously crafted command into the system...