CVE-2022-33023 CWE-276 Reference url : https://github.com/openhwgroup/cva6/issues/885 Reference name : https://github.com/openhwgroup/cva6/issues/885 Reference source : MISC Reference tags : Issue Tracking Reference lang :en Reference description : CVA6 commit 909d85a gives incorrect permission to use special multiplication units when the format of instructions is wrong.
CVE-2022-33035 CWE-427 Reference url : https://github.com/ycdxsb/Vuln/blob/main/Xlpd-Unquoted-Service-Path/XLpd-Unquoted-Service-Path.md Reference name : https://github.com/ycdxsb/Vuln/blob/main/Xlpd-Unquoted-Service-Path/XLpd-Unquoted-Service-Path.md Reference source : MISC Reference tags : Exploit Reference lang :en Reference description : XLPD v7.0.0094 and below contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.
CVE-2022-31129 CWE-400 Reference url : https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 Reference name : https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 Reference source : MISC Reference tags : Reference lang :en Reference description : moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
CVE-2022-31129 CWE-400 Reference url : https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 Reference name : https://github.com/moment/moment/commit/9a3b5894f3d5d602948ac8a02e4ee528a49ca3a3 Reference source : MISC Reference tags : Reference lang :en Reference description : moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input.
CVE-2021-41037 Reference url : https://bugs.eclipse.org/bugs/show_bug.cgi?id=577029 Reference name : https://bugs.eclipse.org/bugs/show_bug.cgi?id=577029 Reference source : CONFIRM Reference tags : Reference lang :en Reference description : In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, its possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source.
CVE-2021-41037 Reference url : https://bugs.eclipse.org/bugs/show_bug.cgi?id=577029 Reference name : https://bugs.eclipse.org/bugs/show_bug.cgi?id=577029 Reference source : CONFIRM Reference tags : Reference lang :en Reference description : In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the local machine via touchpoints during installation. Those touchpoints can, for example, alter the command-line used to start the application, injecting things like agent or other settings that usually require particular attention in term of security. Although p2 has built-in strategies to ensure artifacts are signed and then to help establish trust, there is no such strategy for the metadata part that does configure such touchpoints. As a result, its possible to install a unit that will run malicious code during installation without user receiving any warning about this installation step being risky when coming from untrusted source.
CVE-2022-31052 CWE-674 Reference url : https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32 Reference name : https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32 Reference source : CONFIRM Reference tags : Reference lang :en Reference description : Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local users client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.
CVE-2022-31052 CWE-674 Reference url : https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32 Reference name : https://github.com/matrix-org/synapse/security/advisories/GHSA-22p3-qrh9-cx32 Reference source : CONFIRM Reference tags : Reference lang :en Reference description : Synapse is an open source home server implementation for the Matrix chat network. In versions prior to 1.61.1 URL previews of some web pages can exhaust the available stack space for the Synapse process due to unbounded recursion. This is sometimes recoverable and leads to an error for the request causing the problem, but in other cases the Synapse process may crash altogether. It is possible to exploit this maliciously, either by malicious users on the homeserver, or by remote users sending URLs that a local users client may automatically request a URL preview for. Remote users are not able to exploit this directly, because the URL preview endpoint is authenticated. Deployments with `url_preview_enabled: false` set in configuration are not affected. Deployments with `url_preview_enabled: true` set in configuration **are** affected. Deployments with no configuration value set for `url_preview_enabled` are not affected, because the default is `false`. Administrators of homeservers with URL previews enabled are advised to upgrade to v1.61.1 or higher. Users unable to upgrade should set `url_preview_enabled` to false.
CVE-2015-20107 CWE-77 Reference url : https://github.com/python/cpython/issues/68966 Reference name : https://github.com/python/cpython/issues/68966 Reference source : MISC Reference tags : Issue Tracking Reference lang :en Reference description : In Python (aka CPython) through 3.10.4, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments).
CVE-2022-34495 CWE-415 Reference url : https://github.com/torvalds/linux/commit/c2eecefec5df1306eafce28ccdf1ca159a552ecc Reference name : https://github.com/torvalds/linux/commit/c2eecefec5df1306eafce28ccdf1ca159a552ecc Reference source : MISC Reference tags : Patch Reference lang :en Reference description : rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c in the Linux kernel before 5.18.4 has a double free.
