Alertes de sécurité

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

<vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner

A crafted JPEG image may lead the JPEG reader to underflow its data pointer allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.

A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information causing a denial of service.

A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.

A OS Command Injection vulnerability exists in Node.js versions &lt;14.20.0 &lt;16.20.0 &lt;18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.

Active Directory Federation Services Elevation of Privilege Vulnerability

An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.

An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges a different vulnerability than CVE-2022-32250. (The attacker can obtain root access but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.

Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Elevation of Privilege Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Azure Site Recovery Remote Code Execution Vulnerability

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().

Denial of Service (DoS)

Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in vim/vim

Heap-based Buffer Overflow in vim/vim

In libtirpc before 1.3.3rc1 remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can in turn lead to an svc_run infinite loop without accepting new connections.

In mistune through 2.0.2 support of inline markup is implemented by using regular expressions that can involve a high amount of backtracking on certain edge cases. This behavior is commonly named catastrophic backtracking.

Integer Overflow or Wraparound in vim/vim

Internet Information Services Dynamic Compression Module Denial of Service Vulnerability

MariaDB v10.4 to v10.7 was discovered to contain an use-after-poison in prepare_inplace_add_virtual at /storage/innobase/handler/handler0alter.cc.

MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc.

network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path) a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.

nfqnl_mangle in net/netfilter/nfnetlink_queue.c in the Linux kernel through 5.18.14 allows remote attackers to cause a denial of service (panic) because in the case of an nf_queue verdict with a one-byte nfta_payload attribute an skb_pull can encounter a negative skb-&gt;len.

NULL Pointer Dereference in lxml/lxml

Out-of-bounds Read in vim/vim

Out-of-bounds Read in vim/vim

Out-of-bounds Write in vim/vim

Performance Counters for Windows Elevation of Privilege Vulnerability

Potential heap overflow in Redis

Remote Procedure Call Runtime Remote Code Execution Vulnerability

Skype for Business and Lync Remote Code Execution Vulnerability

softmmu/physmem.c in QEMU through 7.0.0 can perform an uninitialized read on the translate_fail path leading to an io_readx or io_writex crash. NOTE: a third party states that the Non-virtualization Use Case in the qemu.org reference applies here i.e. "Bugs affecting the non-virtualization use case are not considered security bugs at this time.

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.

Stack-based Buffer Overflow in vim/vim

The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.

Use After Free in vim/vim

Use After Free in vim/vim

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability

Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability