PYSEC-2022-42997

Passeo is an open source python password generator. Versions prior to 1.0.5 rely on the python random library for random value selection. The python random library warns that it should not be used for security purposes due to its reliance on a non-cryptographically secure random number generator...

CVE-2022-23466 DOM-based cross-site scripting (XSS) in teler dashboard

teler is an real-time intrusion detection and threat alert dashboard. teler prior to version 2.0.0-rc.4 is vulnerable to DOM-based cross-site scripting XSS in the teler dashboard. When teler requests messages from the event stream on the /events endpoint, the log data displayed on the dashboard a...

DEBIAN-CVE-2022-23467

OpenRazer is an open source driver and user-space daemon to control Razer device lighting and other features on GNU/Linux. Using a modified USB device an attacker can leak stack addresses of the razerattrreaddpistages, potentially bypassing KASLR. To exploit this vulnerability an attacker would...

CVE-2022-41958 Deserialization Vulnerability by yaml config input in super-xray

super-xray is a web vulnerability scanning tool. Versions prior to 0.7 assumed trusted input for the program config which is stored in a yaml file. An attacker with local access to the file could exploit this and compromise the program. This issue has been addressed in commit 4d0d5966 and will be...

CVE-2022-39338 Stored cross site scripting (XSS) vulnerability via Authorization Endpoint in user_oidc

useroidc is an OpenID Connect user backend for Nextcloud. Versions prior to 1.2.1 did not properly validate discovery urls which may lead to a stored cross site scripting attack vector. The impact is limited due to the restrictive CSP that is applied on this endpoint. Additionally this...

Low: Red Hat Security Advisory: OpenShift Container Platform 4.11.16 security update

Red Hat OpenShift Container Platform release 4.11.16 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a...

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The...

CVE-2022-41920 Zip slip in Lancet

Lancet is a general utility library for the go programming language. Affected versions are subject to a ZipSlip issue when using the fileutil package to unzip files. This issue has been addressed and a fix will be included in versions 2.1.10 and 1.3.4. Users are advised to upgrade. There are no...

Input validation

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input validation in urbdrc channel. A malicious server can trick a FreeRDP based client to crash with division by zero. This issue has been addressed in version 2.9.0. All users are advised to...

UBUNTU-CVE-2022-41877

FreeRDP is a free remote desktop protocol library and clients. Affected versions of FreeRDP are missing input length validation in drive channel. A malicious server can trick a FreeRDP based client to read out of bound data and send it back to the server. This issue has been addressed in version...

Low: Red Hat Bug Fix Advisory: redhat-ds:11 bug fix and enhancement update

An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.6 for RHEL 8. Red Hat Directory Server is an LDAPv3-compliant directory server. The suite of packages includes the Lightweight Directory Access Protocol LDAP server, as well as command-line utilities and Web UI...

PT-2022-35244 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.76 Description: A NULL pointer dereference issue exists in the active selection access of the ipu3-imgu media component. The actual impact and attack plausibility have not yet been proven. Recommendations:...

PT-2022-35301 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: A potential security issue exists due to a race in lowcomms. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.15.75...

PT-2022-35267 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to a hung condition when a signal interrupts the nbd start device ioctl function. The actual impact and attack plausibility have not yet been proven. Recommendations: F...

PT-2022-35879 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.9.332 Description: A possible memory leak was identified in the ehea register port function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prio...

PT-2022-21875 · Eaton · Eaton Foreseer Epms

Name of the Vulnerable Software and Affected Versions: Eaton Foreseer EPMS versions 4.x through 7.5 Description: A security issue was discovered in the Eaton Foreseer EPMS software, which connects devices to reduce energy consumption and prevent unplanned downtime. The problem allows a threat act...

DEBIAN-CVE-2022-3649

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsnewinode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch t...

UBUNTU-CVE-2022-3635

A vulnerability, which was classified as critical, has been found in Linux Kernel. Affected by this issue is the function tsttimer of the file drivers/atm/idt77252.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. VDB-211934 ...

DEBIAN-CVE-2022-3623

A vulnerability was found in Linux Kernel. It has been declared as problematic. Affected by this vulnerability is the function followpagepte of the file mm/gup.c of the component BPF. The manipulation leads to race condition. The attack can be launched remotely. It is recommended to apply a patch...

CVE-2022-3564

A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2capreassemblesdu of the file net/bluetooth/l2capcore.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The...