This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Excel. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Windows. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
This vulnerability allows local attackers to escalate privileges on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)
Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
Kyle Zeng discovered that the Network Queuing and Scheduling subsystem of
the Linux kernel did not properly perform reference counting in some
situations, leading to a use-after-free vulnerability. A local attacker
could use this to cause a denial of service (system crash) or execute
arbitrary code. (CVE-2022-29581)
Bing-Jhong Billy Jheng discovered that the io_uring subsystem in the Linux
kernel contained in integer overflow. A local attacker could use this to
cause a denial of service (system crash) or execute arbitrary code.
(CVE-2022-1116)
Jann Horn discovered that the Linux kernel did not properly enforce seccomp
restrictions in some situations. A local attacker could use this to bypass
intended seccomp sandbox restrictions. (CVE-2022-30594)
HCL Traveler is vulnerable to a cross-site scripting (XSS) caused by improper validation of the Name parameter for Approved Applications in the Traveler administration web pages. An attacker could exploit this vulnerability to execute a malicious script to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site.
The following vulnerabilities have been discovered in the WPE WebKit
web engine:
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
Multiple security issues have been found in the Mozilla Firefox web
browser, which could potentially result in the execution of arbitrary
code, information disclosure or spoofing.
USN-5454-1 fixed several vulnerabilities in CUPS. This update provides
the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
Joshua Mason discovered that CUPS incorrectly handled the secret key used
to access the administrative web interface. A remote attacker could
possibly use this issue to open a session as an administrator and execute
arbitrary code. (CVE-2022-26691)
It was discovered that CUPS incorrectly handled certain memory operations
when handling IPP printing. A remote attacker could possibly use this issue
to cause CUPS to crash, leading to a denial of service, or obtain sensitive
information. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04
LTS. (CVE-2019-8842, CVE-2020-10001)
