CVE-2022-36604
An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated attackers to arbitrarily change user passwords via a crafted POST request.
Source: CVE-2022-36604
[월:] 2022년 09월
CVE-2022-32743
CVE-2022-32743
Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.
Source: CVE-2022-32743
CVE-2022-36622
CVE-2022-36622
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
Source: CVE-2022-36622
CVE-2022-38127
CVE-2022-38127
A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.
Source: CVE-2022-38127
CVE-2022-38126
CVE-2022-38126
Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.
Source: CVE-2022-38126
CVE-2022-38128
CVE-2022-38128
An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker.
Source: CVE-2022-38128
CVE-2022-2319
CVE-2022-2319
A flaw was found in the Xorg-x11-server. An out-of-bounds access issue can occur in the ProcXkbSetGeometry function due to improper validation of the request length.
Source: CVE-2022-2319
CVE-2022-2308
CVE-2022-2308
A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.
Source: CVE-2022-2308
CVE-2022-2403
CVE-2022-2403
A credentials leak was found in the OpenShift Container Platform. The private key for the external cluster certificate was stored incorrectly in the oauth-serving-cert ConfigMaps, and accessible to any authenticated OpenShift user or service-account. A malicious user could exploit this flaw by reading the oauth-serving-cert ConfigMap in the openshift-config-managed namespace, compromising any web traffic secured using that certificate.
Source: CVE-2022-2403
CVE-2022-23452
CVE-2022-23452
An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. This flaw allows an attacker on the network to consume protected resources and cause a denial of service.
Source: CVE-2022-23452