Month: August 2023

In Cacti 1.2.19, there is an authentication bypass in the web login functionality because of improper validation in the PHP code: cacti_ldap_auth() allows a zero as the password. Continue reading CVE-2022-48538 (cacti)→

An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. Continue reading CVE-2022-48545 (xpdf)→

A use-after-free exists in Python through 3.9 via heappushpop in heapq. Continue reading CVE-2022-48560 (python)→

read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. Continue reading CVE-2022-48564 (python)→

File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: "File" is the name of an Open Source project. Continue reading CVE-2022-48554 (file)→

GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. Continue reading CVE-2022-48065 (binutils)→

A memory leak in ImageMagick 7.0.10-45 and 6.9.11-22 allows remote attackers to perform a denial of service via the "identify -help" command. Continue reading CVE-2022-48541 (imagemagick)→

A reflected cross-site scripting (XSS) vulnerability in Cacti 0.8.7g and earlier allows unauthenticated remote attackers to inject arbitrary web script or HTML in the "ref" parameter at auth_changepassword.php. Continue reading CVE-2022-48547 (cacti)→

GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. Continue reading CVE-2022-48064 (binutils, fedora, ontap_select_deploy_administration_utility)→

An issue was discovered in Fresenius Kabi PharmaHelp 5.1.759.0 allows attackers to gain escalated privileges via via capture of user login information. Continue reading CVE-2022-45611 (pharmahelp_firmware)→