Filtered by CWE-459
Filtered by vendor Subscriptions
Total 158 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-36123 2 Linux, Netapp 11 Linux Kernel, H300s, H300s Firmware and 8 more 2024-11-21 7.8 High
The Linux kernel before 5.18.13 lacks a certain clear operation for the block starting symbol (.bss). This allows Xen PV guest OS users to cause a denial of service or gain privileges.
CVE-2022-33743 4 Debian, Linux, Redhat and 1 more 4 Debian Linux, Linux Kernel, Enterprise Linux and 1 more 2024-11-21 7.8 High
network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed.
CVE-2022-2307 1 Gitlab 1 Gitlab 2024-11-21 3.5 Low
A lack of cascading deletes in GitLab CE/EE affecting all versions starting from 13.0 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1 allows a malicious Group Owner to retain a usable Group Access Token even after the Group is deleted, though the APIs usable by that token are limited.
CVE-2022-29160 1 Nextcloud 1 Nextcloud 2024-11-21 2.8 Low
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.
CVE-2022-28764 1 Zoom 3 Meetings, Rooms, Vdi Windows Meeting Clients 2024-11-21 3.3 Low
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
CVE-2022-27639 1 Intel 2 Xmm 7560, Xmm 7560 Firmware 2024-11-21 5.4 Medium
Incomplete cleanup in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01.2146.00 may allow a privileged user to potentially enable escalation of privilege via adjacent access.
CVE-2022-26074 1 Intel 1 Server Platform Services Firmware 2024-11-21 4.4 Medium
Incomplete cleanup in a firmware subsystem for Intel(R) SPS before versions SPS_E3_04.08.04.330.0 and SPS_E3_04.01.04.530.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2022-25664 1 Qualcomm 220 Apq8009, Apq8009 Firmware, Apq8052 and 217 more 2024-11-21 6.2 Medium
Information disclosure due to exposure of information while GPU reads the data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-23035 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 4.6 Medium
Insufficient cleanup of passed-through device IRQs The management of IRQs associated with physical devices exposed to x86 HVM guests involves an iterative operation in particular when cleaning up after the guest's use of the device. In the case where an interrupt is not quiescent yet at the time this cleanup gets invoked, the cleanup attempt may be scheduled to be retried. When multiple interrupts are involved, this scheduling of a retry may get erroneously skipped. At the same time pointers may get cleared (resulting in a de-reference of NULL) and freed (resulting in a use-after-free), while other code would continue to assume them to be valid.
CVE-2022-21166 6 Debian, Fedoraproject, Intel and 3 more 14 Debian Linux, Fedora, Sgx Dcap and 11 more 2024-11-21 5.5 Medium
Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21127 3 Debian, Intel, Xen 5 Debian Linux, Sgx Dcap, Sgx Psw and 2 more 2024-11-21 5.5 Medium
Incomplete cleanup in specific special register read operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21125 6 Debian, Fedoraproject, Intel and 3 more 14 Debian Linux, Fedora, Sgx Dcap and 11 more 2024-11-21 5.5 Medium
Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-21123 6 Debian, Fedoraproject, Intel and 3 more 14 Debian Linux, Fedora, Sgx Dcap and 11 more 2024-11-21 5.5 Medium
Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2022-1552 2 Postgresql, Redhat 5 Postgresql, Enterprise Linux, Rhel E4s and 2 more 2024-11-21 8.8 High
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
CVE-2022-1473 3 Netapp, Openssl, Redhat 44 A250, A250 Firmware, A700s and 41 more 2024-11-21 7.5 High
The OPENSSL_LH_flush() function, which empties a hash table, contains a bug that breaks reuse of the memory occuppied by the removed hash table entries. This function is used when decoding certificates or keys. If a long lived process periodically decodes certificates or keys its memory usage will expand without bounds and the process might be terminated by the operating system causing a denial of service. Also traversing the empty hash table entries will take increasingly more time. Typically such long lived processes might be TLS clients or TLS servers configured to accept client certificate authentication. The function was added in the OpenSSL 3.0 version thus older releases are not affected by the issue. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2).
CVE-2022-0742 2 Linux, Netapp 27 Linux Kernel, A400, A400 Firmware and 24 more 2024-11-21 9.1 Critical
Memory leak in icmp6 implementation in Linux Kernel 5.13+ allows a remote attacker to DoS a host by making it go out-of-memory via icmp6 packets of type 130 or 131. We recommend upgrading past commit 2d3916f3189172d5c69d33065c3c21119fe539fc.
CVE-2022-0646 2 Linux, Netapp 17 Linux Kernel, H300e, H300e Firmware and 14 more 2024-11-21 7.8 High
A flaw use after free in the Linux kernel Management Component Transport Protocol (MCTP) subsystem was found in the way user triggers cancel_work_sync after the unregister_netdev during removing device. A local user could use this flaw to crash the system or escalate their privileges on the system. It is actual from Linux Kernel 5.17-rc1 (when mctp-serial.c introduced) till 5.17-rc5.
CVE-2022-0396 5 Fedoraproject, Isc, Netapp and 2 more 20 Fedora, Bind, H300e and 17 more 2024-11-21 5.3 Medium
BIND 9.16.11 -> 9.16.26, 9.17.0 -> 9.18.0 and versions 9.16.11-S1 -> 9.16.26-S1 of the BIND Supported Preview Edition. Specifically crafted TCP streams can cause connections to BIND to remain in CLOSE_WAIT status for an indefinite period of time, even after the client has terminated the connection.
CVE-2022-0171 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
A flaw was found in the Linux kernel. The existing KVM SEV API has a vulnerability that allows a non-root (host) user-level application to crash the host kernel by creating a confidential guest VM instance in AMD CPU that supports Secure Encrypted Virtualization (SEV).
CVE-2021-4032 1 Linux 1 Linux Kernel 2024-11-21 4.4 Medium
A vulnerability was found in the Linux kernel's KVM subsystem in arch/x86/kvm/lapic.c kvm_free_lapic when a failure allocation was detected. In this flaw the KVM subsystem may crash the kernel due to mishandling of memory errors that happens during VCPU construction, which allows an attacker with special user privilege to cause a denial of service. This flaw affects kernel versions prior to 5.15 rc7.