Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2022-27418: Heap-buffer-overflow in tcpreplay · Issue #703 · appneta/tcpreplay

Tcpreplay v4.4.1 has a heap-based buffer overflow in do_checksum_math at /tcpedit/checksum.c.

CVE
Open in Source
#ubuntu#linux#git
CVE-2022-24812: Build software better, together

Grafana is an open-source platform for monitoring and observability. When fine-grained access control is enabled and a client uses Grafana API Key to make requests, the permissions for that API Key are cached for 30 seconds for the given organization. Because of the way the cache ID is constructed, the consequent requests with any API Key evaluate to the same permissions as the previous requests. This can lead to an escalation of privileges, when for example a first request is made with Admin permissions, and the second request with different API Key is made with Viewer permissions, the second request will get the cached permissions from the previous Admin, essentially accessing higher privilege than it should. The vulnerability is only impacting Grafana Enterprise when the fine-grained access control beta feature is enabled and there are more than one API Keys in one organization with different roles assigned. All installations after Grafana Enterprise v8.1.0-beta1 should be upgraded ...

CVE-2022-27263: GitHub - strapi/strapi: 🚀 Open source Node.js Headless CMS to easily build customisable APIs

An arbitrary file upload vulnerability in the file upload module of Strapi v4.1.5 allows attackers to execute arbitrary code via a crafted file.

CVE-2022-24248: Offensive Security’s Exploit Database Archive

RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal vulnerability in Admin Panel. Exploiting the vulnerability allows an authenticated attacker to delete any file in the web root (along with any other file on the server that the PHP process user has the proper permissions to delete). Furthermore, an attacker might leverage the capability of arbitrary file deletion to circumvent certain web server security mechanisms such as deleting .htaccess file that would deactivate those security constraints.

CVE-2022-27145: There is a statck-overflow detected by AddressSanitizer · Issue #2108 · gpac/gpac

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.

CVE-2022-27148: Signed integer overflow · Issue #2067 · gpac/gpac

GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow.

CVE-2022-27147: There is a use-after-free detected by AddressSanitizer · Issue #2109 · gpac/gpac

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag.

CVE-2022-27146: There is a heap buffer overflow detected by AddressSanitizer · Issue #2120 · gpac/gpac

GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag.

CVE-2022-27145: There is a statck-overflow detected by AddressSanitizer · Issue #2108 · gpac/gpac

GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box.

CVE-2021-40656: heap-buffer-overflow in libsixel/src/quant.c:867 · Issue #25 · libsixel/libsixel

libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867.