CVE-2022-37987

CVE-2022-37987 is a Windows CSRSS local privilege-elevation vulnerability in the Client Server Run-time Subsystem. The CVSSv3.1 base score is 7.8 (HIGH) with local attack vector, low attack complexity, and privileges required: LOW; impact to confidentiality, integrity, and availability is HIGH. A...

PT-2022-5496 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Local Security Authority Subsystem Service LSASS and involves incorrect cleanup or release of resources. This can be exploited by a remote attacker to cause a...

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-5667-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5667-1 advisory. Selim Enes Karaduman discovered that a race condition existed in the General notification queue implementation of the Linux kernel, leading t...

PT-2022-5363 · Microsoft · Windows Client Server Run-Time Subsystem +1

Name of the Vulnerable Software and Affected Versions: Windows Client Server Run-time Subsystem CSRSS affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Client Server Run-time Subsystem CSRSS. It is associated with an...

Microsoft Client Server Run-time Subsystem (CSRSS) 安全漏洞

Microsoft Client Server Run-time Subsystem is a client/server run-time subsystem from Microsoft Corporation of the United States, manifested as the csrss.exe process. It is a component of the Windows NT operating system family, appearing in Windows NT 3.1 and later systems, and provides the user...

Amazon Linux AMI : kernel (ALAS-2022-1636)

The version of kernel installed on the remote host is prior to 4.14.294-150.533. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1636 advisory. An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality in the w...

Oracle Linux 7 : Unbreakable Enterprise kernel-container (ELSA-2022-9871)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2022-9871 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566753 CVE-2022-3028 - lockdown: also lock down previous kgdb use Daniel Thompson...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2022-9870)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9870 advisory. - afkey: Do not call xfrmprobealgs in parallel Herbert Xu Orabug: 34566753 CVE-2022-3028 - lockdown: also lock down previous kgdb use Daniel Thompson...

USN-5660-1: Linux kernel (GCP) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...

Ubuntu: Security Advisory (USN-5660-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5654-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5655-1: Linux kernel (Intel IoTG) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Duoming...

USN-5654-1: Linux kernel (GKE) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Moshe Ko...

USN-5652-1: Linux kernel (Azure) vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 Domingo...

Ubuntu: Security Advisory (USN-5650-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-38423

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc5-djwa rc5 3004c9f1de887ebae86015f2677638ce51ee7 Description The Linux kernel contained a vulnerability in the iomap subsystem that could lead to memory corruption when recording errors during writeback...

USN-5650-1 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities

It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of- bounds write. A local attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2021-33655 It was...

A race condition flaw was found in the Linux kernel sound subsystem due to improper locking. It could lead to a NULL pointer dereference while handling the SNDCTL_DSP_SYNC ioctl. A privileged local user (root or member of the audio group) could use this flaw to crash the system resulting in a denial of service condition

...

The vulnerability of the Video microprogramming system component in Qualcomm’s embedded chips allows a hacker to trigger a service failure or execute arbitrary code.

The vulnerability of the Video microprogramming software component in Qualcomm’s embedded chips lies in the copying of buffers without checking the size of the input data during the processing of .ps video files. Exploiting this vulnerability can allow an attacker to cause service failures or...

SUSE SLES12: cluster-md-kmp-rt / dlm-kmp-rt / gfs2-kmp-rt / kernel-devel-rt / etc (SUSE-SU-2022:3422-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3422-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...