PT-2022-34076 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.137 Description: The issue is related to the assignment of scpi info in the arm scpi firmware when a probe fails. The actual impact and potential for attack have not been proven yet. Recommendations: For...

SUSE SLES12 Security Update : kernel (SUSE-SU-2022:3282-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3282-1 advisory. - An issue was discovered in the Linux kernel through 5.16.11. The mixed IPID assignment method with the hash-based IPID assignment...

nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes

A regular expression denial of service ReDoS vulnerability was found in nodejs-ansi-regex. This could possibly cause an application using ansi-regex to use an excessive amount of CPU time when matching crafted ANSI escape codes...

CVE-2022-39810

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be...

CVE-2022-39810

An issue was discovered in WSO2 Enterprise Integrator 6.4.0. A Reflected Cross-Site Scripting XSS vulnerability has been identified in the Management Console under /carbon/ndatasource/validateconnection/ajaxprocessor.jsp via the driver parameter. Session hijacking or similar attacks would not be...

WSO2 Enterprise Integrator 跨站脚本漏洞

WSO2 Enterprise Integrator is the United States WSO2 company's set of open source hybrid integration platform. The platform supports communication between multiple applications. A security vulnerability exists in WSO2 Enterprise Integrator version 6.4.0, which is caused by a reflected cross-site...

Vulnerability of the POSIX component of the Linux operating system’s CPU core, allowing a hacker to execute arbitrary code

The vulnerability of the POSIX CPU core component in the Linux operating system is related to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

OSV-2022-854 Heap-buffer-overflow in perfetto::trace_processor::TrackEventParser::ParseTrackDescriptor

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51022 Crash type: Heap-buffer-overflow WRITE 4 Crash state: perfetto::traceprocessor::TrackEventParser::ParseTrackDescriptor perfetto::traceprocessor::TrackEventModule::ParsePacket...

A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).

...

PT-2022-10445 · Qualcomm · Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to an out of bound write in the DSP service due to an improper bound check for the response buffer size. This affects various Qualcomm Snapdragon products,...

mariadb: server crash in Item_func_in::cleanup/Item::cleanup_processor

MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Itemfuncin::cleanup/Item::cleanupprocessor...

SUSE: Security Advisory (SUSE-SU-2022:2960-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-36059

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can temporarily disrupt or impede the matrix-js-sdk from functioning properly, potentially impacting the consumer's ability to process data...

SUSE-SU-2022:2960-1 Security update for ucode-intel

This update for ucode-intel fixes the following issues: Updated to Intel CPU Microcode 20220809 release bsc1201727: - CVE-2022-21233: Fixed an issue where stale data may have been leaked from the legacy xAPIC MMIO region, which could be used to compromise an SGX enclave INTEL-SA-00657. See also:...

Ubuntu: Security Advisory (USN-390-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5484-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4182-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the KVM SEV API that allows a non-root host user-level application to crash the host kernel by creating an...

The vulnerability of the BIOS microprogramming system of Intel processors allows attackers to disclose protected information.

The vulnerability of the BIOS microprogramming system of Intel processors is related to access control deficiencies. Exploiting this vulnerability can allow an attacker to disclose protected information...

The vulnerability of the kbase_jd_user_buf_pin_pages function (mali_kbase_mem.c) in the graphics processor driver for Android devices from Google Pixel allows a hacker to escalate their privileges.

The vulnerability of the kbasejduserbufpinpages function malikbasemem.c in the graphics processor driver for Android devices from Google Pixel devices is related to writing beyond buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain increased privileges...