ROOT-OS-DEBIAN-11-CVE-2022-50024 CVE-2022-50024 in rootio-linux - Patched by Root

Root has patched CVE-2022-50024 in the rootio-linux package for Root:Debian:11. Multiple fixed versions available...

UBUNTU-CVE-2022-50943

Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users'...

FASTJSON Includes Functionality from Untrusted Control Sphere

Fastjson before 1.2.48 mishandles autoType because, when an @type key is in a JSON document, and the value of that key is the name of a Java class, there may be calls to certain public methods of that class. Depending on the behavior of those methods, there may be JNDI injection with an...

CVE-2022-50749

In the Linux kernel, the following vulnerability has been resolved: acct: fix potential integer overflow in encodecompt The integer overflow is descripted with following codes: 317 static compt encodecomptu64 value 318 319 int exp, rnd; ...... 341 exp 342 exp += value; 343 return exp; 344 Current...

CVE-2022-50503

In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resourcesizeaddrange invoked, if platformgetresource returns NULL...

EUVD-2022-54188

Malicious code in bioql PyPI...

EUVD-2022-52532

Malicious code in bioql PyPI...

EUVD-2022-30676

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-35110

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SWFTools commit 772e55a2 was discovered to contain a memory leak via /lib/mem.c. CVE-2022-35110 Note that Nessus relies on the presence of the package as report...

Linux Distros Unpatched Vulnerability : CVE-2022-49717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: irqchip/apple-aic: Fix refcount leak in buildfiqaffinity offindnodebyphandle returns a node...

CVE-2022-50029

In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: dont disable gccsleepclksrc Once the usb sleep clocks are disabled, clock framework is trying to disable the sleep clock source also. However, it seems that it cannot be disabled and trying to do so produces:...

CVE-2022-48227

An issue was discovered in Acuant AsureID Sentinel before 5.2.149. It allows elevation of privileges because it opens Notepad after the installation of AssureID, Identify x64, and Identify x86, aka CORE-7361...

CVE-2025-2022 Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability

Ashlar-Vellum Cobalt VS File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit...

CVE-2022-49598

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpmtuprobing. While reading sysctltcpmtuprobing, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49449

In the Linux kernel, the following vulnerability has been resolved: pinctrl: renesas: rzn1: Fix possible null-ptr-deref in shpfcmapresources It will cause null-ptr-deref when using 'res', if platformgetresource returns NULL, so move using 'res' after devmioremapresource that will check it to avoi...

WhatsUp Gold 2022 (22.1.0 Build 39) - XSS

Exploit Title: WhatsUpGold 22.1.0 - Stored Cross-Site Scripting XSS Date: April 18, 2023 Exploit Author: Andreas Finstad 4ndr34z Vendor Homepage: https://www.whatsupgold.com Version: v.22.1.0 Build 39 Tested on: Windows 2022 Server CVE : CVE-2023-35759 Reference:...

BELL-CVE-2022-27536 CVE-2022-27536 does not affect BellSoft software

Bulletin has no description...

CVE-2022-32674

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...

SUSE CVE-2022-3370

Use after free in Custom Elements in Google Chrome prior to 106.0.5249.91 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2022-46187

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2022. Notes: none...