GSD-2022-1003001 phy: qcom-qmp: fix reset-controller leak on probe errors

phy: qcom-qmp: fix reset-controller leak on probe errors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.14 by commit...

GSD-2022-1002656 phy: qcom-qmp: fix struct clk leak on probe errors

phy: qcom-qmp: fix struct clk leak on probe errors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

GSD-2022-1002655 phy: qcom-qmp: fix reset-controller leak on probe errors

phy: qcom-qmp: fix reset-controller leak on probe errors This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.18.3 by commit...

DEBIAN-CVE-2021-41687

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...

UBUNTU-CVE-2021-41687

DCMTK through 3.6.6 does not handle memory free properly. The program malloc a heap memory for parsing data, but does not free it when error in parsing. Sending specific requests to the dcmqrdb program incur the memory leak. An attacker can use it to launch a DoS attack...

Out-of-bound read in function msg_outtrans_special

Description Out-of-bound read in function msgouttransspecial at message.c:1716 Version commit c101abff4c6756db4f5e740fde289decb9452efa HEAD - master, tag: v8.2.5164 Proof of Concept guest@elk:/trung$ valgrind ./vimlatest/src/vim -u NONE -i NONE -n -m -X -Z -e -s -S ./poc/poc4min2 -c :qa! ==23509=...

Upgraded Q -> H from 413 [1656341343180]

Judge has assessed an item in Issue 413 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

The vulnerability of the Windows Ancillary Function Driver for WinSock in Windows operating systems allows a hacker to increase their privileges.

The vulnerability of the Windows Ancillary Function Driver for WinSock in Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to gain increased privileges...

Upgraded Q -> M from 310 [1656347065145]

Judge has assessed an item in Issue 310 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

CVE-2022-32206

curl 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually...

The vulnerability affects the implementation of the Kerberos authentication protocol for a isolated software environment called AppContainer on Windows operating systems. This vulnerability allows a attacker to circumvent security restrictions.

The vulnerability of the Kerberos authentication protocol implementation in a isolated software environment called AppContainer on Windows operating systems is related to security configuration errors. Exploiting this vulnerability can allow an attacker to circumvent security restrictions...

The vulnerability of the Hyper-V hardware virtualization system for Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of the Hyper-V hardware virtualization technology for Microsoft Windows operating systems is related to synchronization errors when using shared resources. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the xbstream_open function in the MariaDB database management system allows a hacker to cause a service failure.

The vulnerability of the xbstreamopen function extra/mariabackup/dsxbstream.cc in the MariaDB database management system is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the User Interface component of the Oracle Transportation Management software allows a perpetrator to gain access to read data or modify data.

The vulnerability of the User Interface component of the Oracle Transportation Management software is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain access to data or modify data using HTTP requests...

Upgraded Q -> M from 408 [1656345778095]

Judge has assessed an item in Issue 408 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 184 [1656338695381]

Judge has assessed an item in Issue 184 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> H from 413 [1656340258153]

Judge has assessed an item in Issue 413 as High risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> M from 439 [1656339117398]

Judge has assessed an item in Issue 439 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

Unused Return

Lines of code Vulnerability details Impact Configuration Check: unused-return Severity: Medium Confidence: Medium Description: The return value of this external call is not stored in a local or state variable. Unused return values of function calls are indicative of programmer errors which may ha...

OPENSUSE-SU-2022:2177-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1972: Fixed a buffer overflow in nftable that could lead to privilege escalation. bsc1200019 - CVE-2019-19377: Fixed an user-after-free that could be triggered when an attacker mounts a crafted...