PT-2022-35543 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 4.19 through 5.10.149 Description: A potential security issue exists due to a debugfs leak in the mvpp2 module. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versio...

PT-2022-35369 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.4 through v5.15.74 Description: A use-after-free issue exists in the nouveau gem prime import sg table function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-35465 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions 5.10.141 through 5.10.149 Description: The issue concerns a potential security vulnerability in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...

PT-2022-34897 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.13 through v6.0.6 Description: The issue is related to missing SIGTRAPs in the Linux Kernel. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions v5.13 through...

PortlandLabs Concrete CMS 代码问题漏洞

PortlandLabs Concrete CMS is a team-oriented open source content management system from PortlandLabs, Inc. in the United States. A security vulnerability exists in Concrete CMS concrete5 versions prior to 8.5.10 and 9.0.0 through 9.1.2, which stems from the presence of a vulnerability in XXE-base...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP ...

PT-2022-24400 · Ibm · Ibm Cloud Pak For Security

Name of the Vulnerable Software and Affected Versions: IBM Cloud Pak for Security CP4S versions 1.10.0.0 through 1.10.2.0 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For versions...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39393 via wasmtime (>=0.10.0 <=12.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39393 Source advisory: OSV:RUSTSEC-2022-0075...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +99 more potentially affected by CVE-2022-39392 via wasmtime (>=0.10.0 <=12.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 - inkpad-executor =0.1.0 and more Source cves: CVE-2022-39392 Source advisory: OSV:RUSTSEC-2022-0076...

AZL-11385 CVE-2022-44792 affecting package net-snmp for versions less than 5.9.4-1

handleipDefaultTTL in agent/mibgroup/ip-mib/ipscalars.c in Net-SNMP 5.8 through 5.9.3 has a NULL Pointer Exception bug that can be used by a remote attacker who has write access to cause the instance to crash via a crafted UDP packet, resulting in Denial of Service...

PT-2022-5703 · D Link · D-Link Dir-882

Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions 1.10B02 through 1.20B06 Description: The issue is related to buffer overflow errors in the D-Link DIR-882 wireless router's firmware. Exploitation of this issue may allow a remote attacker to cause a denial of service...

PT-2022-5707 · D Link · D-Link Dir-882

Name of the Vulnerable Software and Affected Versions: D-Link DIR-882 versions 1.10B02 through 1.20B06 Description: The issue is related to a buffer overflow error in the webGetVarString function of the D-Link DIR-882 wireless router's firmware. This can be exploited by a remote attacker to execu...

PT-2022-18672 · Osisoft · Osisoft-Pi-Web-Connector

Name of the Vulnerable Software and Affected Versions: osisoft-pi-web-connector versions 0.15.0 through 0.43.0 Description: The Foundry Magritte plugin osisoft-pi-web-connector was found to be logging in a manner that captured authentication requests. Recommendations: For osisoft-pi-web-connector...

CVE-2022-44622

In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive...

PT-2022-25297 · Ibm · Ibm Mq Appliance

Name of the Vulnerable Software and Affected Versions: IBM MQ Appliance versions 9.2 CD through 9.3 LTS Description: The issue allows an authenticated user to impersonate another user on the system because it does not invalidate the session after logout. Recommendations: For IBM MQ Appliance...

CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

Sudo 缓冲区错误漏洞

Sudo is a program used on Unix-like systems that allows users to execute commands in a secure manner with special privileges. A buffer error vulnerability exists in Sudo versions 1.8.0 through 1.9.12, which stems from the presence of an array out-of-bounds error that could result in a heap-based...

PT-2022-24940 · Fluentd · Fluentd

Name of the Vulnerable Software and Affected Versions: Fluentd versions 1.13.2 through 1.15.2 Description: A remote code execution vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. This issue...

1st-project (=1.0.2), 2d-game-assets (=0.0.1) +9034 more potentially affected by CVE-2022-39353 via @xmldom/xmldom (>=0.8.0 <=0.8.3)

@xmldom/xmldom NPM version =0.8.0, =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =1.0.0, =2.1.0, =2.8.6 and more Source cves: CVE-2022-39353 Source advisory: OSV:GHSA-CRH6-FP67-6883...

cloud.altemista.fwk.azure:cloud-altemistafwk-core-azure-active-directory (=3.1.0.RELEASE), cloud.altemista.fwk.azure:cloud-altemistafwk-core-azure-active-directory-conf (=3.1.0.RELEASE) +572 more potentially affected by CVE-2022-31690 via org.springframework.security:spring-security-oauth2-client (>=5.0.10.RELEASE <=5.6.8)

org.springframework.security:spring-security-oauth2-client MAVEN version =5.0.10.RELEASE, =1.1.1-alpha, =1.1.1-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.0.3-alpha, =0.1, =0.3 - cn.itlym:shoulder-security-code =0.3 - cn.itlym:shoulder-starter-auth-server =0.3 -...