Skip to content
Security Without Compromise
  • Home
  • Cyber Security Services
    • Incident Response
    • Penetration Testing
    • Security Training
    • Secure Code Review
  • Cyber Security Solutions
    • Deception Technology
    • Threat Protection
    • Information Protection
    • Risk Analytics
  • Managed Security Services
    • NextGen Anti-Virus
    • Anti-Ransomware
    • Log Management
    • Threat Hunting as a Service (THaaS)
  • Resources
    • Datasheets & Tech Notes
    • Case Studies & White Papers
    • Blog
    • Video and Podcasts
    • News
  • Contact Us
Menu
  • Home
  • Cyber Security Services
    • Incident Response
    • Penetration Testing
    • Security Training
    • Secure Code Review
  • Cyber Security Solutions
    • Deception Technology
    • Threat Protection
    • Information Protection
    • Risk Analytics
  • Managed Security Services
    • NextGen Anti-Virus
    • Anti-Ransomware
    • Log Management
    • Threat Hunting as a Service (THaaS)
  • Resources
    • Datasheets & Tech Notes
    • Case Studies & White Papers
    • Blog
    • Video and Podcasts
    • News
  • Contact Us
RSS VUNERABILITIES
  • CVE-2022-31650 May 25, 2022
    In SoX 14.4.2, there is a floating-point exception in lsx_aiffstartwrite in aiff.c in libsox.a.
  • CVE-2022-31651 May 25, 2022
    In SoX 14.4.2, there is an assertion failure in rate_init in rate.c in libsox.a.
  • CVE-2022-29256 May 25, 2022
    sharp is an application for Node.js image processing. Prior to version 0.30.5, there is a possible vulnerability in logic that is run only at `npm install` time when installing versions of `sharp` prior to the latest v0.30.5. If an attacker has the ability to set the value of the `PKG_CONFIG_PATH` environment variable in a build […]
  • CVE-2022-26067 May 25, 2022
    An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.
  • CVE-2022-26077 May 25, 2022
    A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.
  • CVE-2022-29252 May 25, 2022
    XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is […]
  • CVE-2022-29253 May 25, 2022
    XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions […]
  • CVE-2022-31621 May 25, 2022
    MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_xbstream.cc, when an error occurs (stream_ctxt->dest_file == NULL) while executing the method xbstream_open, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
  • CVE-2022-29251 May 25, 2022
    XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available […]
  • CVE-2022-27169 May 25, 2022
    An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.
  • CVE-2022-26082 May 25, 2022
    A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
  • CVE-2022-26303 May 25, 2022
    An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.
  • CVE-2022-31622 May 25, 2022
    MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (pthread_create returns a nonzero value) while executing the method create_worker_threads, the held lock is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
  • CVE-2022-31620 May 25, 2022
    In libjpeg before 1.64, BitStream::Get in bitstream.hpp has an assertion failure that may cause denial of service. This is related to out-of-bounds array access during arithmetically coded lossless scan or arithmetically coded sequential scan.
  • CVE-2022-31623 May 25, 2022
    MariaDB Server before 10.7 is vulnerable to Denial of Service. In extra/mariabackup/ds_compress.cc, when an error occurs (i.e., going to the err label) while executing the method create_worker_threads, the held lock thd->ctrl_mutex is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
  • CVE-2022-31624 May 25, 2022
    MariaDB Server before 10.7 is vulnerable to Denial of Service. While executing the plugin/server_audit/server_audit.c method log_statement_ex, the held lock lock_bigbuffer is not released correctly, which allows local users to trigger a denial of service due to the deadlock.
  • CVE-2022-26833 May 25, 2022
    An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.
  • CVE-2022-26043 May 25, 2022
    An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability.
  • CVE-2022-26026 May 25, 2022
    A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.
  • CVE-2022-29248 May 25, 2022
    Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated […]
LATEST POSTS
EVENTS
CONTACT US
info@ipresidium.com
Office: (949) 721-6612
Fax: (866) 205-2904
620 Newport Center Dr. STE 1100
Newport Beach, CA 92660
Career Opportunities
COPYRIGHT © iPRESIDIUM 2020 | Privacy Policy | Careers
Envelope Facebook Twitter Linkedin