PT-2022-10404 · Qualcomm · Snapdragon Connectivity +8

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon versions affected versions not specified Description: The issue is related to a possible out of bound read due to improper validation of the certificate chain in SSL or Internet key exchange. This affects various Qualcomm...

PT-2022-10399 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to a possible memory leak due to improper validation of certificate chain length while parsing the server certificate chain. This affects various Qualcomm...

PT-2022-10429 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to improper access control in register configuration, allowing a user with user-level permission to access graphics protected regions. This affects various...

PT-2022-15214 · Qualcomm · Snapdragon Connectivity +8

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto affected versions not specified Snapdragon Compute affected versions not specified Snapdragon Connectivity affected versions not specified Snapdragon Consumer Electronics Connectivity affected versions not specified Snapdragon...

PT-2022-15231 · Qualcomm · Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to memory corruption in audio due to a use-after-free error while managing buffers from an internal cache. This affects Snapdragon Compute, Snapdragon...

PT-2022-10004 · Qualcomm · Snapdragon Connectivity +6

Name of the Vulnerable Software and Affected Versions: Snapdragon Auto affected versions not specified Snapdragon Compute affected versions not specified Snapdragon Connectivity affected versions not specified Snapdragon Consumer Electronics Connectivity affected versions not specified Snapdragon...

PT-2022-10437 · Qualcomm · Snapdragon Connectivity +3

Name of the Vulnerable Software and Affected Versions: Snapdragon Compute affected versions not specified Snapdragon Connectivity affected versions not specified Snapdragon Industrial IOT affected versions not specified Snapdragon Mobile affected versions not specified Description: The issue is...

PT-2022-15220 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: A buffer overflow issue arises from the improper validation of NDP application information length. This affects various Qualcomm Snapdragon products, including Snapdragon Auto,...

CVE-2022-22057

CVE-2022-22057 (Qualcomm KGSL) is a use-after-free race condition in the Graphics Fence handling caused by closing the fence file descriptor and destroying the graphics timeline concurrently in Qualcomm’s KGSL driver. Affected products span Snapdragon Auto, Compute, Connectivity, Industrial IoT, ...

CVE-2022-22057

Use after free in graphics fence due to a race condition while closing fence file descriptor and destroy graphics timeline simultaneously in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables...

PT-2022-7006 · Qualcomm · Qualcomm Snapdragon Mobile +6

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon Auto versions affected versions not specified Qualcomm Snapdragon Compute versions affected versions not specified Qualcomm Snapdragon Connectivity versions affected versions not specified Qualcomm Snapdragon Consumer IOT...

Virtuozzo Hybrid Infrastructure 5.1 (5.1.0-206)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance service providers' interoperability and help to expand their services. The improvements cover compute services, security, core storage, and the user interface. Additionally, this release delivers...

org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2188 via org.jenkins-ci.plugins:ec2 (=1.19)

org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2188 Source advisory:...

org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2186 via org.jenkins-ci.plugins:ec2 (=1.19)

org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2186 Source advisory:...

org.jenkins-ci.plugins:ec2-cloud-axis (>=1.0 <=1.2) potentially affected by CVE-2020-2091 via org.jenkins-ci.plugins:ec2 (=1.19)

org.jenkins-ci.plugins:ec2 MAVEN version =1.19 is affected by a known vulnerability. The following packages have a transitive dependency on org.jenkins-ci.plugins:ec2 and may be impacted: - org.jenkins-ci.plugins:ec2-cloud-axis =1.0, =1.2 Source cves: CVE-2020-2091 Source advisory:...

GHSA-X24M-WR2F-P3VC Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents. Google Compute Engine Plugin 4.2.0 requires POST requests for this API endpoint...

GHSA-V98H-RV7J-HF6J Jenkins Google Compute Engine Plugin Missing Authorization vulnerability

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment. Google Compute Engine Plugin 4.2.0 requires the appropriate...

Jenkins Google Compute Engine Plugin Cross-Site Request Forgery vulnerability

A cross-site request forgery vulnerability in Jenkins Google Compute Engine Plugin 4.1.1 and earlier in ComputeEngineClouddoProvision could be used to provision new agents. Google Compute Engine Plugin 4.2.0 requires POST requests for this API endpoint...

Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin

Jenkins Google Compute Engine Plugin 4.1.1 and earlier does not verify SSH host keys when connecting agents created by the plugin, enabling man-in-the-middle attacks. Google Compute Engine Plugin 4.2.0 verifies SSH host keys before executing any commands on agents...

Jenkins Google Compute Engine Plugin Missing Authorization vulnerability

Missing permission checks in various API endpoints in Jenkins Google Compute Engine Plugin 4.1.1 and earlier allow attackers with Overall/Read permission to obtain limited information about the plugin configuration and environment. Google Compute Engine Plugin 4.2.0 requires the appropriate...