Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GSD-2022-1004953
  • GSD/Smart contract
DNS hijack in Smart contract version website serving smartcontract on 2022-08-09
  • website serving smartcontract on 2022-08-09
2022-08-09T23:36:36.438030Z No fix available
GSD-2022-1004952
  • GSD/Wallet
Logging of sensitive information in Wallet version Current version and possibly previous versions
  • Current version and possibly previous versions
2022-08-05T16:52:49.918680Z No fix available
GSD-2022-1004951
  • GSD/Slack
hashed password of the user who created or revoked the link disclosure in Slack version between April 17, 2017 and July 17, 2022
  • between April 17, 2017 and July 17, 2022
2022-08-05T03:45:01.608941Z No fix available
GSD-2022-1004950
  • GSD/eth.link domain name
Redirection of DNS domain in eth.link domain name version 2022-07-31 and later
  • 2022-07-31 and later
2022-08-01T16:34:28.222568Z No fix available
GSD-2022-1002527
  • GSD/URL redirection
improperly formatted security headers in URL redirection version all as of 2022-07-07
  • all as of 2022-07-07
2022-07-02T01:38:25.507792Z No fix available
GSD-2022-1002526
  • GSD/OpenSSL
heap buffer overflow in OpenSSL version 3.0.4
  • 3.0.4
2022-06-28T02:20:38.695078Z No fix available
GSD-2022-2274
  • GSD/OpenSSL
heap buffer overflow in OpenSSL version 3.0.4
  • 3.0.4
2022-06-28T02:20:38.695078Z No fix available
GSD-2022-1002525
  • GSD/Google Cloud Platform (GCP)
IP address filtering in Google Cloud Platform (GCP) version All versions as of 2022-06-07 and later (unfixed as of yet)
  • All versions as of 2022-06-07 and later (unfixed as of yet)
2022-06-07T19:53:53.732825Z No fix available
GSD-2022-30190
  • GSD/Windows
From the original tweet: Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. From Microsoft: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. This issue has been nicknamed "Follina "
  • All current versions of Windows
2022-05-31T19:00:00.123456Z No fix available
GSD-2022-1002524
  • GSD/Elastic Load Balancer (ELB)
input validation (CWE-20) in Elastic Load Balancer (ELB) version ELB prior to 2022-01-29 when "Legacy cache settings" is enabled
  • ELB prior to 2022-01-29 when "Legacy cache settings" is enabled
2022-05-30T16:26:29.213070Z No fix available
GSD-2022-1002523
  • GSD/LG F4DV910H2
data processing in LG F4DV910H2 version possibly all washers in the F4DV series
  • possibly all washers in the F4DV series
2022-05-27T17:09:23.252105Z No fix available
GSD-2022-1002522
  • GSD/phpass
backdoor in phpass version 0.3.x-dev, 0.3.x
  • 0.3.x-dev, 0.3.x
2022-05-24T17:10:11.663637Z No fix available
GSD-2022-1002521
  • GSD/ctx
backdoor in ctx version 0.1.2-1, 0.1.2-2, 0.1.4, 0.2, 0.2.1, 0.2.2, 0.2.2.1, 0.2.3, 0.2.4, 0.2.5, 0.2.6
  • 0.1.2-1
  • 0.1.2-2
  • 0.1.4
  • 0.2
  • 0.2.1
  • 0.2.2
  • 0.2.2.1
  • ...
2022-05-24T16:49:59.126662Z No fix available
GSD-2022-1002520
  • GSD/rustdecimal
typosquatting / spellcheck squatting in rustdecimal version all
  • all
2022-05-21T20:07:07.841941Z No fix available
GSD-2022-1002519
  • GSD/Analytics
Information Leakage in Analytics version curent as of 2022-05-19
  • curent as of 2022-05-19
2022-05-20T03:09:17.390678Z No fix available
GSD-2022-1002518
  • GSD/iPhone, iPad
CWE-158: Improper Neutralization of Null Byte or NUL Character in iPhone, iPad version ALL
  • ALL
2022-05-19T10:08:18.152370Z No fix available