‼ CVE-2022-38127 ‼
📖 Read
via "National Vulnerability Database".
A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2320 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Xorg-x11-server. The specific flaw exists within the handling of ProcXkbSetDeviceInfo requests. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. This flaw allows an attacker to escalate privileges and execute arbitrary code in the context of root.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1902 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes. Notifier secrets were not properly sanitized in the GraphQL API. This flaw allows authenticated ACS users to retrieve Notifiers from the GraphQL API, revealing secrets that can escalate their privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36602 ‼
📖 Read
via "National Vulnerability Database".
InnoSilicon A10 a10_20200924_120556 was discovered to contain a remote code execution (RCE) vulnerability in the setPlatformAPI function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1677 ‼
📖 Read
via "National Vulnerability Database".
In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files. This malformed entry can match any arbitrary hostname, or all hostnames in the cluster, and direct traffic to an arbitrary application within the cluster, including one under attacker control.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-23452 ‼
📖 Read
via "National Vulnerability Database".
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.📖 Read
via "National Vulnerability Database".
👍2
‼ CVE-2022-36622 ‼
📖 Read
via "National Vulnerability Database".
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.📖 Read
via "National Vulnerability Database".
👍1
‼ CVE-2022-2308 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-3078 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2447 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1632 ‼
📖 Read
via "National Vulnerability Database".
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2319 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2256 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2764 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2403 ‼
📖 Read
via "National Vulnerability Database".
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2639 ‼
📖 Read
via "National Vulnerability Database".
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36601 ‼
📖 Read
via "National Vulnerability Database".
The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1615 ‼
📖 Read
via "National Vulnerability Database".
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38126 ‼
📖 Read
via "National Vulnerability Database".
Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25657 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36593 ‼
📖 Read
via "National Vulnerability Database".
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.📖 Read
via "National Vulnerability Database".