CVE-2022-4696 : LINUX KERNEL PRIOR 5.10.160 GET_UTS USE AFTER FREE

Description There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing

Description Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability. References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2023-21674 For More Information MITRE

Description Memory corruption in Bluetooth HOST due to buffer overflow while parsing the command response received from remote. References https://www.qualcomm.com/company/product-security/bulletins/january-2023-bulletin

Description The bootloader in the Nokia ASIK AirScale system module (versions 474021A.101 and 474021A.102) loads public keys for firmware verification

Description A vulnerability in the ClearPass OnGuard Windows agent could allow malicious users on a Windows instance to elevate their

Description Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper

Description Apache Dubbo is a java based, open source RPC framework. Versions prior to 2.6.10 and 2.7.10 are vulnerable to

Description A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0

Description Out-of-bounds write vulnerability in Remote Desktop Functionality in Synology VPN Plus Server before 1.4.3-0534 and 1.4.4-0635 allows remote attackers

Description lxc-user-nic in lxc through 5.0.1 is installed setuid root, and may allow local users to infer whether any file

Description authentik is an open-source Identity Provider focused on flexibility and versatility. Versions prior to 2022.11.4 and 2022.10.4 are vulnerable

Description Comparison of Object References Instead of Object Contents in GitHub repository usememos/memos prior to 0.9.1. References https://huntr.dev/bounties/33924891-5c36-4b46-b417-98eaab688c4c https://github.com/usememos/memos/commit/3556ae4e651d9443dc3bb8a170dd3cc726517a53 For

Description A SQL injection issue in the web API in TrueConf Server 5.2.0.10225 allows remote unauthenticated attackers to execute arbitrary

Description Certain General Electric Renewable Energy products have a hidden feature for unauthenticated remote access to the device configuration shell.

Description IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1could allow a non-privileged local user to exploit a vulnerability in CAA

Description The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various functions used to update the

Description Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where a specific function does not sanitize the input

Description The package vm2 before 3.9.10 are vulnerable to Arbitrary Code Execution due to the usage of prototype lookup for

Description An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus 10.1.2228.15. Despite configuring complete

Description A vulnerability exists in the Rockwell Automation controllers that allows a malformed CIP request to cause a major non-recoverable

Description The “puhttpsniff” service, which runs by default, is susceptible to command injection due to improperly sanitized user input. An

Description Memory corruption in Core due to improper configuration in boot remapper. References https://www.qualcomm.com/company/product-security/bulletins/december-2022-bulletin For More Information MITRE

Description A vulnerability was found in X.Org. This security flaw occurs because the XkbCopyNames function left a dangling pointer to