121 matches found
Authorization
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-4801
CVE-2022-4801 affects usememos/memos versions prior to 0.9.1 and is caused by Insufficient Granularity of Access Control (authorization flaw). The vulnerability can allow an attacker to archive any user’s post (public or private), as described across multiple sources (GHSA/OSV/Red Hat references)...
CVE-2022-4801 Insufficient Granularity of Access Control in usememos/memos
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-4813
Vulnerability : usememos/memos prior to 0.9.1 has insufficient granularity of access control, enabling an IDOR on archived memos. Root cause : inadequate authorization checks on archive objects. Impact : attacker could delete archived memos (per multiple sources mentioning deletion via IDOR). Aff...
CVE-2022-4813 Insufficient Granularity of Access Control in usememos/memos
Insufficient Granularity of Access Control in GitHub repository usememos/memos prior to 0.9.1...
CVE-2022-36110 Netmaker vulnerable to Insufficient Granularity of Access Control
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions...
SUSE-SU-2022:2880-1 Security update for dpdk
This update of dpdk fixes the following issue: - Fix to read PCI device name as UTF strings bsc1198873 - Allow configuring thread granularity of Kernel NIC Interface bsc1195172 - Rebuild with new secure boot key due to grub2 boothole 3 issues bsc1198581...
Amazon Linux AMI : kernel (ALAS-2022-1624)
The version of kernel installed on the remote host is prior to 4.14.287-148.504. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1624 advisory. There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow...
Important: kernel
Issue Overview: Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend...
Important: kernel
Issue Overview: Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend...
Updated kernel packages fix security vulnerabilities
This kernel update is based on upstream 5.15.55 and fixes at least the following security issues: There are use-after-free vulnerabilities caused by timer handler in net/rose/rosetimer.c of linux that allow attackers to crash linux kernel without any privileges CVE-2022-2318. Xen Block and Networ...
CVE-2022-33740
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
DEBIAN-CVE-2022-33742
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
DEBIAN-CVE-2022-26365
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
CVE-2022-33740
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
DEBIAN-CVE-2022-33740
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
ALPINE-CVE-2022-33742
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
ALPINE-CVE-2022-33740
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
DEBIAN-CVE-2022-33741
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...
Design/Logic Flaw
Linux disk/nic frontends data leaks This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend CVE-2022-26365,...