This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Category Archives: Advisories
ZDI-22-1023: Microsoft Windows win32kfull UMPDDrvFillPath Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
ZDI-22-1022: Microsoft Windows win32kfull UMPDDrvFontManagement Use-After-Free Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
DSA-5183 wpewebkit – security update
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
DSA-5182 webkit2gtk – security update
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
DSA-5185 mat2 – security update
A directory traversal vulnerability was discovered in the Metadata
anonymisation toolkit, which could result in information disclosure via
a malformed ZIP archive.
DSA-5184 xen – security update
Multiple vulnerabilities have been discovered in the Xen hypervisor, which
could result in privilege escalation. In addition this updates provides
mitigations for the Retbleed speculative execution attack and the
MMIO stale data vulnerabilities.
python-notebook-6.4.11-3.fc36
FEDORA-2022-35b698150c
Packages in this update:
python-notebook-6.4.11-3.fc36
Update description:
Security fix for CVE-2022-24785 and CVE-2022-31129.
python-notebook-6.4.0-4.fc35
FEDORA-2022-85aa8e5706
Packages in this update:
python-notebook-6.4.0-4.fc35
Update description:
Security fix for CVE-2022-24785 and CVE-2022-31129.
python-ujson-5.4.0-1.el9
FEDORA-EPEL-2022-1026769ad3
Packages in this update:
python-ujson-5.4.0-1.el9
Update description:
Security fix for CVE-2022-31116 and CVE-2022-31117.
5.4.0
Added
Add support for arbitrary size integers
Fixed
CVE-2022-31116: Replace wchar_t string decoding implementation with a uint32_t-based one; fix handling of surrogates on decoding
CVE-2022-31117: Potential double free of buffer during string decoding
Fix memory leak on encoding errors when the buffer was resized
Integer parsing: always detect overflows
Fix handling of surrogates on encoding