PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. Because the offset and size is controlled through MG header fields, a specially crafted ELF can read data beyond the bounds of mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.

• https://github.com/PCSX2/pcsx2/commit/0b73eabd9ac19a5e290e7bee48d15be24e7b7d1b
• https://github.com/PCSX2/pcsx2/releases/tag/v2.5.378
• https://github.com/PCSX2/pcsx2/security/advisories/GHSA-69wg-97fx-8j5w

Aircompressor is a library with ports of the Snappy, LZO, LZ4, and Zstandard compression algorithms to Java. In versions 3.3 and below, incorrect handling of malformed data in Java-based decompressor implementations for Snappy and LZ4 allow remote attackers to read previous buffer contents via crafted compressed input. With certain crafted compressed inputs, elements from the output buffer can end up in the uncompressed output, potentially leaking sensitive data. This is relevant for applications that reuse the same output buffer to uncompress multiple inputs. This can be the case of a web server that allocates a fix-sized buffer for performance purposes. There is similar vulnerability in GHSA-cmp6-m4wj-q63q. This issue is fixed in version 3.4.

• https://github.com/airlift/aircompressor/commit/f2b489b398779b40c1ee29ddb11d7edef54ddc15
• https://github.com/airlift/aircompressor/commit/ff12c4d5757c9d6d1de3d39a10402f1f84f9b765
• https://github.com/airlift/aircompressor/security/advisories/GHSA-vx9q-rhv9-3jvg

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?page=zone. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.

• https://github.com/Ggeee3/CVE/issues/1
• https://itsourcecode.com/
• https://vuldb.com/?ctiid.336205
• https://vuldb.com/?id.336205
• https://vuldb.com/?submit.705535
• https://vuldb.com/?submit.706053

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

• https://github.com/Wegetmore/CVE/issues/1
• https://itsourcecode.com/
• https://vuldb.com/?ctiid.336204
• https://vuldb.com/?id.336204
• https://vuldb.com/?submit.705534

A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing manipulation of the argument photo can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used.

• https://github.com/CHENCHOUCHOU/vuln/issues/1
• https://vuldb.com/?ctiid.336203
• https://vuldb.com/?id.336203
• https://vuldb.com/?submit.705525
• https://www.campcodes.com/