Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 89 |
CVE-ID | CVE-2022-21418 CVE-2022-21435 CVE-2022-21427 CVE-2022-21417 CVE-2022-21415 CVE-2022-21414 CVE-2022-21413 CVE-2022-21412 CVE-2022-21539 CVE-2022-33987 CVE-2022-21437 CVE-2022-21528 CVE-2022-21527 CVE-2022-21509 CVE-2022-21479 CVE-2022-21478 CVE-2022-21459 CVE-2022-21440 CVE-2022-21425 CVE-2022-2078 CVE-2022-21436 CVE-2022-21438 CVE-2022-40957 CVE-2022-21537 CVE-2022-21423 CVE-2022-21538 CVE-2022-21522 CVE-2022-21460 CVE-2022-21451 CVE-2022-21444 CVE-2022-21553 CVE-2022-21547 CVE-2022-21534 CVE-2022-21452 CVE-2022-21531 CVE-2022-21530 CVE-2022-21529 CVE-2022-21526 CVE-2022-21525 CVE-2022-21517 CVE-2022-21515 CVE-2022-21462 CVE-2022-21455 CVE-2021-3669 CVE-2022-21457 CVE-2022-40674 CVE-2022-40959 CVE-2022-32212 CVE-2022-29244 CVE-2021-3807 CVE-2021-33502 CVE-2020-28469 CVE-2022-2509 CVE-2022-40962 CVE-2022-40960 CVE-2022-31213 CVE-2022-3033 CVE-2022-31212 CVE-2022-38178 CVE-2022-38177 CVE-2022-3080 CVE-2022-34918 CVE-2022-2585 CVE-2022-41032 CVE-2022-32893 CVE-2022-41318 CVE-2022-25857 CVE-2022-34903 CVE-2022-32215 CVE-2022-36059 CVE-2022-3034 CVE-2022-3032 CVE-2022-40958 CVE-2022-40956 CVE-2022-28739 CVE-2022-28738 CVE-2022-21385 CVE-2022-32214 CVE-2020-7788 CVE-2022-32213 CVE-2022-21569 CVE-2022-21556 CVE-2022-21454 CVE-2022-3028 CVE-2022-21499 CVE-2022-2588 CVE-2022-2586 CVE-2022-1280 CVE-2022-21546 |
CWE-ID | CWE-20 CWE-601 CWE-119 CWE-125 CWE-400 CWE-416 CWE-254 CWE-703 CWE-200 CWE-185 CWE-415 CWE-476 CWE-401 CWE-843 CWE-399 CWE-264 CWE-787 CWE-347 CWE-444 CWE-704 CWE-94 CWE-362 CWE-284 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #56 is available. Public exploit code for vulnerability #58 is available. Public exploit code for vulnerability #62 is available. Public exploit code for vulnerability #63 is available. Vulnerability #65 is being exploited in the wild. Public exploit code for vulnerability #86 is available. Public exploit code for vulnerability #87 is available. |
Vulnerable software Subscribe |
Oracle Linux Operating systems & Components / Operating system |
Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 89 vulnerabilities.
EUVDB-ID: #VU62415
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21418
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62421
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21435
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62418
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21427
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62416
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21417
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62427
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21415
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62420
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21414
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62417
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21413
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62419
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21412
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65511
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21539
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66400
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-33987
CWE-ID:
CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to requested URLs are not verified and allow open redirection to a local UNIX socket. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62423
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21437
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65509
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21528
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65508
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21527
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65510
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21509
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62414
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21479
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Optimizer component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62413
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21478
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62412
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21459
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62411
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21440
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62410
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21425
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65642
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2078
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_set_desc_concat_parse() function in Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62422
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21436
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62424
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21438
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67504
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-40957
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to inconsistent data in instruction and data cache when creating wasm code. A remote attacker can trick the victim to open a specially crafted web page, trigger memory corruption and potentially execute arbitrary code.
Note, the vulnerability affects Firefox on ARM64 platforms only.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65513
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21537
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62434
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21423
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65526
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21538
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65524
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21522
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62430
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21460
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62428
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21451
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62429
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21444
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65520
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21553
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65514
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21547
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65523
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21534
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62425
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21452
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65519
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21531
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65518
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21530
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65517
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21529
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65516
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21526
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65515
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21525
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65512
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21517
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65521
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21515
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62426
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21462
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65522
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21455
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63911
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-3669
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62409
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21457
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67532
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-40674
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67500
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-40959
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect initialization of FeaturePolicy on all pages during iframe navigation. A remote attacker can trick the victim to open a specially crafted website, bypass FeaturePolicy restrictions and force the browser to leak device permissions into untrusted subdocuments.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65273
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32212
CWE-ID:
CWE-703 - Improper Check or Handling of Exceptional Conditions
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to IsIPAddress does not properly checks if an IP address is invalid or not. A remote unauthenticated attacker can exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66698
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-29244
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to npm pack ignores root-level .gitignore and .npmignore file exclusion
directives when run in a workspace or with a workspace flag (ie.
`--workspaces`, `--workspace=
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57967
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-3807
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63698
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-33502
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to exponential performance for data. A remote attacker can pass specially crafted data to the application and perform a regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52985
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-28469
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of user-supplied input in regular expression. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65915
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-2509
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67505
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-40962
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67501
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-40960
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error caused by a concurrent use of the URL parser with non-UTF-8 data. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67528
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-31213
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling a malformed XML config file. A local user can supply a specially crafted XML file to the service and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66919
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-3033
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way Thunderbird handles the meta
tag
having the http-equiv="refresh"
attribute in email messages when the user replies to an email. A remote attacker can send a specially crafted email to the victim and force the application to initiate requests to an external URL regardless of the configuration to block
remote content.
Combined with other HTML elements and attributes in the email, it is possible to execute arbitrary JavaScript code included into the malicious message in the context of the message compose document and read or modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67527
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-31212
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when parsing DBus service Exec line in c-uitl/c-shquote. A local user can pass specially crafted input to the service, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67550
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-38178
CWE-ID:
CWE-401 - Memory leak
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the DNSSEC verification code for the EdDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed EdDSA signature and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67549
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-38177
CWE-ID:
CWE-401 - Memory leak
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the DNSSEC verification code for the ECDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed ECDSA signature and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67548
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-3080
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when resolvers are configured to answer from stale cache with zero stale-answer-client-timeout and there is a stale CNAME in the cache for an incoming query. A remote attacker can send a specially crafted request to the DNS resolver and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65360
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-34918
CWE-ID:
CWE-843 - Access of Resource Using Incompatible Type ('Type Confusion')
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66394
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2585
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack or escalate privileges on the system.
The vulnerability exists due to improper management of internal resources in POSIX CPU timers when handling death of a process. A local user can crash the kernel or execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68170
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-41032
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the NuGet Client, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66587
Risk: Critical
CVSSv3.1:
CVE-ID: CVE-2022-32893
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67609
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-41318
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the server.
The vulnerability exists due to a boundary condition within SSPI and SMB authentication helpers. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or crash the server.
Successful exploitation of the vulnerability requires that Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67665
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-25857
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64909
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-34903
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65282
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32215
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66922
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-36059
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Matrix SDK. A remote attacker sharing a room with a victim can hide some of the rooms or spaces from users and cause minor temporary corruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66921
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-3034
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to iframe elements in an HTML email force the application to initiate network requests. A remote attacker can use an iframe to confirm that the email was read by the victim and obtain victim's IP address.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66920
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-3032
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists doe to incorrect processing of HTML emails with an iframe</code> element that uses a <code>srcdoc
attribute to define the inner HTML document. A remote attacker can trick the victim to open a specially crafted email message and bypass blocking of remote objects specified in the nested document, for example images or videos.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67502
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-40958
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect handling of cookies. A remote attacker with access to a shared subdomain can inject a cookies with certain special characters, bypass Secure Context restriction for cookies with __Host and __Secure prefix and overwrite these cookies, potentially allowing session fixation attacks.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67503
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-40956
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to some requests may ignore the CSP's base-uri settings when handling HTML base element injection. A remote attacker can force the browser to accept the injected element's base instead of the original code, leading to Content Security Policy bypass.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62081
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-28739
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a type conversion error in some convertion methods like Kernel#Float</code> and <code>String#to_f
. A remote attacker can pass specially crafted data to the affected application, trigger memory corruption and execute arbitrary code in the system.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62080
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-28738
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Regexp compilation process in Ruby. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67475
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21385
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the net_rds_alloc_sgs() function in net/rds/message.c in Linux kernel. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65278
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32214
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to llhttp parser in the http module does not strictly use the CRLF sequence to delimit HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66955
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-7788
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation when handling INI files. A remote attacker can pass a specially crafted INI file to the application and perform prototype pollution attacks.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65275
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32213
CWE-ID:
CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially-crafted request to lead to HTTP Request Smuggling to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65505
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21569
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65504
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21556
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62404
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21454
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67477
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-3028
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63961
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21499
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions to the kernel debugger when booted in secure boot environments. A local privileged user can bypass UEFI Secure Boot restrictions.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66397
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2588
CWE-ID:
CWE-415 - Double Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a double free error within the network packet scheduler implementation
in the route4_change() function in Linux kernel when removing all references to a route filter
before freeing it. A local user can run a specially crafted program to
crash the kernel or execute arbitrary code.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66396
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2586
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the netfilter subsystem implementation in Linux kernel when preventing one nft object from referencing an nft set in another nft table. A local user can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 7 - 8.6
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62358
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1280
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error within the drm_lease_held() function in drivers/gpu/drm/drm_lease.c in the Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and crash the kernel or gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 7 - 8.6
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68553
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21546
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scsi subsystem within the OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 8.6
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?