In (TBD) of (TBD), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555411References: N/A
In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A
A buffer overflow in Synthesia before 10.7.5567, when a non-Latin locale is used, allows user-assisted attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes. This file is mishandled during a deletion attempt. In Synthesia before 10.9, an improper path handling allows local attackers to cause a denial of service (application crash) via a crafted MIDI file with malformed bytes.
USN-5686-1 fixed several vulnerabilities in Git. This update
provides the corresponding fix for CVE-2022-39260 on Ubuntu 16.04 ESM.
Original advisory details:
Kevin Backhouse discovered that Git incorrectly handled certain command
strings. An attacker could possibly use this issue to cause a crash or
arbitrary code execution.
It was discovered that Unbound incorrectly handled delegations with a large
number of non-responsive nameservers. A remote attacker could possibly use
this issue to cause Unbound to consume resources, leading to a denial of
service.
It was discovered that multipath-tools incorrectly handled symlinks. A
local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2022-41973)
It was discovered that multipath-tools incorrectly handled access controls.
A local attacker could possibly use this issue, in combination with other
issues, to escalate privileges. (CVE-2022-41974)
Several security issues were discovered in the WebKitGTK Web and JavaScript
engines. If a user were tricked into viewing a malicious website, a remote
attacker could exploit a variety of issues related to web browser security,
including cross-site scripting attacks, denial of service attacks, and
arbitrary code execution.