Les dernières vulnérabilités publiées sur la National Vulnerability Database (NVD)

CVE-2022-35606 - A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameter 'customerCode.'
18/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35606
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35605 - A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via the parameters such as 'users', 'pass', etc.
18/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35605
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35604 - A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter 'searchTxt'.
18/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35604
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35603 - A SQL injection vulnerability in CustomerDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
18/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35603
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35602 - A SQL injection vulnerability in UserDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter user.
18/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35602
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35601 - A SQL injection vulnerability in SupplierDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter searchTxt.
18/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35601
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35599 - A SQL injection vulnerability in Stocks.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter productcode.
18/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35599
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35598 - A SQL injection vulnerability in ConnectionFactoryDAO.java in sazanrjb InventoryManagementSystem 1.0 allows attackers to execute arbitrary SQL commands via parameter username.
18/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35598
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35151 - kkFileView v4.1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the urls and currentUrl parameters at /controller/OnlinePreviewController.java.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35151
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2869 - libtiff's tiffcrop tool has a uint32_t underflow which leads to out of bounds read and write in the extractContigSamples8bits routine. An attacker who supplies a crafted file to tiffcrop could trigger this flaw, most likely by tricking a user into opening the crafted file with tiffcrop. Triggering this flaw could cause a crash or potentially further exploitation.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2869
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2868 - libtiff's tiffcrop utility has a improper input validation flaw that can lead to out of bounds read and ultimately cause a crash if an attacker is able to supply a crafted file to tiffcrop.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2868
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2867 - libtiff's tiffcrop utility has a uint32_t underflow that can lead to out of bounds read and write. An attacker who supplies a crafted file to tiffcrop (likely via tricking a user to run tiffcrop on it with certain parameters) could cause a crash or in some cases, further exploitation.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2867
Partager : LinkedIn / Twitter / Facebook

CVE-2022-28752 - Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-28752
Partager : LinkedIn / Twitter / Facebook

CVE-2022-28751 - The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-28751
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35148 - maccms10 v2021.1000.1081 to v2022.1000.3031 was discovered to contain a SQL injection vulnerability via the table parameter at database/columns.html.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35148
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35147 - DoraCMS v2.18 and earlier allows attackers to bypass login authentication via a crafted HTTP request.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35147
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35133 - A cross-site scripting (XSS) vulnerability in CherryTree v0.99.30 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name text field when creating a node.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35133
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35122 - An access control issue in Ecowitt GW1100 Series Weather Stations
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35122
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2547 - A crafted HTTP packet without a content-type header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2547
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2338 - Softing Secure Integration Server V1.22 is vulnerable to authentication bypass via a machine-in-the-middle attack. The default the administration interface is accessible via plaintext HTTP protocol, facilitating the attack. The HTTP request may contain the session cookie in the request, which may be captured for use in authenticating to the server.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2338
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2337 - A crafted HTTP packet with a missing HTTP URI can create a denial-of-service condition in Softing Secure Integration Server V1.22.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2337
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2336 - Softing Secure Integration Server, edgeConnector, and edgeAggregator software ships with the default administrator credentials as `admin` and password as `admin`. This allows Softing to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the `admin` password. There is no warning or prompt to ask the user to change the default password, and to change the password, many steps are required.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2336
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2335 - A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2335
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2334 - The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2334
Partager : LinkedIn / Twitter / Facebook

CVE-2022-23765 - This vulnerability occured by sending a malicious POST request to a specific page while logged in random user from some family of IPTIME NAS. Remote attackers can steal root privileges by changing the password of the root through a POST request.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-23765
Partager : LinkedIn / Twitter / Facebook

CVE-2022-23764 - The vulnerability causing from insufficient verification procedures for downloaded files during WebCube update. Remote attackers can bypass this verification logic to update both digitally signed and unauthorized files, enabling remote code execution.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-23764
Partager : LinkedIn / Twitter / Facebook

CVE-2022-23747 - In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-23747
Partager : LinkedIn / Twitter / Facebook

CVE-2022-1748 - Softing OPC UA C++ Server SDK, Secure Integration Server, edgeConnector, edgeAggregator, OPC Suite, and uaGate are affected by a NULL pointer dereference vulnerability.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-1748
Partager : LinkedIn / Twitter / Facebook

CVE-2022-1373 - The “restore configuration” feature of Softing Secure Integration Server V1.22 is vulnerable to a directory traversal vulnerability when processing zip files. An attacker can craft a zip file to load an arbitrary dll and execute code. Using the "restore configuration" feature to upload a zip file containing a path traversal file may cause a file to be created and executed upon touching the disk.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-1373
Partager : LinkedIn / Twitter / Facebook

CVE-2022-1069 - A crafted HTTP packet with a large content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-1069
Partager : LinkedIn / Twitter / Facebook

CVE-2021-26639 - This vulnerability is caused by the lack of validation of input values for specific functions if WISA Smart Wing CMS. Remote attackers can use this vulnerability to leak all files in the server without logging in system.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2021-26639
Partager : LinkedIn / Twitter / Facebook

CVE-2020-14394 - An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2020-14394
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36216 - DedeCMS v5.7.94 - v5.7.97 was discovered to contain a remote code execution vulnerability in member_toadmin.php.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36216
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36215 - DedeBIZ v6 was discovered to contain a remote code execution vulnerability in sys_info.php.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36215
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35516 - DedeCMS v5.7.93 - v5.7.96 was discovered to contain a remote code execution vulnerability in login.php.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35516
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35121 - Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35121
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2862 - Use After Free in GitHub repository vim/vim prior to 9.0.0220.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2862
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2870 - A vulnerability was found in laravel 5.1 and classified as problematic. This issue affects some unknown processing. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206501 was assigned to this vulnerability.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2870
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38392 - A certain 5400 RPM OEM hard drive, as shipped with laptop PCs in approximately 2005, allows physically proximate attackers to cause a denial of service (device malfunction and system crash) via a resonant-frequency attack with the audio signal from the Rhythm Nation music video.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38392
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35117 - Clinic's Patient Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via update_medicine_details.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Packing text box under the Update Medical Details module.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35117
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2849 - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0219.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2849
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36191 - A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36191
Partager : LinkedIn / Twitter / Facebook

CVE-2022-22455 - IBM Security Verify Governance Identity Manager 10.0 virtual appliance component performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. IBM X-Force ID: 224989.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-22455
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38149 - HashiCorp Consul Template through 0.29.1 inserts Sensitive Information into a Log File.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38149
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36190 - GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36190
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36186 - A Null Pointer dereference vulnerability exists in GPAC 2.1-DEV-revUNKNOWN-master via the function gf_filter_pid_set_property_full () at filter_core/filter_pid.c:5250,which causes a Denial of Service (DoS). This vulnerability was fixed in commit b43f9d1.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36186
Partager : LinkedIn / Twitter / Facebook

CVE-2022-31262 - An exploitable local privilege escalation vulnerability exists in GOG Galaxy 2.0.46. Due to insufficient folder permissions, an attacker can hijack the %ProgramData%\GOG.com folder structure and change the GalaxyCommunication service executable to a malicious file, resulting in code execution as SYSTEM.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-31262
Partager : LinkedIn / Twitter / Facebook

CVE-2022-30262 - The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have no authentication (in the form of firmware signing) and only relied on insecure checksums for regular integrity checks.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-30262
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2845 - Buffer Over-read in GitHub repository vim/vim prior to 9.0.0217.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2845
Partager : LinkedIn / Twitter / Facebook

CVE-2022-37459 - Ampere Altra devices before 1.08g and Ampere Altra Max devices before 2.05a allow attackers to control the predictions for return addresses and potentially hijack code flow to execute arbitrary code via a side-channel attack, aka a "Retbleed" issue.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-37459
Partager : LinkedIn / Twitter / Facebook

CVE-2021-45454 - Ampere Altra before SRP 1.08b and Altra Max? before SRP 2.05 allow information disclosure of power telemetry via HWmon.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2021-45454
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2871 - Cross-site Scripting (XSS) - Stored in GitHub repository notrinos/notrinoserp prior to 0.7.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2871
Partager : LinkedIn / Twitter / Facebook

CVE-2022-1410 - OS Command Injection vulnerability in the db_optimize component of Device42 Asset Management Appliance allows an authenticated attacker to execute remote code on the device. This issue affects: Device42 CMDB version 18.01.00 and prior versions.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-1410
Partager : LinkedIn / Twitter / Facebook

CVE-2022-1401 - Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-1401
Partager : LinkedIn / Twitter / Facebook

CVE-2022-1400 - Use of Hard-coded Cryptographic Key vulnerability in the WebReportsApi.dll of Exago Web Reports, as used in the Device42 Asset Management Appliance, allows an attacker to leak session IDs and elevate privileges. This issue affects: Device42 CMDB versions prior to 18.01.00.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-1400
Partager : LinkedIn / Twitter / Facebook

CVE-2022-1399 - An Argument Injection or Modification vulnerability in the "Change Secret" username field as used in the Discovery component of Device42 CMDB allows a local attacker to run arbitrary code on the appliance with root privileges. This issue affects: Device42 CMDB version 18.01.00 and prior versions.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-1399
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38238 - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38238
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38237 - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38237
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38236 - XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38236
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38235 - XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38235
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38234 - XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38234
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38233 - XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38233
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38231 - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38231
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38230 - XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38230
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38229 - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38229
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38228 - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38228
Partager : LinkedIn / Twitter / Facebook

CVE-2022-38227 - XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-38227
Partager : LinkedIn / Twitter / Facebook

CVE-2022-37781 - fdkaac v1.0.3 was discovered to contain a heap buffer overflow via __interceptor_memcpy.part.46 at /sanitizer_common/sanitizer_common_interceptors.inc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-37781
Partager : LinkedIn / Twitter / Facebook

CVE-2022-37439 - In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-37439
Partager : LinkedIn / Twitter / Facebook

CVE-2022-37438 - In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-37438
Partager : LinkedIn / Twitter / Facebook

CVE-2022-37437 - When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-37437
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36148 - fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36148
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36146 - SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[](unsigned long) at asan_new_delete.cpp.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36146
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36145 - SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::Reader::getWord().
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36145
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36144 - SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via base64_encode.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36144
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36143 - SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via __interceptor_strlen.part at /sanitizer_common/sanitizer_common_interceptors.inc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36143
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36142 - SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Reader::getU30().
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36142
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36141 - SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::MethodBody::write(SWF::Writer*, SWF::Context*).
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36141
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36140 - SWFMill commit 53d7690 was discovered to contain a segmentation violation via SWF::DeclareFunction2::write(SWF::Writer*, SWF::Context*).
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36140
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36139 - SWFMill commit 53d7690 was discovered to contain a heap-buffer overflow via SWF::Writer::writeByte(unsigned char).
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36139
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35434 - jpeg-quantsmooth before commit 8879454 contained a floating point exception (FPE) via /jpeg-quantsmooth/jpegqs+0x4f5d6c.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35434
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35433 - ffjpeg commit caade60a69633d74100bd3c2528bddee0b6a1291 was discovered to contain a memory leak via /src/jfif.c.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35433
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35111 - SWFTools commit 772e55a2 was discovered to contain a stack overflow via __sanitizer::StackDepotNode::hash(__sanitizer::StackTrace const&) at /sanitizer_common/sanitizer_stackdepot.cpp.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35111
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35110 - SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35110
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35109 - SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via draw_stroke at /gfxpoly/stroke.c.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35109
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35108 - SWFTools commit 772e55a2 was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35108
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35107 - SWFTools commit 772e55a2 was discovered to contain a stack overflow via vfprintf at /stdio-common/vfprintf.c.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35107
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35106 - SWFTools commit 772e55a2 was discovered to contain a segmentation violation via FoFiTrueType::computeTableChecksum(unsigned char*, int) at /xpdf/FoFiTrueType.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35106
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35105 - SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via /bin/png2swf+0x552cea.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35105
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35104 - SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via DCTStream::reset() at /xpdf/Stream.cc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35104
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35101 - SWFTools commit 772e55a2 was discovered to contain a segmentation violation via /multiarch/memset-vec-unaligned-erms.S.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35101
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35013 - PNGDec commit 8abf6be was discovered to contain a FPE via SaveBMP at /linux/main.cpp.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35013
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35012 - PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via SaveBMP at /linux/main.cpp.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35012
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35011 - PNGDec commit 8abf6be was discovered to contain a global buffer overflow via inflate_fast at /src/inffast.c.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35011
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35010 - PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via asan_interceptors_memintrinsics.cpp.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35010
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35009 - PNGDec commit 8abf6be was discovered to contain a memory allocation problem via asan_malloc_linux.cpp.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35009
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35008 - PNGDec commit 8abf6be was discovered to contain a stack overflow via /linux/main.cpp.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35008
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35007 - PNGDec commit 8abf6be was discovered to contain a heap buffer overflow via __interceptor_fwrite.part.57 at sanitizer_common_interceptors.inc.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35007
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35004 - JPEGDEC commit be4843c was discovered to contain a FPE via TIFFSHORT at /src/jpeg.inl.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35004
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35003 - JPEGDEC commit be4843c was discovered to contain a global buffer overflow via ucDitherBuffer at /src/jpeg.inl.
16/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35003
Partager : LinkedIn / Twitter / Facebook

Les annonces ayant été modifiées dernièrement

CVE-2021-42052 - IPESA e-Flow 3.3.6 allows path traversal for reading any file within the web root directory via the lib/js/build/STEResource.res path and the R query parameter.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2021-42052
Partager : LinkedIn / Twitter / Facebook

CVE-2022-25799 - An open redirect vulnerability exists in CERT/CC VINCE software prior to 1.5.0. An attacker could send a link that has a specially crafted URL and convince the user to click the link. When an authenticated user clicks the link, the authenticated user's browser could be redirected to a malicious site that is designed to impersonate a legitimate website. The attacker could trick the user and potentially acquire sensitive information such as the user's credentials.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-25799
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36155 - tifig v0.2.2 was discovered to contain a resource allocation issue via operator new(unsigned long) at asan_new_delete.cpp.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36155
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36153 - tifig v0.2.2 was discovered to contain a segmentation violation via std::vector::size() const at /bits/stl_vector.h.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36153
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36152 - tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36152
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36151 - tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36151
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36150 - tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_interceptors_memintrinsics.cpp.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36150
Partager : LinkedIn / Twitter / Facebook

CVE-2022-36149 - tifig v0.2.2 was discovered to contain a heap-use-after-free via temInfoEntry().
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-36149
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35486 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6badae.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35486
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35485 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x703969.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35485
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35484 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6b6a8f.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35484
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35483 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x5266a8.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35483
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35482 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x65f724.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35482
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35481 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35481
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35479 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbbb6.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35479
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35478 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x6babea.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35478
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35477 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe954.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35477
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35476 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fbc0b.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35476
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35475 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41a8.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35475
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35474 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b544e.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35474
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35473 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /release-x64/otfccdump+0x4fe9a7.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35473
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35472 - OTFCC v0.10.4 was discovered to contain a global overflow via /release-x64/otfccdump+0x718693.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35472
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35471 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b0.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35471
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35470 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x65fc97.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35470
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35469 - OTFCC v0.10.4 was discovered to contain a segmentation violation via /x86_64-linux-gnu/libc.so.6+0xbb384.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35469
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35468 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e420d.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35468
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35467 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e41b8.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35467
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35466 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0473.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35466
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35465 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0414.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35465
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35464 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6171b2.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35464
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35463 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0478.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35463
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35462 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0bc3.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35462
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35461 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c0a32.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35461
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35460 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x61731f.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35460
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35459 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6e412a.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35459
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35458 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05ce.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35458
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35456 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x617087.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35456
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35455 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0d63.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35455
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35454 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b05aa.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35454
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35453 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6c08a6.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35453
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35452 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0b2c.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35452
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35451 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b03b5.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35451
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35450 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b84b1.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35450
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35449 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b0466.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35449
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35448 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b55af.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35448
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35447 - OTFCC v0.10.4 was discovered to contain a heap-buffer overflow via /release-x64/otfccdump+0x6b04de.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35447
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35114 - SWFTools commit 772e55a2 was discovered to contain a segmentation violation via extractFrame at /readers/swf.c.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35114
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35113 - SWFTools commit 772e55a2 was discovered to contain a heap-buffer overflow via swf_DefineLosslessBitsTagToImage at /modules/swfbits.c.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35113
Partager : LinkedIn / Twitter / Facebook

CVE-2022-35100 - SWFTools commit 772e55a2 was discovered to contain a segmentation violation via gfxline_getbbox at /lib/gfxtools.c.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-35100
Partager : LinkedIn / Twitter / Facebook

CVE-2022-2661 - Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests.
17/08/2022 | https://nvd.nist.gov/vuln/detail/CVE-2022-2661
Partager : LinkedIn / Twitter / Facebook