Weekly Vulnerabilities Reports > August 29 to September 4, 2022

Overview

105 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 42 high severity vulnerabilities. This weekly summary report vulnerabilities in 323 products from 49 vendors including Debian, Redhat, Linux, Fedoraproject, and Netapp. Vulnerabilities are notably categorized as "Use After Free", "Out-of-bounds Write", "Resource Exhaustion", "Out-of-bounds Read", and "NULL Pointer Dereference".

  • 56 reported vulnerabilities are remotely exploitables.
  • 19 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 63 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 29 reported vulnerabilities.
  • Apache has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-02 CVE-2020-22669 Owasp
Debian
SQL Injection vulnerability in multiple products

Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability.

9.8
2022-09-02 CVE-2022-25371 Apache Code Injection vulnerability in Apache Ofbiz

Apache OFBiz uses the Birt project plugin (https://eclipse.github.io/birt-website/) to create data visualizations and reports.

9.8
2022-09-01 CVE-2020-35527 Sqlite
Netapp
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause.

9.8
2022-08-31 CVE-2022-37130 Dlink Command Injection vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

In D-Link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img a command injection vulnerability occurs in /goform/Diagnosis, after the condition is met, setnum will be spliced into v10 by snprintf, and the system will be executed, resulting in a command injection vulnerability

9.8
2022-08-31 CVE-2022-36201 Doctor S Appointment System Project SQL Injection vulnerability in Doctor'S Appointment System Project Doctor'S Appointment System 1.0

Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.

9.8
2022-08-31 CVE-2022-21941 Johnsoncontrols Command Injection vulnerability in Johnsoncontrols Istar Ultra Firmware

All versions of iSTAR Ultra prior to version 6.8.9.CU01 are vulnerable to a command injection that could allow an unauthenticated user root access to the system.

9.8
2022-08-29 CVE-2022-22897 Apollotheme SQL Injection vulnerability in Apollotheme AP Pagebuilder 2.4.4

A SQL injection vulnerability in the product_all_one_img and image_product parameters of the ApolloTheme AP PageBuilder component through 2.4.4 for PrestaShop allows unauthenticated attackers to exfiltrate database data.

9.8

42 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-02 CVE-2022-39176 Bluez
Canonical
Debian
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate params_len.
8.8
2022-09-02 CVE-2022-39177 Bluez
Canonical
Debian
BlueZ before 5.59 allows physically proximate attackers to cause a denial of service because malformed and invalid capabilities can be processed in profiles/audio/avdtp.c.
8.8
2022-09-02 CVE-2022-39170 Libdwarf Project
Fedoraproject
Double Free vulnerability in multiple products

libdwarf 0.4.1 has a double free in _dwarf_exec_frame_instr in dwarf_frame.c.

8.8
2022-09-01 CVE-2022-1902 Redhat Exposure of System Data to an Unauthorized Control Sphere vulnerability in Redhat Advanced Cluster Security 3.68/3.69/3.70

A flaw was found in the Red Hat Advanced Cluster Security for Kubernetes.

8.8
2022-08-31 CVE-2022-1271 GNU
Redhat
Debian
Improper Input Validation vulnerability in multiple products

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility.

8.8
2022-08-31 CVE-2022-1552 Postgresql Incomplete Cleanup vulnerability in Postgresql

A flaw was found in PostgreSQL.

8.8
2022-08-30 CVE-2022-38118 Hgiga SQL Injection vulnerability in Hgiga Oaklouds Portal

OAKlouds Portal website’s Meeting Room has insufficient validation for user input.

8.8
2022-08-29 CVE-2022-1043 Linux Use After Free vulnerability in Linux Kernel

A flaw was found in the Linux kernel’s io_uring implementation.

8.8
2022-08-29 CVE-2022-1117 Fapolicyd Project Files or Directories Accessible to External Parties vulnerability in Fapolicyd Project Fapolicyd

A vulnerability was found in fapolicyd.

8.4
2022-09-02 CVE-2022-31176 Grafana Information Exposure vulnerability in Grafana Grafana-Image-Renderer

Grafana Image Renderer is a Grafana backend plugin that handles rendering of panels & dashboards to PNGs using a headless browser (Chromium/Chrome).

8.1
2022-09-01 CVE-2022-36773 IBM
Netapp
XXE vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.1
2022-09-03 CVE-2022-3099 VIM
Fedoraproject
Debian
Use After Free vulnerability in multiple products

Use After Free in GitHub repository vim/vim prior to 9.0.0360.

7.8
2022-09-02 CVE-2022-39189 Linux Unspecified vulnerability in Linux Kernel

An issue was discovered the x86 KVM subsystem in the Linux kernel before 5.18.17.

7.8
2022-09-01 CVE-2022-2319 X ORG Unspecified vulnerability in X.Org Xorg-Server 21.1.0

A flaw was found in the Xorg-x11-server.

7.8
2022-09-01 CVE-2022-2320 X ORG Out-of-bounds Write vulnerability in X.Org Xorg-Server 21.1.0

A flaw was found in the Xorg-x11-server.

7.8
2022-09-01 CVE-2022-2639 Linux
Redhat
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

An integer coercion error was found in the openvswitch kernel module.

7.8
2022-08-31 CVE-2022-1976 Linux Use After Free vulnerability in Linux Kernel

A flaw was found in the Linux kernel’s implementation of IO-URING.

7.8
2022-08-30 CVE-2022-24106 Glyphandcog Integer Overflow or Wraparound vulnerability in Glyphandcog Xpdfreader

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

7.8
2022-08-30 CVE-2022-24107 Glyphandcog Integer Overflow or Wraparound vulnerability in Glyphandcog Xpdfreader

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

7.8
2022-08-30 CVE-2022-38784 Freedesktop
Debian
Fedoraproject
Integer Overflow or Wraparound vulnerability in multiple products

Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIGStream.cc).

7.8
2022-08-29 CVE-2022-0358 Qemu
Redhat
Improper Check for Dropped Privileges vulnerability in multiple products

A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation.

7.8
2022-08-29 CVE-2022-0367 Libmodbus
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

A heap-based buffer overflow flaw was found in libmodbus in function modbus_reply() in src/modbus.c.

7.8
2022-09-02 CVE-2020-29260 Libvncserver Project
Debian
Resource Exhaustion vulnerability in multiple products

libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().

7.5
2022-09-01 CVE-2021-3826 GNU
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Heap/stack buffer overflow in the dlang_lname function in d-demangle.c in libiberty allows attackers to potentially cause a denial of service (segmentation fault and crash) via a crafted mangled symbol.

7.5
2022-09-01 CVE-2022-2738 Redhat
Podman Project
Use After Free vulnerability in multiple products

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-8945, which was previously fixed via RHSA-2020:2117.

7.5
2022-09-01 CVE-2022-30614 IBM
Netapp
Resource Exhaustion vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to a denial of service via email flooding caused by sending a specially-crafted request.

7.5
2022-08-31 CVE-2022-36620 Dlink Allocation of Resources Without Limits or Throttling vulnerability in Dlink Dir-816 Firmware 1.10Cnb04

D-link DIR-816 A2_v1.10CNB04, DIR-878 DIR_878_FW1.30B08.img is vulnerable to Buffer Overflow via /goform/addRouting.

7.5
2022-08-31 CVE-2022-38152 Wolfssl Improper Check for Unusual or Exceptional Conditions vulnerability in Wolfssl

An issue was discovered in wolfSSL before 5.5.0.

7.5
2022-08-31 CVE-2022-1259 Redhat
Netapp
Resource Exhaustion vulnerability in multiple products

A flaw was found in Undertow.

7.5
2022-08-31 CVE-2022-1319 Redhat
Netapp
Unchecked Return Value vulnerability in multiple products

A flaw was found in Undertow.

7.5
2022-08-30 CVE-2022-25857 Snakeyaml Project
Debian
Resource Exhaustion vulnerability in multiple products

The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

7.5
2022-08-30 CVE-2022-39028 GNU
MIT
Debian
NULL Pointer Dereference vulnerability in multiple products

telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8.

7.5
2022-08-29 CVE-2022-37680 Hitachi Unspecified vulnerability in Hitachi Hc-Ip9100Hd Firmware 1.07

An improper authentication for critical function issue in Hitachi Kokusai Electric Network products for monitoring system (Camera, Decoder and Encoder) and bellow allows attckers to remotely reboot the device via a crafted POST request to the endpoint /ptipupgrade.cgi.

7.5
2022-08-29 CVE-2022-37681 Hitachi Path Traversal vulnerability in Hitachi Hc-Ip9100Hd Firmware 1.07

Hitachi Kokusai Electric Newtork products for monitoring system (Camera, Decoder and Encoder) and below allows attckers to perform a directory traversal via a crafted GET request to the endpoint /ptippage.cgi.

7.5
2022-08-29 CVE-2022-37177 Hirevue Use of a Broken or Risky Cryptographic Algorithm vulnerability in Hirevue Hiring Platform

** DISPUTED ** HireVue Hiring Platform V1.0 suffers from Use of a Broken or Risky Cryptographic Algorithm.

7.5
2022-08-29 CVE-2022-0934 Thekelleys
Redhat
Use After Free vulnerability in multiple products

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq.

7.5
2022-08-29 CVE-2022-1199 Linux
Redhat
Netapp
Use After Free vulnerability in multiple products

A flaw was found in the Linux kernel.

7.5
2022-09-01 CVE-2022-2996 Python Scciclient Project
Debian
Improper Certificate Validation vulnerability in multiple products

A flaw was found in the python-scciclient when making an HTTPS connection to a server where the server's certificate would not be verified.

7.4
2022-09-01 CVE-2022-1729 Linux Race Condition vulnerability in Linux Kernel 5.18

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges.

7.0
2022-08-31 CVE-2022-2590 Linux Race Condition vulnerability in Linux Kernel

A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings.

7.0
2022-08-31 CVE-2022-3028 Linux
Fedoraproject
Debian
Out-of-bounds Write vulnerability in multiple products

A race condition was found in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously.

7.0
2022-08-29 CVE-2022-2961 Linux
Fedoraproject
Use After Free vulnerability in multiple products

A use-after-free flaw was found in the Linux kernel’s PLP Rose functionality in the way a user triggers a race condition by calling bind while simultaneously triggering the rose_bind() function.

7.0

55 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-01 CVE-2022-2447 Openstack
Redhat
Operation on a Resource after Expiration or Release vulnerability in multiple products

A flaw was found in Keystone.

6.6
2022-09-01 CVE-2022-1632 Redhat
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

An Improper Certificate Validation attack was found in Openshift.

6.5
2022-09-01 CVE-2022-2238 Redhat Resource Exhaustion vulnerability in Redhat Advanced Cluster Management for Kubernetes 2.0

A vulnerability was found in the search-api container in Red Hat Advanced Cluster Management for Kubernetes when a query in the search filter gets parsed by the backend.

6.5
2022-09-01 CVE-2022-2403 Redhat Exposure of System Data to an Unauthorized Control Sphere vulnerability in Redhat Openshift 4.9

A credentials leak was found in the OpenShift Container Platform.

6.5
2022-09-01 CVE-2020-4301 IBM
Netapp
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5
2022-09-01 CVE-2021-20468 IBM
Netapp
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5
2022-09-01 CVE-2021-29823 IBM
Netapp
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.5
2022-09-01 CVE-2022-36449 ARM Use After Free vulnerability in ARM Bifrost, Midgard and Valhall

An issue was discovered in the Arm Mali GPU Kernel Driver.

6.5
2022-08-31 CVE-2022-2519 Libtiff
Debian
Double Free vulnerability in multiple products

There is a double free or corruption in rotateImage() at tiffcrop.c:8839 found in libtiff 4.4.0rc1

6.5
2022-08-31 CVE-2022-2520 Libtiff
Debian
Incorrect Calculation of Buffer Size vulnerability in multiple products

A flaw was found in libtiff 4.4.0rc1.

6.5
2022-08-31 CVE-2022-2521 Libtiff
Debian
Release of Invalid Pointer or Reference vulnerability in multiple products

It was found in libtiff 4.4.0rc1 that there is an invalid pointer free operation in TIFFClose() at tif_close.c:131 called by tiffcrop.c:2522 that can cause a program crash and denial of service while processing crafted input.

6.5
2022-08-30 CVE-2022-2330 Mcafee XXE vulnerability in Mcafee Data Loss Prevention Endpoint

Improper Restriction of XML External Entity Reference vulnerability in DLP Endpoint for Windows prior to 11.9.100 allows a remote attacker to cause the DLP Agent to access a local service that the attacker wouldn't usually have access to via a carefully constructed XML file, which the DLP Agent doesn't parse correctly.

6.5
2022-08-30 CVE-2021-46837 Asterisk
Digium
Debian
NULL Pointer Dereference vulnerability in multiple products

res_pjsip_t38 in Sangoma Asterisk 16.x before 16.16.2, 17.x before 17.9.3, and 18.x before 18.2.2, and Certified Asterisk before 16.8-cert7, allows an attacker to trigger a crash by sending an m=image line and zero port in a response to a T.38 re-invite initiated by Asterisk.

6.5
2022-09-01 CVE-2022-1677 Redhat Resource Exhaustion vulnerability in Redhat Openshift Container Platform

In OpenShift Container Platform, a user with permissions to create or modify Routes can craft a payload that inserts a malformed entry into one of the cluster router's HAProxy configuration files.

6.3
2022-08-29 CVE-2022-21385 Oracle Unspecified vulnerability in Oracle Linux

A flaw in net_rds_alloc_sgs() in Oracle Linux kernels allows unprivileged local users to crash the machine.

6.2
2022-08-31 CVE-2022-1355 Libtiff
Fedoraproject
Redhat
Netapp
Debian
Stack-based Buffer Overflow vulnerability in multiple products

A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function.

6.1
2022-08-30 CVE-2022-36747 Cobub Cross-site Scripting vulnerability in Cobub Razor 0.8.0

Razor v0.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the function uploadchannel().

6.1
2022-08-29 CVE-2022-36033 Jsoup
Netapp
Cross-site Scripting vulnerability in multiple products

jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety.

6.1
2022-08-31 CVE-2022-38153 Wolfssl Allocation of Resources Without Limits or Throttling vulnerability in Wolfssl 5.3.0

An issue was discovered in wolfSSL before 5.5.0 (when --enable-session-ticket is used); however, only version 5.3.0 is exploitable.

5.9
2022-08-31 CVE-2022-2758 LS Electric Inadequate Encryption Strength vulnerability in Ls-Electric products

Passwords are not adequately encrypted during the communication process between all versions of LS Industrial Systems (LSIS) Co.

5.9
2022-09-02 CVE-2022-39190 Linux
Debian
Resource Exhaustion vulnerability in multiple products

An issue was discovered in net/netfilter/nf_tables_api.c in the Linux kernel before 5.19.6.

5.5
2022-09-01 CVE-2022-38126 GNU Reachable Assertion vulnerability in GNU Binutils

Assertion fail in the display_debug_names() function in binutils/dwarf.c may lead to program crash and denial of service.

5.5
2022-09-01 CVE-2022-38127 GNU NULL Pointer Dereference vulnerability in GNU Binutils

A NULL pointer dereference in the read_and_display_attr_value() function in binutils/dwarf.c may lead to program crash when parsing corrupt DWARF data.

5.5
2022-09-01 CVE-2022-38128 GNU Infinite Loop vulnerability in GNU Binutils

An infinite loop may be triggered in display_debug_abbrev() function in binutils/dwarf.c while opening a crafted ELF, which may lead to denial of service by a local attacker.

5.5
2022-09-01 CVE-2021-39009 IBM
Netapp
Cleartext Storage of Sensitive Information vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 stores user credentials in plain clear text which can be read by a local privileged user.

5.5
2022-09-01 CVE-2021-39045 IBM
Netapp
Exposure of Resource to Wrong Sphere vulnerability in multiple products

IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could allow a local attacker to obtain information due to the autocomplete feature on password input fields.

5.5
2022-09-01 CVE-2020-27784 Linux Use After Free vulnerability in Linux Kernel

A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance.

5.5
2022-09-01 CVE-2020-35530 Libraw
Debian
Out-of-bounds Write vulnerability in multiple products

In LibRaw, there is an out-of-bounds write vulnerability within the "new_node()" function (libraw\src\x3f\x3f_utils_patched.cpp) that can be triggered via a crafted X3F file.

5.5
2022-09-01 CVE-2020-35531 Libraw
Debian
Out-of-bounds Read vulnerability in multiple products

In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file.

5.5
2022-09-01 CVE-2020-35532 Libraw
Debian
Out-of-bounds Read vulnerability in multiple products

In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field.

5.5
2022-09-01 CVE-2022-3061 Linux
Debian
Divide By Zero vulnerability in multiple products

Found Linux Kernel flaw in the i740 driver.

5.5
2022-08-31 CVE-2022-1354 Libtiff
Fedoraproject
Redhat
Netapp
Debian
Out-of-bounds Read vulnerability in multiple products

A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped() function.

5.5
2022-08-31 CVE-2022-2153 Linux
Fedoraproject
Redhat
Debian
NULL Pointer Dereference vulnerability in multiple products

A flaw was found in the Linux kernel’s KVM when attempting to set a SynIC IRQ.

5.5
2022-08-29 CVE-2022-0480 Linux
Redhat
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A flaw was found in the filelock_init in fs/locks.c function in the Linux kernel.

5.5
2022-08-29 CVE-2022-0851 Convert2Rhel Project
Redhat
Information Exposure vulnerability in multiple products

There is a flaw in convert2rhel.

5.5
2022-08-29 CVE-2022-0852 Convert2Rhel Project
Redhat
Privacy Violation vulnerability in multiple products

There is a flaw in convert2rhel.

5.5
2022-08-29 CVE-2022-1016 Linux
Redhat
Access of Uninitialized Pointer vulnerability in multiple products

A flaw was found in the Linux kernel in net/netfilter/nf_tables_core.c:nft_do_chain, which can cause a use-after-free.

5.5
2022-08-29 CVE-2022-1184 Linux
Redhat
Debian
Use After Free vulnerability in multiple products

A use-after-free flaw was found in fs/ext4/namei.c:dx_insert_block() in the Linux kernel’s filesystem sub-component.

5.5
2022-08-29 CVE-2022-2953 Libtiff
Netapp
Debian
Out-of-bounds Read vulnerability in multiple products

LibTIFF 4.4.0 has an out-of-bounds read in extractImageSection in tools/tiffcrop.c:6905, allowing attackers to cause a denial-of-service via a crafted tiff file.

5.5
2022-08-29 CVE-2022-35014 Advancemame
Fedoraproject
Advancecomp v2.3 contains a segmentation fault.
5.5
2022-08-29 CVE-2022-35015 Advancemame
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Advancecomp v2.3 was discovered to contain a heap buffer overflow via le_uint32_read at /lib/endianrw.h.

5.5
2022-08-29 CVE-2022-35016 Advancemame
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

5.5
2022-08-29 CVE-2022-35017 Advancemame
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Advancecomp v2.3 was discovered to contain a heap buffer overflow.

5.5
2022-08-29 CVE-2022-35018 Advancemame
Fedoraproject
Advancecomp v2.3 was discovered to contain a segmentation fault.
5.5
2022-08-29 CVE-2022-35019 Advancemame
Fedoraproject
Advancecomp v2.3 was discovered to contain a segmentation fault.
5.5
2022-08-29 CVE-2022-35020 Advancemame
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Advancecomp v2.3 was discovered to contain a heap buffer overflow via the component __interceptor_memcpy at /sanitizer_common/sanitizer_common_interceptors.inc.

5.5
2022-09-01 CVE-2022-2663 Linux
Debian
Improper Restriction of Communication Channel to Intended Endpoints vulnerability in multiple products

An issue was found in the Linux kernel in nf_conntrack_irc where the message handling can be confused and incorrectly matches the message.

5.3
2022-09-01 CVE-2022-2739 Redhat
Podman Project
Information Exposure vulnerability in multiple products

The version of podman as released for Red Hat Enterprise Linux 7 Extras via RHSA-2022:2190 advisory included an incorrect version of podman missing the fix for CVE-2020-14370, which was previously fixed via RHSA-2020:5056.

5.3
2022-08-31 CVE-2022-39046 GNU
Netapp
Information Exposure Through Log Files vulnerability in multiple products

An issue was discovered in the GNU C Library (glibc) 2.36.

5.3
2022-09-01 CVE-2022-23452 Openstack
Redhat
Incorrect Authorization vulnerability in multiple products

An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container.

4.9
2022-09-01 CVE-2022-2764 Redhat
Netapp
A flaw was found in Undertow.
4.9
2022-08-29 CVE-2022-0718 Openstack
Redhat
Debian
Insufficiently Protected Credentials vulnerability in multiple products

A flaw was found in python-oslo-utils.

4.9
2022-08-29 CVE-2022-0485 Redhat Unchecked Return Value vulnerability in Redhat Enterprise Linux and Libnbd

A flaw was found in the copying tool `nbdcopy` of libnbd.

4.8
2022-09-02 CVE-2022-38170 Apache Race Condition vulnerability in Apache Airflow

In Apache Airflow prior to 2.3.4, an insecure umask was configured for numerous Airflow components when running with the `--daemon` flag which could result in a race condition giving world-writable files in the Airflow home directory and allowing local users to expose arbitrary file contents via the webserver.

4.7
2022-09-02 CVE-2022-39188 Linux
Debian
Race Condition vulnerability in multiple products

An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19.

4.7

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2022-09-01 CVE-2022-2256 Redhat Cross-site Scripting vulnerability in Redhat Single Sign-On 7.0

A Stored Cross-site scripting (XSS) vulnerability was found in keycloak as shipped in Red Hat Single Sign-On 7.

3.8