USN-5785-1 freeradius vulnerabilities

It was discovered that FreeRADIUS incorrectly handled multiple EAP-pwd handshakes. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS. CVE-2019-17185 Shane Guan discovered that FreeRADIUS incorrectly handled memory when checking unkno...

The vulnerability of the Microsoft Office Graphics component in the Microsoft 365 Apps for Enterprise suite allows a perpetrator to execute arbitrary code.

The vulnerability of the Microsoft Office Graphics component in the Microsoft 365 Apps for Enterprise suite is related to the use of memory after it is released. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially created SKP file...

UBUNTU-CVE-2022-46691

A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...

VulnCheck KEV: CVE-2022-46691

A memory consumption issue was addressed with improved memory handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2 and iPadOS 15.7.2, iOS 16.2 and iPadOS 16.2, watchOS 9.2. Processing maliciously crafted web content may lead to arbitrary code execution...

curl: POST following PUT confusion

A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set if it previously used the same handle to issue a PUT request which us...

PT-2022-36338 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.154 Description: The issue concerns attempting to access uninitialized memory in Bluetooth L2CAP. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-36192 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.79 Description: The issue concerns a problem with reserved memory setup in the riscv architecture. It was introduced in version v5.4 and fixed in version v5.15.79. The actual impact and attack plausibility...

CLSA-2022-1669240259 vim: Fix of CVE-2022-3352

CVE-2022-3352: disallow deleting the current buffer to avoid using freed memory...

PT-2022-26585 · Apple · Ios +3

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 16 Apple iOS versions prior to 16 Apple macOS versions prior to Ventura 13 Apple watchOS versions prior to 9 Description: A memory consumption issue was addressed with improved memory handling. Processing a...

PT-2022-26597 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13 Description: The issue was addressed with improved memory handling. Processing a maliciously crafted gcx file may lead to unexpected app termination or arbitrary code execution. Recommendations: For versions prior t...

OpenJDK: excessive memory allocation in X.509 certificate parsing (Security, 8286533)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u341, 8u345-perf, 11.0.16.1; Oracle GraalVM Enterprise Edition: 20.3.7, 21.3.3 and 22.2.0. Easily exploitable vulnerabili...

CVE-2022-41197

Due to lack of proper memory management, when a victim opens a manipulated VRML Worlds .wrl, vrml.x3d file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible for the application to crash and becomes temporarily unavailable to the user until restart of t...

CVE-2022-41182

Due to lack of proper memory management, when a victim opens manipulated Parasolid Part and Assembly .xb, CoreCadTranslator.exe file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to t...

CVE-2022-41180

Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format .pdf, PDFPublishing.dll file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

PT-2022-25709 · Sap · Sap 3D Visual Enterprise Viewer

Name of the Vulnerable Software and Affected Versions: SAP 3D Visual Enterprise Viewer version 9 Description: The issue arises due to improper memory management. When a manipulated Computer Graphics Metafile .cgm file from untrusted sources is opened in the affected software, it can trigger a...

expat: a use-after-free in the doContent function in xmlparse.c

A vulnerability was found in expat. With this flaw, it is possible to create a situation in which parsing is suspended while substituting in an internal entity so that XMLResumeParser directly uses the internalEntityProcessor as its processor. If the subsequent parse includes some unclosed tags,...

PT-2022-17488 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to memory corruption in WLAN due to an integer overflow leading to a buffer overflow while parsing GTK frames. This affects various Qualcomm Snapdragon...

The vulnerability of the sdp_cstate_alloc_buf function in the Bluetooth technology stack for Linux BlueZ, which allows a hacker to cause a service failure.

The vulnerability of the sdpcstateallocbuf function in the Bluetooth technology stack for Linux BlueZ is related to the lack of memory release when processing a linked list of cstates. Exploiting this vulnerability allows an attacker to cause a service failure...

PT-2022-26096 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: An issue was discovered in the function AP4 DataBuffer::ReallocateBuffer in Core/Ap4DataBuffer.cpp, which leads to excessive memory consumption. Recommendations: For Bento4 version 1.6.0-639, consider...

kernel: ice: arfs: fix use-after-free when freeing @rx_cpu_rmap

In the Linux kernel, the following vulnerability has been resolved: ice: arfs: fix use-after-free when freeing @rxcpurmap The CI testing bots triggered the following splat: 718.203054 BUG: KASAN: use-after-free in freeirqcpurmap+0x53/0x80 718.206349 Read of size 4 at addr ffff8881bd127e00 by task...