CVE-2021-39673

CVE-2021-39673 is publicly documented in Android bulletin contexts as a high-severity issue listed under the 2022-10 patch levels for Android 13 (AOSP 13). Connected documents show it alongside other CVEs with Android patch-level mappings (e.g., CVE-2022-20419 and CVE-2022-20412) and explicitly c...

CVE-2022-42013

RESERVED This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value:...

Microsoft Exchange Server Has a Zero-Day Problem

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more...

CVE-2013-3013

Summary of CVE-2013-3013 context (IBM Smart Analytics System 5600): The related IBM security bulletin notes that the 5600 system’s management host runs Firefox configured to use the IBM Java SDK for Java Web Start, exposing the system to Java SDK vulnerabilities identified in CVEs such as CVE-201...

Ubuntu 20.04 LTS : Linux kernel (GCP) vulnerabilities (USN-5647-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5647-1 advisory. It was discovered that the framebuffer driver on the Linux kernel did not verify size limits when changing font or screen size, leading to an out-of-...

CVE-2019-4626

IBM InfoSphere Subscription Manager is affected by CVE-2019-4626, a Cross-Site Request Forgery in IBM InfoSphere Information Server components. Affected products and versions include IBM InfoSphere Information Server (11.3, 11.5, 11.7) and InfoSphere Information Server on Cloud (11.5, 11.7). The ...

CVE-2019-4717

IBM Jazz for Service Management (JazzSM) is affected by a cross-site scripting (XSS) vulnerability (CVE-2019-4717) in version 1.1.3. The issue enables a remote attacker to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credentials disclosure within ...

CVE-2019-4618

CVE-2019-4618 is confirmed in IBM InfoSphere Metadata Asset Manager (and Information Server on Cloud) with a Stored cross-site scripting vulnerability. Affected products/versions include IBM InfoSphere Metadata Asset Manager: 11.3, 11.5, 11.7 and IBM InfoSphere Information Server on Cloud: 11.5, ...

CVE-2019-4097

CVE-2019-4097 is a spoofing vulnerability in Platform System Manager (PSM) shipped with IBM Cloud Pak System/PureApplication System. An authenticated user could steal or manipulate customer sessions and cookies. Affected product: IBM Cloud Pak System (V2.3.0). CVSS Base score 4.3. Remediation: up...

CVE-2022-3102

CVE-2022-3102 affects the jwcrypto library, where the JWT/JWE handling can allow token substitution that may lead to authentication or authorization bypass. The issue arises from jwcrypto’s ability to auto-detect token types (JWS vs JWE) and, under certain conditions, substitute a signed JWS with...

CVE-2022-41222

mm/mremap.c in the Linux kernel before 5.13.3 has a use-after-free via a stale TLB because an rmap lock is not held during a PUD move...

CVE-2022-41160

The CVE-2022-41160 issue affects FreeRDP (FreeRDP, an open-source RDP implementation). Advisory texts state the vulnerability stems from improper region checks in FreeRDP prior to version 2.4.1, potentially affecting clients using gateway connections. SUSE advisories SUSE-SU-2022:2890-1 and SUSE-...

Privilege Escalation

linux is vulnerable to Privilege Escalation. The vulnerability exists in nftablesapi.c function in nftables cross-table in the linux kernel which will allow a local privileged attacker to cause a use-after-free problem at the time of table deletion...

Microsoft Teams does not display video and shared screen

Microsoft Teams does not display video and shared screenwhen Endpoint OS is Windows 10 1607 Build 14393, Desktop Viewer is disabled showDesktopViewer=false, Teams optimization is enabled, and Viewing session in full screen mode...

PT-2022-33568 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.13 through v5.19.1 Description: The issue concerns a simplification problem in the devm spi register controller function. It was introduced in version v5.13 and fixed in version v5.19.2. The actual impact and attack...

PT-2022-33457 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.8 through v5.19.1 Description: The issue is related to a problem in the Linux Kernel where a task is not properly requeued on a CPU excluded from cpus mask. The actual impact and attack plausibility have not yet been...

PT-2022-33346 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.4 Description: The issue is related to a cleanup problem in the .remove function after pm runtime get sync failed. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

CVE-2022-1972

Removed by vendor...

CVE-2022-36782 Pal Electronics Systems - Pal Gate Authorization Errors

Pal Electronics Systems - Pal Gate Authorization Errors. The vulnerability is an authorization problem in PalGate device management android client app. Gates of bulidings and parking lots with a simple button in any smartphone. The API was found after a decompiling and static research using Jadx,...

CVE-2022-22403

IBM Aspera Faspex 5.0.0 and 5.0.1 are affected by CVE-2022-22403. The root cause is that authorization tokens or session cookies are not set with the Secure attribute, enabling an attacker to snoop cookie values when a user visits an insecure http link or a compromised site. IBM has addressed thi...