Topic

Google

A collection of 152 issues

CVE-2022-42002 SonicJS through 0.6.0 has file overwrite mutations fileCreate and fileUpdate.

The fileCreate mutation can be called without any authentication. If a developer had access to this mutation, they could easily overwrite any file on an application. The fileUpdate mutation can be called without any authentication. If a developer had access to this mutation, they could easily delete any file on

CVE-2020-15338 The Zyxel CloudCNM SecuManager has a "Use of GET Request Method With Sensitive Query Strings" issue. This issue may be exploited by attackers to access sensitive information.

In these cases, the server may return a different response code than expected. This issue occurs when the GET request method is used with a query string that contains a "specially-crafted word." For example: GET /cnr?s=password In these cases, the server may return a different response code than

CVE-2022-40194 An Unauthenticated SSI vulnerability in the WooCommerce plugin = 5.3.5.

An attacker can exploit the unauthenticated vulnerability to retrieve the customer’s email address and other personally identifiable information. Unauthenticated information disclosure vulnerabilities occur when the software does not properly sanitize user input before using it in the application or before returning it in the form of output. This makes

CVE-2022-23951 Keylime's quote responses can contain untrusted ZIP data which can lead to zip bombs.

This issue has been resolved in 6.3.0. Before upgrading to 6.3.0, make sure to disable the quote feature in your settings, or to un-install the old version of keylime. When using the Gist agent, newly created Gists can be posted to malicious URL shorteners which can

CVE-2022-35086 A commit 772e55a2 of the SFTW tools contained a segmentation violation.

This commit was discovered to be problematic when the compiler is used in a build of a program that links with third-party libraries. This may cause the program to crash when a library loaded by the program attempts to access memory that has been moved to another location in memory.

CVE-2022-1580 The Site Offline Or Coming Soon Or Maintenance Mode plugin before 1.5.3 prevents users from accessing a website if the URL contains certain keywords.

For example, if you wanted to stop users from accessing your website via Google or Microsoft Bing by adding the keywords "Bing" or "Google" to the URL, you could do so by adding those keywords to the URL's query string. For example, if you wanted to stop users from accessing

CVE-2022-39210 The Nextcloud Android client is official and internal paths are not protected.

The Nextcloud Android app does not support all the features of the server. For example, the app does not support group or user publishing. Accessing Nextcloud via the Android app requires acceptance of the EULA. The Nextcloud Android app lacks an option to block the installation of apps from outside

CVE-2022-36014 TensorFlow is an open source platform for machine learning. When it receives null type attributes, it crashes.

You can update to TensorFlow 2.10.0 or TensorFlow 2.9.1 if you are running TensorFlow 2.8.1 or TensorFlow 2.7.2. However, note that TensorFlow 2.10.0 is not backwards compatible. This means your TensorFlow code will not run on TensorFlow 2.9.1

CVE-2022-38534 TOTOLINK-720R v4.1.5cu.374 had a remote code execution vulnerability.

An attacker may leverage this vulnerability to take control of an affected device. TOTOLINK-720R v4.1.5cu.374 was also discovered to contain several high severity security vulnerabilities. It is recommended that device users update their TOTOLINK-720R v4.1.5cu.374 as soon as possible. Reaver v3.3.6 Reaver

CVE-2022-40438 An overflow vulnerability in mp42aac in Bento4 v1.6.0-639 allows attackers to cause a denial of service.

MFSA 2016-07: Security researcher Haosheng Peng discovered a vulnerability in the font parsing function of MP4 1.0 and 2.0 files. When a malformed MP4 file is parsed by a user-installed video player, it could lead to arbitrary code execution. This issue was resolved in v1.6.0+ with