Log

CVE-2022-23648 created at 18 May 2022 19:58:43
Severity
+ Unknown
Remote
+ Unknown
Type
+ Information disclosure
Description
+ containers launched through containerd’s CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd’s CRI implementation.
References
+ https://github.com/containerd/containerd/commit/10f428dac7cec44c864e1b830a4623af27a9fc70
+ https://github.com/containerd/containerd/security/advisories/GHSA-crp2-qrr5-8pq7
+ https://github.com/containerd/containerd/releases/tag/v1.6.1
Notes
+ Workarounds: Ensure that only trusted images are used.
AVG-2724 created at 18 May 2022 19:21:13
Packages
+ openldap
Issues
+ CVE-2022-29155
Status
+ Fixed
Severity
+ Critical
Affected
+ 2.6.1-1
Fixed
+ 2.6.2-1
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2022-29155 created at 18 May 2022 19:19:51
Severity
+ Critical
Remote
+ Remote
Type
+ Sql injection
Description
+ the back-sql backend to slapd-sql did not not properly escape LDAP queries and was vulnerable to SQL injection
References
+ https://bugs.openldap.org/show_bug.cgi?id=9815
Notes
AVG-2723 created at 18 May 2022 19:10:04
Packages
+ python-waitress
Issues
+ CVE-2022-24761
Status
+ Fixed
Severity
+ High
Affected
+ 2.1.0-1
Fixed
+ 2.1.1-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2022-24761 created at 18 May 2022 19:08:36
Severity
+ High
Remote
+ Remote
Type
+ Unknown
Description
+ waitress behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 is vulnerable to request smuggling due to a disagreement between waitress and the proxy on where one request starts and where it ends.
References
+ https://github.com/Pylons/waitress/commit/9e0b8c801e4d505c2ffc91b891af4ba48af715e0
+ https://github.com/Pylons/waitress/security/advisories/GHSA-4f7p-27jc-3c36
+ https://github.com/Pylons/waitress/releases/tag/v2.1.1
Notes
CVE-2022-20803 edited at 18 May 2022 18:41:36
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ possible double-free vulnerability in the OLE2 file parser
References
Notes
CVE-2022-20796 edited at 18 May 2022 18:40:19
Severity
- Unknown
+ Medium
Description
+ possible NULL-pointer dereference crash in the scan verdict cache check
References
Notes
CVE-2022-20792 edited at 18 May 2022 18:37:25
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary code execution
Description
+ possible multi-byte heap buffer overflow write vulnerability in the signature database load module
References
Notes
CVE-2022-20785 edited at 18 May 2022 18:34:55
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ possible memory leak in the HTML file parser / Javascript normalizer
References
Notes
CVE-2022-20771 edited at 18 May 2022 18:33:26
Severity
- Unknown
+ High
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ possible infinite loop vulnerability in the TIFF file parser. The issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option.
References
Notes