‼ CVE-2022-39122 ‼
📖 Read
via "National Vulnerability Database".
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38679 ‼
📖 Read
via "National Vulnerability Database".
In music service, there is a missing permission check. This could lead to local denial of service in music service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38670 ‼
📖 Read
via "National Vulnerability Database".
In soundrecorder service, there is a missing permission check. This could lead to elevation of privilege in contacts service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38690 ‼
📖 Read
via "National Vulnerability Database".
In camera driver, there is a possible memory corruption due to improper locking. This could lead to local denial of service in kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2963 ‼
📖 Read
via "National Vulnerability Database".
A vulnerability found in jasper. This security vulnerability happens because of a memory leak bug in function cmdopts_parse that can cause a crash or segmentation fault.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39111 ‼
📖 Read
via "National Vulnerability Database".
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39112 ‼
📖 Read
via "National Vulnerability Database".
In Music service, there is a missing permission check. This could lead to local denial of service in Music service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38677 ‼
📖 Read
via "National Vulnerability Database".
In cell service, there is a missing permission check. This could lead to local denial of service in cell service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39105 ‼
📖 Read
via "National Vulnerability Database".
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38673 ‼
📖 Read
via "National Vulnerability Database".
In face detect driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39110 ‼
📖 Read
via "National Vulnerability Database".
In Music service, there is a missing permission check. This could lead to elevation of privilege in Music service with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39126 ‼
📖 Read
via "National Vulnerability Database".
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39117 ‼
📖 Read
via "National Vulnerability Database".
In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38671 ‼
📖 Read
via "National Vulnerability Database".
In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-41477 ‼
📖 Read
via "National Vulnerability Database".
A security issue was discovered in WeBid <=1.2.2. A Server-Side Request Forgery (SSRF) vulnerability in the admin/theme.php file allows remote attackers to inject payloads via theme parameters to read files across directories.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-39308 ‼
📖 Read
via "National Vulnerability Database".
GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function.📖 Read
via "National Vulnerability Database".
🕴 Microsoft Secures Azure Enclaves With Hardware Guards 🕴
📖 Read
via "Dark Reading".
Microsoft highlighted emerging confidential computing offerings for Azure during its Ignite conference.📖 Read
via "Dark Reading".
Dark Reading
Microsoft Secures Azure Enclaves With Hardware Guards
Microsoft highlighted emerging confidential computing offerings for Azure during its Ignite conference.
‼ CVE-2022-42341 ‼
📖 Read
via "National Vulnerability Database".
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary file system read. Exploitation of this issue does not require user interaction.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-35712 ‼
📖 Read
via "National Vulnerability Database".
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction, the vulnerability is triggered when a crafted network packet is sent to the server.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-38423 ‼
📖 Read
via "National Vulnerability Database".
Adobe ColdFusion versions Update 14 (and earlier) and Update 4 (and earlier) are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in information disclosure. Exploitation of this issue does not require user interaction, but does require administrator privileges.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-42342 ‼
📖 Read
via "National Vulnerability Database".
Adobe Acrobat Reader versions 22.002.20212 (and earlier) and 20.005.30381 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.📖 Read
via "National Vulnerability Database".