Total
583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-4903 | 1 Codenameone | 1 Codename One | 2024-05-17 | N/A | 8.1 HIGH |
| A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability. | |||||
| CVE-2022-4817 | 1 Jgit-cookbook Project | 1 Jgit-cookbook | 2024-05-17 | N/A | 7.8 HIGH |
| A vulnerability was found in centic9 jgit-cookbook. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to insecure temporary file. The attack can be initiated remotely. The name of the patch is b8cb29b43dc704708d598c60ac1881db7cf8e9c3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-216988. | |||||
| CVE-2018-25068 | 1 Globalpom-utils Project | 1 Globalpom-utils | 2024-05-17 | N/A | 9.8 CRITICAL |
| A vulnerability has been found in devent globalpom-utils up to 4.5.0 and classified as critical. This vulnerability affects the function createTmpDir of the file globalpomutils-fileresources/src/main/java/com/anrisoftware/globalpom/fileresourcemanager/FileResourceManagerProvider.java. The manipulation leads to insecure temporary file. The attack can be initiated remotely. Upgrading to version 4.5.1 is able to address this issue. The patch is identified as 77a820bac2f68e662ce261ecb050c643bd7ee560. It is recommended to upgrade the affected component. VDB-217570 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-28336 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-04-19 | N/A | 4.3 MEDIUM |
| Insufficient filtering of grade report history made it possible for teachers to access the names of users they could not otherwise access. | |||||
| CVE-2023-1402 | 1 Moodle | 1 Moodle | 2024-04-19 | N/A | 4.3 MEDIUM |
| The course participation report required additional checks to prevent roles being displayed which the user did not have access to view. | |||||
| CVE-2021-46906 | 1 Linux | 1 Linux Kernel | 2024-04-17 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to calculate transfer_buffer_length as 16384. When this urb is passed to the usb core layer, KMSAN reports an info leak of 16384 bytes. To fix this, first modify hid_report_len() to account for the zero report size case by using DIV_ROUND_UP for the division. Then, call it from hid_submit_ctrl(). | |||||
| CVE-2022-40525 | 1 Qualcomm | 62 Csr8811, Csr8811 Firmware, Ipq6000 and 59 more | 2024-04-12 | N/A | 5.5 MEDIUM |
| Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis. | |||||
| CVE-2022-40523 | 1 Qualcomm | 370 9205 Lte Modem, 9205 Lte Modem Firmware, Aqt1000 and 367 more | 2024-04-12 | N/A | 5.5 MEDIUM |
| Information disclosure in Kernel due to indirect branch misprediction. | |||||
| CVE-2021-46937 | 1 Linux | 1 Linux Kernel | 2024-04-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: mm/damon/dbgfs: fix 'struct pid' leaks in 'dbgfs_target_ids_write()' DAMON debugfs interface increases the reference counts of 'struct pid's for targets from the 'target_ids' file write callback ('dbgfs_target_ids_write()'), but decreases the counts only in DAMON monitoring termination callback ('dbgfs_before_terminate()'). Therefore, when 'target_ids' file is repeatedly written without DAMON monitoring start/termination, the reference count is not decreased and therefore memory for the 'struct pid' cannot be freed. This commit fixes this issue by decreasing the reference counts when 'target_ids' is written. | |||||
| CVE-2021-46935 | 1 Linux | 1 Linux Kernel | 2024-04-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: binder: fix async_free_space accounting for empty parcels In 4.13, commit 74310e06be4d ("android: binder: Move buffer out of area shared with user space") fixed a kernel structure visibility issue. As part of that patch, sizeof(void *) was used as the buffer size for 0-length data payloads so the driver could detect abusive clients sending 0-length asynchronous transactions to a server by enforcing limits on async_free_size. Unfortunately, on the "free" side, the accounting of async_free_space did not add the sizeof(void *) back. The result was that up to 8-bytes of async_free_space were leaked on every async transaction of 8-bytes or less. These small transactions are uncommon, so this accounting issue has gone undetected for several years. The fix is to use "buffer_size" (the allocated buffer size) instead of "size" (the logical buffer size) when updating the async_free_space during the free operation. These are the same except for this corner case of asynchronous transactions with payloads < 8 bytes. | |||||
| CVE-2021-46923 | 1 Linux | 1 Linux Kernel | 2024-04-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took when we built it. We returned early if path lookup failed thereby risking to leak an additional reference we took when building mount_kattr when an idmapped mount was requested. | |||||
| CVE-2021-46917 | 1 Linux | 1 Linux Kernel | 2024-04-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix wq cleanup of WQCFG registers A pre-release silicon erratum workaround where wq reset does not clear WQCFG registers was leaked into upstream code. Use wq reset command instead of blasting the MMIO region. This also address an issue where we clobber registers in future devices. | |||||
| CVE-2021-46921 | 1 Linux | 1 Linux Kernel | 2024-04-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the value with the atomic_cond_read_acquire(), but only truly acquires the lock when the compare-and-exchange is completed successfully which isn’t ordered. This exposes the window between the acquire and the cmpxchg to an A-B-A problem which allows reads following the lock acquisition to observe values speculatively before the write lock is truly acquired. We've seen a problem in epoll where the reader does a xchg while holding the read lock, but the writer can see a value change out from under it. Writer | Reader -------------------------------------------------------------------------------- ep_scan_ready_list() | |- write_lock_irq() | |- queued_write_lock_slowpath() | |- atomic_cond_read_acquire() | | read_lock_irqsave(&ep->lock, flags); --> (observes value before unlock) | chain_epi_lockless() | | epi->next = xchg(&ep->ovflist, epi); | | read_unlock_irqrestore(&ep->lock, flags); | | | atomic_cmpxchg_relaxed() | |-- READ_ONCE(ep->ovflist); | A core can order the read of the ovflist ahead of the atomic_cmpxchg_relaxed(). Switching the cmpxchg to use acquire semantics addresses this issue at which point the atomic_cond_read can be switched to use relaxed semantics. [peterz: use try_cmpxchg()] | |||||
| CVE-2022-41946 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql Jdbc Driver | 2024-03-29 | N/A | 5.5 MEDIUM |
| pgjdbc is an open source postgresql JDBC Driver. In affected versions a prepared statement using either `PreparedStatement.setText(int, InputStream)` or `PreparedStatemet.setBytea(int, InputStream)` will create a temporary file if the InputStream is larger than 2k. This will create a temporary file which is readable by other users on Unix like systems, but not MacOS. On Unix like systems, the system's temporary directory is shared between all users on that system. Because of this, when files and directories are written into this directory they are, by default, readable by other users on that same system. This vulnerability does not allow other users to overwrite the contents of these directories or files. This is purely an information disclosure vulnerability. Because certain JDK file system APIs were only added in JDK 1.7, this this fix is dependent upon the version of the JDK you are using. Java 1.7 and higher users: this vulnerability is fixed in 4.5.0. Java 1.6 and lower users: no patch is available. If you are unable to patch, or are stuck running on Java 1.6, specifying the java.io.tmpdir system environment variable to a directory that is exclusively owned by the executing user will mitigate this vulnerability. | |||||
| CVE-2021-22897 | 5 Haxx, Netapp, Oracle and 2 more | 30 Curl, Cloud Backup, H300e and 27 more | 2024-03-27 | 4.3 MEDIUM | 5.3 MEDIUM |
| curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. | |||||
| CVE-2022-32221 | 5 Apple, Debian, Haxx and 2 more | 13 Macos, Debian Linux, Curl and 10 more | 2024-03-27 | N/A | 9.8 CRITICAL |
| When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST. | |||||
| CVE-2024-21626 | 2 Fedoraproject, Linuxfoundation | 2 Fedora, Runc | 2024-02-19 | N/A | 8.6 HIGH |
| runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. | |||||
| CVE-2023-7014 | 1 Amitzy | 1 Molongui Authorship | 2024-02-15 | N/A | 7.5 HIGH |
| The Author Box, Guest Author and Co-Authors for Your Posts – Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable. | |||||
| CVE-2022-23825 | 4 Amd, Debian, Fedoraproject and 1 more | 249 A10-9600p, A10-9600p Firmware, A10-9630p and 246 more | 2024-02-04 | 2.1 LOW | 6.5 MEDIUM |
| Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type potentially leading to information disclosure. | |||||
| CVE-2022-29901 | 5 Debian, Fedoraproject, Intel and 2 more | 254 Debian Linux, Fedora, Core I3-6100 and 251 more | 2024-02-04 | 1.9 LOW | 6.5 MEDIUM |
| Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions. | |||||