Alertes de sécurité

A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.

A flaw out of bounds memory write in the Linux kernel UDF file system functionality was found in the way user triggers some file operation which triggers udf_write_fi(). A local user could use this flaw to crash the system or potentially

A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.

A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when `--no-clobber` is used together with `--remove-on-error`.

A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.

An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.

An issue was discovered in the Linux kernel through 5.18.3 on powerpc 32-bit platforms. There is a buffer overflow in ptrace PEEKUSER and POKEUSER (aka PEEKUSR and POKEUSR) when accessing floating point registers.

AV1 Video Extension Remote Code Execution Vulnerability

AV1 Video Extension Remote Code Execution Vulnerability

Azure RTOS GUIX Studio Information Disclosure Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Azure RTOS GUIX Studio Remote Code Execution Vulnerability

Buffer Over-read in vim/vim

Buffer Over-read in vim/vim

Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.

Denial of Service (DoS)

Freeing unallocated memory in php_pgsql_free_params()

Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in vim/vim

HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

HEVC Video Extensions Remote Code Execution Vulnerability

Kerberos AppContainer Security Feature Bypass Vulnerability

libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.

libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.

Local Security Authority Subsystem Service Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability

Microsoft Excel Remote Code Execution Vulnerability

Microsoft Office Remote Code Execution Vulnerability

Microsoft Photos App Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SharePoint Server Remote Code Execution Vulnerability

Microsoft SQL Server Remote Code Execution Vulnerability

mysqlnd/pdo password buffer overflow

net/netfilter/nf_tables_api.c in the Linux kernel through 5.18.1 allows a local user (able to create user/net namespaces) to escalate privileges to root because an incorrect NFT_STATEFUL_EXPR check leads to a use-after-free.

npm packing does not respect root-level ignore files in workspaces

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability

Out-of-bounds Read in vim/vim

Out-of-bounds Read in vim/vim

Out-of-bounds Write in vim/vim

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability