CVE-2022-41845 - An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_Array<AP4_ElstEntry>::EnsureCapacity in Core/Ap4Array.h.
Published: September 30, 2022; 1:15:11 AM -0400

V3.1: 5.5 MEDIUM

CVE-2022-41841 - An issue was discovered in Bento4 through 1.6.0-639. A NULL pointer dereference occurs in AP4_File::ParseStream in Core/Ap4File.cpp, which is called from AP4_File::AP4_File.
Published: September 30, 2022; 1:15:11 AM -0400

V3.1: 5.5 MEDIUM

CVE-2022-41847 - An issue was discovered in Bento4 1.6.0-639. A memory leak exists in AP4_StdcFileByteStream::Create(AP4_FileByteStream*, char const*, AP4_FileByteStream::Mode, AP4_ByteStream*&) in System/StdC/Ap4StdCFileByteStream.cpp.
Published: September 30, 2022; 1:15:11 AM -0400

V3.1: 5.5 MEDIUM

CVE-2022-41846 - An issue was discovered in Bento4 1.6.0-639. There ie excessive memory consumption in the function AP4_DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp.
Published: September 30, 2022; 1:15:11 AM -0400

V3.1: 5.5 MEDIUM

CVE-2022-41842 - An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
Published: September 30, 2022; 1:15:11 AM -0400

V3.1: 5.5 MEDIUM

CVE-2022-41843 - An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
Published: September 30, 2022; 1:15:11 AM -0400

V3.1: 5.5 MEDIUM

CVE-2022-41844 - An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
Published: September 30, 2022; 1:15:11 AM -0400

V3.1: 5.5 MEDIUM

CVE-2022-38732 - SnapCenter versions prior to 4.7 shipped without Content Security Policy (CSP) implemented which could allow certain types of attacks that otherwise would be prevented.
Published: September 29, 2022; 11:15:09 AM -0400

V3.1: 7.5 HIGH

CVE-2022-39254 - matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room ke... read CVE-2022-39254
Published: September 29, 2022; 11:15:10 AM -0400

V3.1: 6.5 MEDIUM

CVE-2022-39252 - matrix-rust-sdk is an implementation of a Matrix client-server library in Rust, and matrix-sdk-crypto is the Matrix encryption library. Prior to version 0.6, when a user requests a room key from their devices, the software correctly remembers the ... read CVE-2022-39252
Published: September 29, 2022; 11:15:10 AM -0400

V3.1: 7.5 HIGH

CVE-2022-39168 - IBM Robotic Process Automation Clients are vulnerable to proxy credentials being exposed in upgrade logs. IBM X-Force ID: 235422.
Published: September 29, 2022; 12:15:09 PM -0400

V3.1: 7.5 HIGH

CVE-2022-40931 - dutchcoders Transfer.sh 1.4.0 is vulnerable to Cross Site Scripting (XSS).
Published: September 29, 2022; 12:15:10 PM -0400

V3.1: 6.1 MEDIUM

CVE-2022-41828 - In Amazon AWS Redshift JDBC Driver (aka amazon-redshift-jdbc-driver or redshift-jdbc42) before 2.1.0.8, the Object Factory does not check the class type when instantiating an object from a class name.
Published: September 29, 2022; 5:15:12 PM -0400

V3.1: 9.8 CRITICAL

CVE-2022-39173 - In wolfSSL before 5.5.1, malicious clients can cause a buffer overflow during a TLS 1.3 handshake. This occurs when an attacker supposedly resumes a previous TLS session. During the resumption Client Hello a Hello Retry Request must be triggered. ... read CVE-2022-39173
Published: September 28, 2022; 9:15:11 PM -0400

V3.1: 7.5 HIGH

CVE-2014-0147 - Qemu before 1.6.2 block diver for the various disk image formats used by Bochs and for the QCOW version 2 format, are vulnerable to a possible crash caused by signed data types or a logic error while creating QCOW2 snapshots, which leads to incorr... read CVE-2014-0147
Published: September 28, 2022; 11:15:11 PM -0400

V3.1: 6.2 MEDIUM

CVE-2022-40472 - ZKTeco Xiamen Information Technology ZKBio Time 8.0.7 Build: 20220721.14829 was discovered to contain a CSV injection vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the Content text... read CVE-2022-40472
Published: September 29, 2022; 4:15:14 PM -0400

V3.1: 8.0 HIGH

CVE-2022-29503 - A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. Thread allocation can lead to memory corruption. An attacker can create threads to trigger this vulnerability.
Published: September 29, 2022; 1:15:28 PM -0400

V3.1: 9.8 CRITICAL

CVE-2022-32170 - The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=${userId}”.
Published: September 28, 2022; 6:15:09 AM -0400

V3.1: 4.3 MEDIUM

CVE-2022-32169 - The “Bytebase” application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”.
Published: September 28, 2022; 6:15:09 AM -0400

V3.1: 4.3 MEDIUM

CVE-2022-23006 - A stack-based buffer overflow vulnerability was found on Western Digital My Cloud Home, My Cloud Home Duo, and SanDisk ibi that could allow an attacker accessing the system locally to read information from /etc/version file. This vulnerability can... read CVE-2022-23006
Published: September 27, 2022; 7:15:12 PM -0400

V3.1: 6.7 MEDIUM