CVE-2022-1972

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to...

ASB-A-112551163

In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet sockets with no additional execution privileges needed. User interaction is not needed for exploitation...

Important: Red Hat Security Advisory: kernel security, bug fix, and enhancement update

An update for kernel is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2022-1462

CVE-2022-1462 is an out-of-bounds read in the Linux kernel TeleTYpe subsystem triggered by a race using ioctls (TIOCSPTLCK, TIOCGPTPEER, TIOCSTI, TCXONC). Local users can crash the system or read unauthorized memory. Public advisories link this CVE to Linux kernel versions across multiple distrib...

FreeBSD 802.11 Network Subsystem Heap-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of 802.11 Wi-Fi beacon frames. The issue results from the lack of...

CVE-2022-1462

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

CVE-2022-1462

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

CVE-2022-1786

A use-after-free flaw was found in the Linux kernel’s iouring subsystem in the way a user sets up a ring with IORINGSETUPIOPOLL with more than one task completing submissions on this ring. This flaw allows a local user to crash or escalate their privileges on the system...

CVE-2022-1462

An out-of-bounds read flaw was found in the Linux kernel’s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flushtoldisc function. This flaw allows a local user to crash the...

The vulnerability of the XFRM subsystem in the Linux operating system allows a hacker to gain access to confidential information or cause a service failure.

The vulnerability of the XFRM subsystem in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...

The vulnerability of the tty subsystem in the Linux operating system allows a hacker to gain access to confidential information or cause service failures.

The vulnerability of the tty subsystem in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to access confidential information or cause service failures...

The vulnerability of the `sys_perf_event_open()` function in the Linux operating system’s perf subsystem allows a local attacker to gain root privileges.

The vulnerability of the sysperfeventopen function in the Linux operating system’s perf subsystem stems from the race condition within this subsystem. This condition can be exploited to initiate access to a freed memory area in the kernel. Exploiting this vulnerability allows a local attacker to...

The vulnerability of the chown_one() function in the initialization subsystem and systemd service management allows a attacker to increase their privileges.

The vulnerability of the chownone function in the system initialization and systemd service management subsystem is related to the simultaneous execution using a shared resource with incorrect synchronization. Exploiting this vulnerability can allow an attacker to increase their privileges...

Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins

The agent-to-controller security subsystem limits which files on the Jenkins controller can be accessed by agent processes. Multiple vulnerabilities in the file path filtering implementation of Jenkins 2.318 and earlier, LTS 2.303.2 and earlier allow agent processes to read and write arbitrary...

OctoPrint Incorrect Access Control

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not .log files...

GHSA-X9RQ-FJP5-QGM9 OctoPrint Incorrect Access Control

The Logging subsystem in OctoPrint before 1.6.0 has incorrect access control because it attempts to manage files that are not .log files...

Hybrid Group Gobot Improper Certificate Validation vulnerability

An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default. Specific Go Packages Affected github.com/hybridgroup/gobot/platforms/mqtt...

GHSA-VFXC-R2GX-V2VQ Hybrid Group Gobot Improper Certificate Validation vulnerability

An issue was discovered in Hybrid Group Gobot before 1.13.0. The mqtt subsystem skips verification of root CA certificates by default. Specific Go Packages Affected github.com/hybridgroup/gobot/platforms/mqtt...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel-container (ELSA-2022-9426)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-9426 advisory. - iouring: always use original task when preparing req identity Jens Axboe Orabug: 34186552 CVE-2022-1786 Tenable has extracted the preceding...

Amazon Linux 2 : kernel, --advisory ALAS2KERNEL-5.4-2022-023 (ALASKERNEL-5.4-2022-023)

The version of kernel installed on the remote host is prior to 5.4.181-99.354. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-023 advisory. AMD recommends using a software mitigation for this issue, which the kernel is enabling by default. The Lin...