Security Vulnerabilities - CVEs Published In August 2022
SWFMill commit 53d7690 was discovered to contain a memory allocation issue via operator new[](unsigned long) at asan_new_delete.cpp.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
fdkaac commit 53fe239 was discovered to contain a floating point exception (FPE) via wav_open at /src/wav_reader.c.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-08-16
tifig v0.2.2 was discovered to contain a heap-use-after-free via temInfoEntry().
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
tifig v0.2.2 was discovered to contain a heap-buffer overflow via __asan_memmove at /asan/asan_interceptors_memintrinsics.cpp.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
tifig v0.2.2 was discovered to contain a segmentation violation via getType() at /common/bbox.cpp.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
tifig v0.2.2 was discovered to contain a memory leak via operator new[](unsigned long) at /asan/asan_new_delete.cpp.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
tifig v0.2.2 was discovered to contain a segmentation violation via std::vector<unsigned int, std::allocator<unsigned int> >::size() const at /bits/stl_vector.h.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
tifig v0.2.2 was discovered to contain a resource allocation issue via operator new(unsigned long) at asan_new_delete.cpp.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-16
When using Ingest Actions to configure a destination that resides on Amazon Simple Storage Service (S3) in Splunk Web, TLS certificate validation is not correctly performed and tested for the destination. The vulnerability only affects connections between Splunk Enterprise and an Ingest Actions Destination through Splunk Web and only applies to environments that have configured TLS certificate validation. It does not apply to Destinations configured directly in the outputs.conf configuration file. The vulnerability affects Splunk Enterprise version 9.0.0 and does not affect versions below 9.0.0, including the 8.1.x and 8.2.x versions.
CVSS Score
7.4
EPSS Score
0.003
Published
2022-08-16
In Splunk Enterprise versions in the following table, an authenticated user can craft a dashboard that could potentially leak information (for example, username, email, and real name) about Splunk users, when visited by another user through the drilldown component. The vulnerability requires user access to create and share dashboards using Splunk Web.
CVSS Score
2.6
EPSS Score
0.003
Published
2022-08-16