‼ CVE-2022-3078 ‼
📖 Read
via "National Vulnerability Database".
An issue was discovered in the Linux kernel through 5.16-rc6. There is a lack of check after calling vzalloc() and lack of free after allocation in drivers/media/test-drivers/vidtv/vidtv_s302m.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2447 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in OpenStack. The application credential tokens can be used even after they have expired. This flaw allows an authenticated remote attacker to obtain access despite the defender's efforts to remove access.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1632 ‼
📖 Read
via "National Vulnerability Database".
An Improper Certificate Validation attack was found in Openshift. A re-encrypt Route with destinationCACertificate explicitly set to the default serviceCA skips internal Service TLS certificate validation. This flaw allows an attacker to exploit an invalid certificate, resulting in a loss of confidentiality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2319 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2256 ‼
📖 Read
via "National Vulnerability Database".
A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7. This flaw allows a privileged attacker to execute malicious scripts in the admin console, abusing the default roles functionality.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2764 ‼
📖 Read
via "National Vulnerability Database".
A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2403 ‼
📖 Read
via "National Vulnerability Database".
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2639 ‼
📖 Read
via "National Vulnerability Database".
An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36601 ‼
📖 Read
via "National Vulnerability Database".
The Eclipse TCF debug interface in JasMiner-X4-Server-20220621-090907 and below is open on port 1534. This issue allows unauthenticated attackers to gain root privileges on the affected device and access sensitive data or execute arbitrary commands.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-1615 ‼
📖 Read
via "National Vulnerability Database".
In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38126 ‼
📖 Read
via "National Vulnerability Database".
Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.📖 Read
via "National Vulnerability Database".
‼ CVE-2021-25657 ‼
📖 Read
via "National Vulnerability Database".
A privilege escalation vulnerability was discovered in Avaya IP Office Admin Lite and USB Creator that may potentially allow a local user to escalate privileges. This issue affects Admin Lite and USB Creator 11.1 Feature Pack 2 Service Pack 1 and earlier versions.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36593 ‼
📖 Read
via "National Vulnerability Database".
kkFileView v4.0.0 was discovered to contain an arbitrary file deletion vulnerability via the fileName parameter at /controller/FileController.java.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39170 ‼
📖 Read
via "National Vulnerability Database".
libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36759 ‼
📖 Read
via "National Vulnerability Database".
Online Food Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the component /dishes.php?res_id=.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-36594 ‼
📖 Read
via "National Vulnerability Database".
Mapper v4.0.0 to v4.2.0 was discovered to contain a SQL injection vulnerability via the ids parameter at the selectByIds function.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39177 ‼
📖 Read
via "National Vulnerability Database".
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39176 ‼
📖 Read
via "National Vulnerability Database".
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.📖 Read
via "National Vulnerability Database".
⚠ S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text] ⚠
📖 Read
via "Naked Security".
Latest episode - listen now!📖 Read
via "Naked Security".
Naked Security
S3 Ep98: The LastPass saga – should we stop using password managers? [Audio + Text]
Latest episode – listen now!
👍1
‼ CVE-2022-22059 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption due to out of bound read while parsing a video file in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile📖 Read
via "National Vulnerability Database".
‼ CVE-2022-25680 ‼
📖 Read
via "National Vulnerability Database".
Memory corruption in multimedia due to buffer overflow while processing count variable from client in Snapdragon Auto📖 Read
via "National Vulnerability Database".