USN-5736-2 imagemagick vulnerabilities

USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the issues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while CVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only affected Ubuntu...

Directory traversal

A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'. An attacker can create a KNIME workflow that, when being uploaded, ca...

CVE-2022-44748

CVE-2022-44748 - KNIME Server Zip-Slip directory traversal . A vulnerability in KNIME Server’s ZIP archive extraction routines allows an authenticated user (with upload rights) to overwrite arbitrary files on the server’s filesystem. The root cause is directory traversal during workflow upload, e...

Debian: Security Advisory (DLA-3203-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

CVE-2022-40304

CVE-2022-40304: libxml2 before 2.10.3 contains invalid XML entity definitions that can corrupt a hash table key, potentially triggering logic errors and, in at least one case, a double-free. Affected library is libxml2; CVSS v3.1 shows base score 7.8 (HIGH) with LOCAL access, high impact. Public ...

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

CVE-2022-40304

An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked...

Google TensorFlow BaseCandidateSamplerOp Buffer Error Vulnerability

Google TensorFlow is a suite of end-to-end open source platforms for machine learning from Google USA. A buffer error vulnerability exists in Google TensorFlow versions prior to 2.8.4, 2.9.0 and later, and prior to 2.9.3, which stems from a lack of validation of user-supplied data in the...

CVE-2022-3500

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

PYSEC-2022-42995

A vulnerability was found in keylime. This security issue happens in some circumstances, due to some improperly handled exceptions, there exists the possibility that a rogue agent could create errors on the verifier that stopped attestation attempts for that host leaving it in an attested state b...

The vulnerability of the cross-platform software development framework Qt, related to resource management errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the cross-platform software development framework Qt is related to resource management errors. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause service failures through a specially created web page...

The vulnerability of the Linux operating system’s kernel, related to pointer arithmetic errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Linux operating system’s kernel is related to pointer arithmetic errors. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of the Hints::Hints function (poppler/Hints.cc) in the Poppler PDF rendering library allows a attacker to cause a service failure.

The vulnerability of the Hints::Hints function in the Poppler PDF rendering library is related to errors during resource release. Exploiting this vulnerability allows an attacker to cause service interruptions through a specially created PDF file...

The vulnerability of the Windows operating system’s Bind Filter Driver allows a hacker to gain unauthorized access to the device.

The vulnerability of the Windows operating system’s Bind Filter Driver arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain unauthorized access to the device...

The vulnerability in the web interface for managing the Cisco AsyncOS operating system of the Cisco Email Security Appliance (ESA) security email system, the Cisco Secure Email and Web Manager content protection device, and the Cisco Secure Web Appliance (formerly Cisco Web Security Appliance (WSA)) web gateway allows a perpetrator to expose protected information.

The vulnerability in the web interface for controlling the Cisco AsyncOS operating system of the Cisco Email Security Appliance ESA, the Cisco Secure Email and Web Manager, and the Cisco Secure Web Appliance formerly Cisco Web Security Appliance WSA relates to authentication errors. Exploiting th...

The vulnerability of the compatibility subsystem’s kernel allows for the execution of Linux applications. The Windows Subsystem for Linux (WSL2) and the Azure IoT Edge for Linux on Windows (EFLOW) environment enable attackers to enhance their privileges.

The vulnerability of the compatibility subsystem’s kernel for running Linux applications is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to gain increased privileges...

QA Report

See the markdown file with the details of this report here. --- The text was updated successfully, but these errors were encountered: All reactions...

[SECURITY] [DSA 5285-1] asterisk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5285-1 [email protected] https://www.debian.org/security/ Markus Koschany November 17, 2022 https://www.debian.org/security/faq -...

The vulnerability in the implementation of the Point to Point Tunneling Protocol (PPPT) for Windows operating systems allows a perpetrator to cause a service failure.

The vulnerability of the Point to Point Tunneling Protocol PPTP implementation in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...