Security
Headlines
HeadlinesLatestCVEs

Tag

#ubuntu

CVE-2022-0611: Improper Privilege Management in snipe-it

Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.

CVE
#web#ubuntu#linux#auth#firefox
CVE-2022-0581: Fuzz job crash output: fuzz-2022-02-07-6714.pcap (#17935) · Issues · Wireshark Foundation / wireshark · GitLab

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2021-46462: SEGV /njs/src/njs_object.c:2136:24 in njs_object_set_prototype · Issue #449 · nginx/njs

njs through 0.7.1, used in NGINX, was discovered to contain a segmentation violation via njs_object_set_prototype in /src/njs_object.c.

CVE-2022-0581: Fuzz job crash output: fuzz-2022-02-07-6714.pcap (#17935) · Issues · Wireshark Foundation / wireshark

Crash in the CMS protocol dissector in Wireshark 3.6.0 to 3.6.1 and 3.4.0 to 3.4.11 allows denial of service via packet injection or crafted capture file

CVE-2019-25057: Release notes

In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer.

CVE-2021-44879: 215231 – kernel NULL pointer dereference triggered in folio_mark_dirty() when mount and operate on a crafted f2fs image

In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not considered, leading to a move_data_page NULL pointer dereference.

CVE-2022-0562: AddressSanitizer: undefined-behavior tif_dirread.c:4176:40 in TIFFReadDirectory function (#362) · Issues · libtiff / libtiff · GitLab

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

CVE-2022-0562: AddressSanitizer: undefined-behavior tif_dirread.c:4176:40 in TIFFReadDirectory function (#362) · Issues · libtiff / libtiff

Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory() in tif_dirread.c in libtiff versions from 4.0 to 4.3.0 could lead to Denial of Service via crafted TIFF file. For users that compile libtiff from sources, a fix is available with commit 561599c.

CVE-2022-0185: GitHub - Crusaders-of-Rust/CVE-2022-0185: CVE-2022-0185

A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.