CVE-2022-44032

An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open, aka a race condition between cmmopen and cm4000detach...

SUSE-SU-2022:3525-1 Security update for cifs-utils

This update for cifs-utils fixes the following issues: - Fix changelog to include Bugzilla and CVE tracker id numbers missing from previous update...

CVE-2022-3100

A flaw was found in the openstack-barbican component. This issue allows an access policy bypass via a query string when accessing the API...

About the security content of Safari 16

About the security content of Safari 16 This document describes the security content of Safari 16. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

CVE-2022-3169

A flaw was found in the Linux kernel. A denial of service flaw may occur if there is a consecutive request of the NVMEIOCTLRESET and the NVMEIOCTLSUBSYSRESET through the device file of the driver, resulting in a PCIe link disconnect...

CVE-2022-38096

A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfxexecbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 or Dxxx'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of...

All Vulnerabilities for rutherfordcountync.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| rutherfordcountync.gov ---|--- Open Bug...

CVE-2022-2764

A flaw was found in Undertow. Denial of service can be achieved as Undertow server waits for the LASTCHUNK forever for EJB invocations...

CVE-2022-38126

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2022-2447

A flaw was found in Keystone. There is a time lag up to one hour in a default configuration between when security policy says a token should be revoked from when it is actually revoked. This could allow a remote administrator to secretly maintain access for longer than expected...

CVE-2022-1615

In Samba, GnuTLS gnutlsrnd can fail and give predictable random values...

CVE-2022-2308

A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize t...

CVE-2020-35537

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2022-1247

An issue found in linux-kernel that leads to a race condition in roseconnect. The rose driver uses roseneigh-use to represent how many objects are using the roseneigh. When a user wants to delete a roseroute via roseioctl, the rose driver calls rosedelnode and removes neighbours only if their...

CVE-2022-2991

A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability allows a local attacker to escalate privileges and...

CVE-2021-4159

A vulnerability was found in the Linux kernel's EBPF verifier when handling internal data structures. Internal memory locations could be returned to userspace. A local attacker with the permissions to insert eBPF code to the kernel can use this to leak internal kernel memory details defeating som...

CVE-2021-3714

A flaw was found in the Linux kernels memory deduplication mechanism. Previous work has shown that memory deduplication can be attacked via a local exploitation mechanism. The same technique can be used if an attacker can upload page sized files and detect the change in access time from a network...

CVE-2021-20316

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share...

CVE-2020-14394

An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service...

gilacountyaz.gov Cross Site Scripting vulnerability OBB-2825277

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| gilacountyaz.gov ---|--- Open Bug Bount...