Multiple vulnerabilities in Oracle Linux

1) Improper input validation

EUVDB-ID: #VU62415

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21418

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Improper input validation

EUVDB-ID: #VU62421

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21435

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Improper input validation

EUVDB-ID: #VU62418

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21427

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Improper input validation

EUVDB-ID: #VU62416

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21417

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Improper input validation

EUVDB-ID: #VU62427

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21415

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Improper input validation

EUVDB-ID: #VU62420

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21414

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Improper input validation

EUVDB-ID: #VU62417

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21413

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Improper input validation

EUVDB-ID: #VU62419

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21412

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Improper input validation

EUVDB-ID: #VU65511

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21539

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to read and manipulate data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Open redirect

EUVDB-ID: #VU66400

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-33987

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to requested URLs are not verified and allow open redirection to a local UNIX socket. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Improper input validation

EUVDB-ID: #VU62423

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21437

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Improper input validation

EUVDB-ID: #VU65509

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21528

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Improper input validation

EUVDB-ID: #VU65508

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21527

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Improper input validation

EUVDB-ID: #VU65510

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21509

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Input validation error

EUVDB-ID: #VU62414

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21479

CWE-ID:

Exploit availability:

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the Optimizer component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Improper input validation

EUVDB-ID: #VU62413

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21478

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Improper input validation

EUVDB-ID: #VU62412

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21459

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Improper input validation

EUVDB-ID: #VU62411

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21440

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Improper input validation

EUVDB-ID: #VU62410

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21425

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Buffer overflow

EUVDB-ID: #VU65642

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2078

CWE-ID:

Exploit availability:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nft_set_desc_concat_parse() function in Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Improper input validation

EUVDB-ID: #VU62422

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21436

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Improper input validation

EUVDB-ID: #VU62424

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21438

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Input validation error

EUVDB-ID: #VU67504

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40957

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to inconsistent data in instruction and data cache when creating wasm code. A remote attacker can trick the victim to open a specially crafted web page, trigger memory corruption and potentially execute arbitrary code.

Note, the vulnerability affects Firefox on ARM64 platforms only.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Improper input validation

EUVDB-ID: #VU65513

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21537

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Improper input validation

EUVDB-ID: #VU62434

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21423

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform service disruption.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Improper input validation

EUVDB-ID: #VU65526

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21538

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to perform service disruption.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Improper input validation

EUVDB-ID: #VU65524

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21522

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Improper input validation

EUVDB-ID: #VU62430

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21460

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Improper input validation

EUVDB-ID: #VU62428

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21451

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Improper input validation

EUVDB-ID: #VU62429

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21444

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Improper input validation

EUVDB-ID: #VU65520

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21553

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Improper input validation

EUVDB-ID: #VU65514

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21547

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Improper input validation

EUVDB-ID: #VU65523

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21534

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Improper input validation

EUVDB-ID: #VU62425

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21452

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) Improper input validation

EUVDB-ID: #VU65519

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21531

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Improper input validation

EUVDB-ID: #VU65518

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21530

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

37) Improper input validation

EUVDB-ID: #VU65517

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21529

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

38) Improper input validation

EUVDB-ID: #VU65516

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21526

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

39) Improper input validation

EUVDB-ID: #VU65515

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21525

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

40) Improper input validation

EUVDB-ID: #VU65512

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21517

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

41) Improper input validation

EUVDB-ID: #VU65521

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21515

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

42) Improper input validation

EUVDB-ID: #VU62426

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21462

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

43) Improper input validation

EUVDB-ID: #VU65522

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21455

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

44) Resource exhaustion

EUVDB-ID: #VU63911

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-3669

CWE-ID:

Exploit availability:

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

45) Improper input validation

EUVDB-ID: #VU62409

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21457

CWE-ID:

Exploit availability:

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

46) Use-after-free

EUVDB-ID: #VU67532

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40674

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Linux: 7.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

47) Security features bypass

EUVDB-ID: #VU67500

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40959

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect initialization of FeaturePolicy on all pages during iframe navigation. A remote attacker can trick the victim to open a specially crafted website, bypass FeaturePolicy restrictions and force the browser to leak device permissions into untrusted subdocuments.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

48) Improper Check or Handling of Exceptional Conditions

EUVDB-ID: #VU65273

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32212

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to IsIPAddress does not properly checks if an IP address is invalid or not. A remote unauthenticated attacker can exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

49) Information disclosure

EUVDB-ID: #VU66698

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-29244

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=`). Anyone who has run `npm pack` or `npm publish` inside a workspace, may be affected and have published files into the npm registry they did not intend to include.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

50) Input validation error

EUVDB-ID: #VU57967

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-3807

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

51) Incorrect Regular Expression

EUVDB-ID: #VU63698

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33502

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to exponential performance for data. A remote attacker can pass specially crafted data to the application and perform a regular expression denial of service (ReDos) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

52) Incorrect Regular Expression

EUVDB-ID: #VU52985

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-28469

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of user-supplied input in regular expression. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

53) Double Free

EUVDB-ID: #VU65915

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-2509

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

54) Buffer overflow

EUVDB-ID: #VU67505

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40962

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

55) Use-after-free

EUVDB-ID: #VU67501

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-40960

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error caused by a concurrent use of the URL parser with non-UTF-8 data. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

56) NULL pointer dereference

EUVDB-ID: #VU67528

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-31213

CWE-ID:

Exploit availability:

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when handling a malformed XML config file. A local user can supply a specially crafted XML file to the service and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

57) Information disclosure

EUVDB-ID: #VU66919

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-3033

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the way Thunderbird handles the meta tag having the http-equiv="refresh" attribute in email messages when the user replies to an email. A remote attacker can send a specially crafted email to the victim and force the application to initiate requests to an external URL regardless of the configuration to block remote content.

Combined with other HTML elements and attributes in the email, it is possible to execute arbitrary JavaScript code included into the malicious message in the context of the message compose document and read or modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

58) Out-of-bounds read

EUVDB-ID: #VU67527

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-31212

CWE-ID:

Exploit availability:

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when parsing DBus service Exec line in c-uitl/c-shquote. A local user can pass specially crafted input to the service, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

59) Memory leak

EUVDB-ID: #VU67550

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-38178

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the DNSSEC verification code for the EdDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed EdDSA signature and perform denial of service attack.

Install update from vendor's website.

Oracle Linux: 7.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

60) Memory leak

EUVDB-ID: #VU67549

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-38177

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the DNSSEC verification code for the ECDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed ECDSA signature and perform denial of service attack.

Install update from vendor's website.

Oracle Linux: 7.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

61) Input validation error

EUVDB-ID: #VU67548

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-3080

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an error when resolvers are configured to answer from stale cache with zero stale-answer-client-timeout and there is a stale CNAME in the cache for an incoming query. A remote attacker can send a specially crafted request to the DNS resolver and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

62) Type Confusion

EUVDB-ID: #VU65360

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-34918

CWE-ID:

Exploit availability:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

63) Resource management error

EUVDB-ID: #VU66394

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2585

CWE-ID:

Exploit availability:

The vulnerability allows a local user to perform a denial of service (DoS) attack or escalate privileges on the system.

The vulnerability exists due to improper management of internal resources in POSIX CPU timers when handling death of a process. A local user can crash the kernel or execute arbitrary code.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

64) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU68170

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-41032

CWE-ID:

Exploit availability:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions in the NuGet Client, which leads to security restrictions bypass and privilege escalation.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

65) Out-of-bounds write

EUVDB-ID: #VU66587

Risk: Critical

CVSSv3.1:

CVE-ID: CVE-2022-32893

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.

Note, the vulnerability is being actively exploited in the wild.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

66) Out-of-bounds read

EUVDB-ID: #VU67609

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-41318

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the server.

The vulnerability exists due to a boundary condition within SSPI and SMB authentication helpers. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or crash the server.

Successful exploitation of the vulnerability requires that Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers.

Install update from vendor's website.

Oracle Linux: 7.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

67) Resource exhaustion

EUVDB-ID: #VU67665

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-25857

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when handling YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

68) Improper Verification of Cryptographic Signature

EUVDB-ID: #VU64909

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-34903

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform spoofing attack.

The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

69) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU65282

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32215

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

70) Input validation error

EUVDB-ID: #VU66922

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-36059

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in Matrix SDK. A remote attacker sharing a room with a victim can hide some of the rooms or spaces from users and cause minor temporary corruption.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

71) Security features bypass

EUVDB-ID: #VU66921

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-3034

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to iframe elements in an HTML email force the application to initiate network requests. A remote attacker can use an iframe to confirm that the email was read by the victim and obtain victim's IP address.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

72) Security features bypass

EUVDB-ID: #VU66920

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-3032

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists doe to incorrect processing of HTML emails with an iframe</code> element that uses a <code>srcdoc attribute to define the inner HTML document. A remote attacker can trick the victim to open a specially crafted email message and bypass blocking of remote objects specified in the nested document, for example images or videos.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

73) Security features bypass

EUVDB-ID: #VU67502

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40958

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to incorrect handling of cookies. A remote attacker with access to a shared subdomain can inject a cookies with certain special characters, bypass Secure Context restriction for cookies with __Host and __Secure prefix and overwrite these cookies, potentially allowing session fixation attacks. 

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

74) Security features bypass

EUVDB-ID: #VU67503

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-40956

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to some requests may ignore the CSP's base-uri settings when handling HTML base element injection. A remote attacker can force the browser to accept the injected element's base instead of the original code, leading to Content Security Policy bypass.

Install update from vendor's website.

Oracle Linux: 8.0 - 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

75) Type conversion

EUVDB-ID: #VU62081

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-28739

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a type conversion error in some convertion methods like Kernel#Float</code> and <code>String#to_f. A remote attacker can pass specially crafted data to the affected application, trigger memory corruption and execute arbitrary code in the system.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

76) Double Free

EUVDB-ID: #VU62080

Risk: High

CVSSv3.1:

CVE-ID: CVE-2022-28738

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Regexp compilation process in Ruby. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

77) Input validation error

EUVDB-ID: #VU67475

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21385

CWE-ID:

Exploit availability:

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input within the net_rds_alloc_sgs() function in net/rds/message.c in Linux kernel. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

78) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU65278

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32214

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to llhttp parser in the http module does not strictly use the CRLF sequence to delimit HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.

Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

79) Prototype pollution

EUVDB-ID: #VU66955

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7788

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to execute arbitrary code.

The vulnerability exists due to improper input validation when handling INI files. A remote attacker can pass a specially crafted INI file to the application and perform prototype pollution attacks.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

80) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU65275

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-32213

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.

The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially-crafted request to lead to HTTP Request Smuggling to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

81) Improper input validation

EUVDB-ID: #VU65505

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21569

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

82) Improper input validation

EUVDB-ID: #VU65504

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21556

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

83) Improper input validation

EUVDB-ID: #VU62404

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21454

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

84) Race condition

EUVDB-ID: #VU67477

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-3028

CWE-ID:

Exploit availability:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

85) Improper access control

EUVDB-ID: #VU63961

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-21499

CWE-ID:

Exploit availability:

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to improper access restrictions to the kernel debugger when booted in secure boot environments. A local privileged user can bypass UEFI Secure Boot restrictions.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

86) Double Free

EUVDB-ID: #VU66397

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2588

CWE-ID:

Exploit availability:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free error within the network packet scheduler implementation in the route4_change() function in Linux kernel when removing all references to a route filter before freeing it. A local user can run a specially crafted program to crash the kernel or execute arbitrary code.

Install update from vendor's website.

Oracle Linux: 9.0

• cpe:2.3:o:oracle:oracle_linux:9.0:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

87) Use-after-free

EUVDB-ID: #VU66396

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-2586

CWE-ID:

Exploit availability:

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the the netfilter subsystem implementation in Linux kernel when preventing one nft object from referencing an nft set in another nft table. A local user can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.

Install update from vendor's website.

Oracle Linux: 7 - 8.6

• cpe:2.3:o:oracle:oracle_linux:8.6:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

88) Use-after-free

EUVDB-ID: #VU62358

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2022-1280

CWE-ID:

Exploit availability:

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error within the drm_lease_held() function in drivers/gpu/drm/drm_lease.c in the Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and crash the kernel or gain access to sensitive information.

Install update from vendor's website.

Oracle Linux: 7 - 8.6

• cpe:2.3:o:oracle:oracle_linux:8.6:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

89) Buffer overflow

EUVDB-ID: #VU68553

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2022-21546

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the scsi subsystem within the OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Linux: 7.0 - 8.6

• cpe:2.3:o:oracle:oracle_linux:8.6:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

90) OS Command Injection

EUVDB-ID: #VU64573

Risk: High

CVSSv3.1:

CVE-ID: CVE-2015-20107

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the mailcap module, which does not escape characters into commands discovered in the system mailcap file. A remote unauthenticated attacker can pass specially crafted data to the applications that call mailcap.findmatch with untrusted input and execute arbitrary OS commands on the target system.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

91) Cross-site scripting

EUVDB-ID: #VU66123

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2016-3709

CWE-ID:

Exploit availability:

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

92) Prototype pollution

EUVDB-ID: #VU18092

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-11358

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to prototype pollution. A remote attacker can trick the extend function can into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that will then exist on all objects and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

93) Out-of-bounds write

EUVDB-ID: #VU45872

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-0256

CWE-ID:

Exploit availability:

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

94) Type conversion

EUVDB-ID: #VU67760

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-10735

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a type confusion in algorithms with quadratic time complexity when using non-binary bases within the int() call. A remote attacker can pass specially crafted data to the affected application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

95) Division by zero

EUVDB-ID: #VU69350

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-23903

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a division by zero error when handling .wav files. A remote attacker can trick the victim into opening a specially crafted .wav file and crash the application.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

96) Improper Validation of Array Index

EUVDB-ID: #VU68779

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-28851,CVE-2020-28852

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper validation of array index in language.ParseAcceptLanguage while processing a BCP 47 tag. A remote attacker can send a specially crafted HTTP request containing a malformed HTTP Accept-Language header and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

97) Deserialization of Untrusted Data

EUVDB-ID: #VU48669

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-28948

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insecure input validation when processing serialized data, related to case sensitivity issues (e.g. "phar:" protocol is blocked, however  "PHAR:" is not). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

98) Input validation error

EUVDB-ID: #VU48668

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-28949

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper sanitization of the user-supplied input when processing URI handlers in filenames. A remote attacker can pass the "file://" string in the filename and overwrite arbitrary files on the system.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

99) NULL pointer dereference

EUVDB-ID: #VU67411

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-35525

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the INTERSEC query processing. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

100) Out-of-bounds read

EUVDB-ID: #VU67412

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-35527

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition when handling ALTER TABLE for views that have a nested FROM clause. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

101) UNIX symbolic link following

EUVDB-ID: #VU49907

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-36193

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to a symlink following issue in tar.php file in Archive_Tar. A remote attacker can pass specially crafted archive to the application and force the application to overwrite arbitrary files on the system using directory traversal sequences.

Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

102) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU66811

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-36516

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) or MitM attacks.

The vulnerability exists due to an error in the mixed IPID assignment method with the hash-based IPID assignment policy in Linux kernel. A remote attacker can inject data into a victim's TCP session or terminate that session.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

103) NULL pointer dereference

EUVDB-ID: #VU66589

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-36558

CWE-ID:

Exploit availability:

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 5.5.7 involving a VT_RESIZEX. A local user can perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

104) Out-of-bounds write

EUVDB-ID: #VU49882

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-0308

CWE-ID:

Exploit availability:

The vulnerability allows a local authenticated user to execute arbitrary code.

In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

105) Out-of-bounds read

EUVDB-ID: #VU69342

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-0561

CWE-ID:

Exploit availability:

The vulnerability allows a local application to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the append_to_verify_fifo_interleaved_ in stream_encoder.c in Media Framework. A local application can trigger an out-of-bounds read error and read contents of memory on the system.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

106) Origin validation error

EUVDB-ID: #VU50275

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-20199

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to bypass security restrictions.

The vulnerability exists due to missing authentication when connecting from all sources. A remote attacker can send a specially crafted request and bypass access restrictions to containerized applications.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

107) Improper locking

EUVDB-ID: #VU62797

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-20291

CWE-ID:

Exploit availability:

The vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.

The vulnerability exists due to double-locking error. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

108) Input validation error

EUVDB-ID: #VU58331

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-21707

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to inject arbitrary XML code.

The vulnerability exists due to insufficient validation of user-supplied input within the simplexml_load_file() PHP function when processing NULL byte character (e.g. %00). A remote attacker can pass specially crafted URL to the application and bypass implemented security restrictions.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

109) Use-after-free

EUVDB-ID: #VU60707

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-21708

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the "php_filter_float()" function. A remote attacker can pass specially crafted input to the application that uses the affected PHP function, trigger a use-after-free error and crash the php-fpm process.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

110) Improper input validation

EUVDB-ID: #VU62403

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-22570

CWE-ID:

Exploit availability:

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Compiling (protobuf) component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

111) Cross-site scripting

EUVDB-ID: #VU66868

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-23648

CWE-ID:

Exploit availability:

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in sanitizeUrl() function. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

112) Improper input validation

EUVDB-ID: #VU57516

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-2478

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

113) Improper input validation

EUVDB-ID: #VU57517

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-2479

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

114) Improper input validation

EUVDB-ID: #VU57503

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-2481

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

115) Reliance on Reverse DNS Resolution for a Security-Critical Action

EUVDB-ID: #VU61422

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-25220

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to poison DNS cache.

The vulnerability exists due to an error in DNS forwarder implementation. When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. The cache could become poisoned with incorrect records leading to queries being made to the wrong servers, which might also result in false information being returned to clients.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

116) Improper certificate validation

EUVDB-ID: #VU60762

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-25636

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a spoofing attack.

The vulnerability exists due to improper certificate validation when processing digital signatures of ODF documents. A remote attacker can modify the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag[1], which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

117) Open redirect

EUVDB-ID: #VU67591

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-28861

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data in lib/http/server.py due to missing protection against multiple (/) at the beginning of URI path. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

118) Memory leak

EUVDB-ID: #VU68552

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-30002

CWE-ID:

Exploit availability:

The vulnerability allows a local user to perform DoS attack on the target system.

The vulnerability exists due memory leak within the webcam support driver in video_usercopy() function in drivers/media/v4l2-core/v4l2-ioctl.c in Linux kernel. A local user can trigger leak memory and perform denial of service attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

119) Link following

EUVDB-ID: #VU55101

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-32610

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to the application does not check if the file in the archive is a symbolic link when extracting it. A remote attacker can pass a specially crafted file to the application and overwrite arbitrary files on the system. Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

120) Cross-site scripting

EUVDB-ID: #VU56022

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33195

CWE-ID:

Exploit availability:

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of data passed from DNS lookups. A remote attacker can send a specially crafted DNS reqponse and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

121) Missing Authorization

EUVDB-ID: #VU56023

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33197

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to bypass authorization process.

The vulnerability exists due to an error in some configurations of ReverseProxy (from net/http/httputil). A remote attacker can drop arbitrary headers and bypass authorization process. 

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

122) Resource management error

EUVDB-ID: #VU56024

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-33198

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources within the application when handling a large exponent to the math/big.Rat SetString or UnmarshalText method.  A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

123) Improper Certificate Validation

EUVDB-ID: #VU55665

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-34558

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper certificate verification in crypto/tls package in Go when processing X.509 certificates. The application does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

124) Use-after-free

EUVDB-ID: #VU69294

Risk: High

CVSSv3.1:

CVE-ID: CVE-2021-3497

CWE-ID:

Exploit availability:

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when demuxing certain malformed Matroska files. A remote attacker can trick the victim into opening a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

125) Heap-based buffer overflow

EUVDB-ID: #VU64569

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-3507

CWE-ID:

Exploit availability:

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the fdctrl_transfer_handler() function in hw/block/fdc.c while processing DMA read data transfers from the floppy drive to the guest system. A remote privileged user on the guest OS can trigger a heap-based buffer overflow and crash the QEMU process on the host OS.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

126) Improper input validation

EUVDB-ID: #VU57541

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35546

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

127) Improper input validation

EUVDB-ID: #VU57527

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35575

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

128) Improper input validation

EUVDB-ID: #VU57515

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35577

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

129) Improper input validation

EUVDB-ID: #VU57519

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35591

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

130) Improper input validation

EUVDB-ID: #VU57520

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35596

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Error Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

131) Improper input validation

EUVDB-ID: #VU57501

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35597

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

132) Improper input validation

EUVDB-ID: #VU57514

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35602

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

133) Improper input validation

EUVDB-ID: #VU57511

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35604

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

134) Improper input validation

EUVDB-ID: #VU57502

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35607

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

135) Improper input validation

EUVDB-ID: #VU57513

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35608

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

136) Improper input validation

EUVDB-ID: #VU57500

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35610

CWE-ID:

Exploit availability:

The vulnerability allows a remote authenticated user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

137) Improper input validation

EUVDB-ID: #VU57512

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35612

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to damange or delete data.

The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

138) Improper input validation

EUVDB-ID: #VU57542

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35622

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.

The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

139) Improper input validation

EUVDB-ID: #VU57551

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-35623

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Roles component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

140) Improper input validation

EUVDB-ID: #VU57543

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-35624

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to manipulate data.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

141) Improper input validation

EUVDB-ID: #VU57550

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-35625

CWE-ID:

Exploit availability:

The vulnerability allows a remote privileged user to gain access to sensitive information.

The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.

Install update from vendor's website.

Oracle Linux: All versions

• cpe:2.3:o:oracle:oracle_linux:*:*:*:*:*:*:*:*

http://www.oracle.com/security-alerts/linuxbulletinoct2022.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

142) Improper input validation

EUVDB-ID: #VU57523