CVE-2022-36158

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page /usr/www/ja/mntcmd.cgi...

Veritas Backup Exec Agent Remote Code Execution

frozenstringliteral: true This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Veritas Backup Exec Agent Remote Code Execution', 'Description' = %q Veritas Backup Exec Agent supports multiple...

DEBIAN-CVE-2022-40768

drivers/scsi/stex.c in the Linux kernel through 5.19.9 allows local users to obtain sensitive information from kernel memory because stexqueuecommandlck lacks a memset for the PASSTHRUCMD case...

Ubuntu 20.04 LTS : Linux kernel (Azure CVM) vulnerabilities (USN-5605-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5605-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

RHEL 8 : OpenShift Container Platform 4.11.0 (RHSA-2022:5068)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5068 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or privat...

RHEL 7 / 8 : OpenShift Container Platform 4.10.25 (RHSA-2022:5729)

The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5729 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or...

RHEL 8 : Red Hat OpenShift Service Mesh 2.1.3 (RHSA-2022:5004)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5004 advisory. Red Hat OpenShift Service Mesh is a Red Hat distribution of the Istio service mesh project, tailored for installation into an on-premise...

Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-5600-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5600-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5596-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5596-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5577-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5577-1 advisory. Asaf Modelevsky discovered that the IntelR 10GbE PCI Express ixgbe Ethernet driver for the Linux kernel performed insufficient control flow management. A...

DEBIAN-CVE-2021-3764

A memory leak flaw was found in the Linux kernel's ccprunaesgcmcmd function that allows an attacker to cause a denial of service. The vulnerability is similar to the older CVE-2019-18808. The highest threat from this vulnerability is to system availability...

Amazon Linux 2 : kernel (ALASKERNEL-5.4-2022-034)

The version of kernel installed on the remote host is prior to 5.4.209-116.363. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2KERNEL-5.4-2022-034 advisory. An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality...

radare2 资源管理错误漏洞

radare2 is a set of libraries and tools for working with binary files. A security vulnerability exists in radare2 that stems from a double release issue found in the cmdinfo function of the cmdinfo.c file...

Amazon Linux 2 : kernel (ALAS-2022-1833)

The version of kernel installed on the remote host is prior to 4.14.290-217.505. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1833 advisory. An out-of-bounds write flaw was found in the Linux kernel's framebuffer-based console driver functionality in the...

Exploit for CVE-2022-38532

CVE-2022-38532 Local privilege escalation in MSI Center d...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:2808-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:2808-1 advisory. - Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially result in data leakage...

AZL-10532 CVE-2022-30580 affecting package golang for versions less than 1.18.5-1

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-30580

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...

CVE-2022-20345

In l2cbleprocesssigcmd of l2cble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12...

CVE-2022-30580 Empty Cmd.Path can trigger unintended binary in os/exec on Windows

Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset...