Log

AVG-2796 edited at 10 Aug 2022 20:16:47
Severity
- Unknown
+ Medium
CVE-2022-21151 edited at 10 Aug 2022 20:16:47
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ processor optimization removal or modification of security-critical code for some intel processors may allow an authenticated user to potentially enable information disclosure via local access
References
Notes
AVG-2796 created at 10 Aug 2022 20:15:38
Packages
+ intel-ucode
Issues
+ CVE-2022-21151
Status
+ Fixed
Severity
+ Unknown
Affected
+ 20220419-1
Fixed
+ 20220510-1
Ticket
Advisory qualified
+ No
References
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00617.html
Notes
CVE-2022-21151 created at 10 Aug 2022 20:15:38
AVG-2795 edited at 10 Aug 2022 20:11:51
Severity
- Unknown
+ Medium
CVE-2022-21233 edited at 10 Aug 2022 20:11:51
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Information disclosure
Description
+ improper isolation of shared resources in some intel processors may allow a privileged user to potentially enable information disclosure via local access.
References
Notes
AVG-2795 created at 10 Aug 2022 20:10:15
Packages
+ intel-ucode
Issues
+ CVE-2022-21233
Status
+ Fixed
Severity
+ Unknown
Affected
+ 20220510-1
Fixed
+ 20220809-1
Ticket
Advisory qualified
+ Yes
References
+ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00657.html
+ https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
Notes
CVE-2022-21233 created at 10 Aug 2022 20:10:15
CVE-2021-46141 edited at 10 Aug 2022 19:58:18
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
- invalid free operations in uriFreeUriMembers and uriMakeOwner
+ .hostText memory is not properly duped/freed in uriNormalizeSyntax, uriMakeOwner, uriFreeUriMembers for some URIs
CVE-2021-46142 edited at 10 Aug 2022 19:53:21
References
https://github.com/uriparser/uriparser/issues/122
- https://github.com/uriparser/uriparser/pull/124
CVE-2021-46142 edited at 10 Aug 2022 19:52:15
Remote
- Unknown
+ Local
Type
- Unknown
+ Denial of service
Description
- invalid free operations in uriNormalizeSyntax
+ uriNormalizeSyntax may free stack memory in out-of-memory situation when handling URIs containing empty segments
References
https://github.com/uriparser/uriparser/issues/122
+ https://github.com/uriparser/uriparser/pull/124
AVG-2788 edited at 10 Aug 2022 18:36:19
Severity
- Unknown
+ High
CVE-2022-34265 edited at 10 Aug 2022 18:36:19
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Sql injection
CVE-2022-34265 edited at 10 Aug 2022 18:35:37
Description
+ Trunc() and Extract() database functions were subject to SQL injection if untrusted data was used as a kind/lookup_name value
References
Notes
+ Applications that constrain the lookup name and kind choice to a known safe list are unaffected
AVG-2785 edited at 09 Aug 2022 16:39:10
Status
- Vulnerable
+ Fixed