---

Log

AVG-2796 edited at 10 Aug 2022 20:16:47
Severity	- Unknown + Medium

CVE-2022-21151 edited at 10 Aug 2022 20:16:47
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ processor optimization removal or modification of security-critical code for some intel processors may allow an authenticated user to potentially enable information disclosure via local access
References
Notes

AVG-2796 created at 10 Aug 2022 20:15:38
Packages	+ intel-ucode
Issues	+ CVE-2022-21151
Status	+ Fixed
Severity	+ Unknown
Affected	+ 20220419-1
Fixed	+ 20220510-1
Ticket
Advisory qualified	+ No
References	+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
Notes

CVE-2022-21151 created at 10 Aug 2022 20:15:38

AVG-2795 edited at 10 Aug 2022 20:11:51
Severity	- Unknown + Medium

CVE-2022-21233 edited at 10 Aug 2022 20:11:51
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Information disclosure
Description	+ improper isolation of shared resources in some intel processors may allow a privileged user to potentially enable information disclosure via local access.
References
Notes

AVG-2795 created at 10 Aug 2022 20:10:15
Packages	+ intel-ucode
Issues	+ CVE-2022-21233
Status	+ Fixed
Severity	+ Unknown
Affected	+ 20220510-1
Fixed	+ 20220809-1
Ticket
Advisory qualified	+ Yes
References	+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html + https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
Notes

CVE-2022-21233 created at 10 Aug 2022 20:10:15

CVE-2021-46141 edited at 10 Aug 2022 19:58:18
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	- invalid free operations in uriFreeUriMembers and uriMakeOwner + .hostText memory is not properly duped/freed in uriNormalizeSyntax, uriMakeOwner, uriFreeUriMembers for some URIs

CVE-2021-46142 edited at 10 Aug 2022 19:53:21
References	https://github.com/uriparser/uriparser/issues/122 - https://github.com/uriparser/uriparser/pull/124

CVE-2021-46142 edited at 10 Aug 2022 19:52:15
Remote	- Unknown + Local
Type	- Unknown + Denial of service
Description	- invalid free operations in uriNormalizeSyntax + uriNormalizeSyntax may free stack memory in out-of-memory situation when handling URIs containing empty segments
References	https://github.com/uriparser/uriparser/issues/122 + https://github.com/uriparser/uriparser/pull/124

AVG-2788 edited at 10 Aug 2022 18:36:19
Severity	- Unknown + High

CVE-2022-34265 edited at 10 Aug 2022 18:36:19
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Sql injection

CVE-2022-34265 edited at 10 Aug 2022 18:35:37
Description	+ Trunc() and Extract() database functions were subject to SQL injection if untrusted data was used as a kind/lookup_name value
References
Notes	+ Applications that constrain the lookup name and kind choice to a known safe list are unaffected

AVG-2785 edited at 09 Aug 2022 16:39:10
Status	- Vulnerable + Fixed