This vulnerability allows remote attackers to execute arbitrary code on affected installations of Autodesk AutoCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leaks.
A use-after-free was discovered when removing an XSLT parameter in some
circumstances. If a user were tricked into opening a specially crafted
website, an attacker could exploit this to cause a denial of service, or
execute arbitrary code. (CVE-2022-26485)
A use-after-free was discovered in the WebGPU IPC framework. If a user
were tricked into opening a specially crafted website, an attacker could
exploit this to cause a denial of service, or execute arbitrary code.
(CVE-2022-26486)
Felix Wilhelm discovered that the containerd container runtime was
susceptible to information disclosure via malformed container images.
Two security issues have been found in the Mozilla Firefox web browser,
which result in the execution of arbitrary code.
Posted by Asterisk Security Team on Mar 04
Asterisk Project Security Advisory – AST-2022-006
Product Asterisk
Summary pjproject: unconstrained malformed multipart SIP
message
Nature of Advisory Out of bounds memory access
Susceptibility Remote unauthenticated sessions…
Posted by Asterisk Security Team on Mar 04
Asterisk Project Security Advisory – AST-2022-005
Product Asterisk
Summary pjproject: undefined behavior after freeing a dialog
set
Nature of Advisory Denial of service
Susceptibility Remote unauthenticated sessions…
Posted by Asterisk Security Team on Mar 04
Asterisk Project Security Advisory – AST-2022-004
Product Asterisk
Summary pjproject: possible integer underflow on STUN
message
Nature of Advisory Arbitrary code execution
Susceptibility Remote unauthenticated sessions…
An improper signature verification vulnerability was found in coreos-installer. A specially crafted gzip installation image can bypass the image signature verification and as a consequence can lead to the installation of unsigned content. An attacker able to modify the original installation image can write arbitrary data, and achieve full access to the node being installed.
A flaw was found in OpenEXR’s hufUncompress functionality in OpenEXR/IlmImf/ImfHuf.cpp. This flaw allows an attacker who can submit a crafted file that is processed by OpenEXR, to trigger an integer overflow. The highest threat from this vulnerability is to system availability.
