August 2023 – Page 206 – WindowsTechs.com

CVE-2022-44729 (xml_graphics_batik)

Posted on August 22, 2023 by National Vulnerability Database

Server-Side Request Forgery (SSRF) vulnerability in Apache Software Foundation Apache XML Graphics Batik.This issue affects Apache XML Graphics Batik: 1.16.

On version 1.16, a malicious SVG could trigger loading external resources by default, causing … Continue reading CVE-2022-44729 (xml_graphics_batik)→

CVE-2022-41444 (cacti)

Posted on August 22, 2023 by National Vulnerability Database

Cross Site Scripting (XSS) vulnerability in Cacti 1.2.21 via crafted POST request to graphs_new.php. Continue reading CVE-2022-41444 (cacti)→

CVE-2022-40433 (openjdk)

Posted on August 22, 2023 by National Vulnerability Database

An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. Continue reading CVE-2022-40433 (openjdk)→

CVE-2022-34038 (etcd)

Posted on August 22, 2023 by National Vulnerability Database

Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go Continue reading CVE-2022-34038 (etcd)→

CVE-2022-35206 (binutils)

Posted on August 22, 2023 by National Vulnerability Database

Null pointer dereference vulnerability in Binutils readelf 2.38.50 via function read_and_display_attr_value in file dwarf.c. Continue reading CVE-2022-35206 (binutils)→

CVE-2022-35205 (binutils)

Posted on August 22, 2023 by National Vulnerability Database

An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. Continue reading CVE-2022-35205 (binutils)→

CVE-2022-37050 (poppler)

Posted on August 22, 2023 by National Vulnerability Database

In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerab… Continue reading CVE-2022-37050 (poppler)→

CVE-2022-38349 (poppler)

Posted on August 22, 2023 by National Vulnerability Database

An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. Continue reading CVE-2022-38349 (poppler)→

CVE-2022-36648 (qemu)

Posted on August 22, 2023 by National Vulnerability Database

The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. Continue reading CVE-2022-36648 (qemu)→

CVE-2022-40090 (libtiff)

Posted on August 22, 2023 by National Vulnerability Database

An issue was discovered in function TIFFReadDirectory libtiff before 4.4.0 allows attackers to cause a denial of service via crafted TIFF file. Continue reading CVE-2022-40090 (libtiff)→