In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A
Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress.
Proofpoint Enterprise Protection before 18.8.0 allows a Bypass of a Security Control.
A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.
USN-5686-1 fixed several vulnerabilities in Git. This update
provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM.
Original advisory details:
Kevin Backhouse discovered that Git incorrectly handled certain command
strings. An attacker could possibly use this issue to cause a crash or
arbitrary code execution.
It was discovered that Unbound incorrectly handled delegations with a large
number of non-responsive nameservers. A remote attacker could possibly use
this issue to cause Unbound to consume resources, leading to a denial of
service.
It was discovered that multipath-tools incorrectly handled symlinks. A
local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)
It was discovered that multipath-tools incorrectly handled access controls.
A local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. (CVE-2022-41974)
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.
USN-5638-1 fixed a vulnerability in Expat. This update provides
the corresponding updates for Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS.
Original advisory details:
Rhodri James discovered that Expat incorrectly handled memory when
processing certain malformed XML files. An attacker could possibly
use this issue to cause a crash or execute arbitrary code.
varnish-6.6.2-3.fc35
This is a security update adding fixes for the following issues
VSV00009 aka CVE-2022-38150: Denial of service
VSV00010 aka CVE-2022-45059: Request smuggling
VSV00011 aka CVE-2022-45060: Request forgery
For details, see https://varnish-cache.org/security
