CVE-2022-1043
A flaw was found in the Linux kernel’s io_uring implementation. This flaw allows an attacker with a local account to corrupt system memory, crash the system or escalate privileges.
Source: CVE-2022-1043
[월:] 2022년 08월
CVE-2022-1024
CVE-2022-1024
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Source: CVE-2022-1024
CVE-2022-1117
CVE-2022-1117
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how glibc names the runtime linker, a build time regular expression may not correctly detect the runtime linker. The consequence is that the pattern detection for applications launched by the run time linker may fail to detect the pattern and allow execution.
Source: CVE-2022-1117
CVE-2022-1115
CVE-2022-1115
A heap-buffer-overflow flaw was found in ImageMagick’s PushShortPixel() function of quantum-private.h file. This vulnerability is triggered when an attacker passes a specially crafted TIFF image file to ImageMagick for conversion, potentially leading to a denial of service.
Source: CVE-2022-1115
CVE-2022-1198
CVE-2022-1198
A use-after-free vulnerabilitity was discovered in drivers/net/hamradio/6pack.c of linux that allows an attacker to crash linux kernel by simulating ax25 device using 6pack driver from user space.
Source: CVE-2022-1198
CVE-2022-0400
CVE-2022-0400
An out-of-bounds read vulnerability was discovered in linux kernel in the smc protocol stack, causing remote dos.
Source: CVE-2022-0400
CVE-2022-0485
CVE-2022-0485
A flaw was found in the copying tool `nbdcopy` of libnbd. When performing multi-threaded copies using asynchronous nbd calls, nbdcopy was blindly treating the completion of an asynchronous command as successful, rather than checking the *error parameter. This could result in the silent creation of a corrupted destination image.
Source: CVE-2022-0485
CVE-2022-0496
CVE-2022-0496
A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().
Source: CVE-2022-0496
CVE-2022-0497
CVE-2022-0497
A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.
Source: CVE-2022-0497
CVE-2022-0669
CVE-2022-0669
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
Source: CVE-2022-0669