---

Log

CVE-2022-23648 created at 18 May 2022 19:58:43
Severity	+ Unknown
Remote	+ Unknown
Type	+ Information disclosure
Description	+ containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.
References	+ https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70 + https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7 + https://github.com/containerd/containerd/releases/tag/v1.6.1
Notes	+ Workarounds: Ensure that only trusted images are used.

AVG-2724 created at 18 May 2022 19:21:13
Packages	+ openldap
Issues	+ CVE-2022-29155
Status	+ Fixed
Severity	+ Critical
Affected	+ 2.6.1-1
Fixed	+ 2.6.2-1
Ticket
Advisory qualified	+ Yes
References
Notes

CVE-2022-29155 created at 18 May 2022 19:19:51
Severity	+ Critical
Remote	+ Remote
Type	+ Sql injection
Description	+ the back-sql backend to slapd-sql did not not properly escape LDAP queries and was vulnerable to SQL injection
References	+ https://bugs.openldap.org/show_bug.cgi?id=9815
Notes

AVG-2723 created at 18 May 2022 19:10:04
Packages	+ python-waitress
Issues	+ CVE-2022-24761
Status	+ Fixed
Severity	+ High
Affected	+ 2.1.0-1
Fixed	+ 2.1.1-1
Ticket
Advisory qualified	+ No
References
Notes

CVE-2022-24761 created at 18 May 2022 19:08:36
Severity	+ High
Remote	+ Remote
Type	+ Unknown
Description	+ waitress behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 is vulnerable to request smuggling due to a disagreement between waitress and the proxy on where one request starts and where it ends.
References	+ https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0 + https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36 + https://github.com/Pylons/waitress/releases/tag/v2.1.1
Notes

CVE-2022-20803 edited at 18 May 2022 18:41:36
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ possible double-free vulnerability in the OLE2 file parser
References
Notes

CVE-2022-20796 edited at 18 May 2022 18:40:19
Severity	- Unknown + Medium
Description	+ possible NULL-pointer dereference crash in the scan verdict cache check
References
Notes

CVE-2022-20792 edited at 18 May 2022 18:37:25
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ possible multi-byte heap buffer overflow write vulnerability in the signature database load module
References
Notes

CVE-2022-20785 edited at 18 May 2022 18:34:55
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ possible memory leak in the HTML file parser / Javascript normalizer
References
Notes

CVE-2022-20771 edited at 18 May 2022 18:33:26
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ possible infinite loop vulnerability in the TIFF file parser. The issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option.
References
Notes