Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 405 |
CVE-ID | CVE-2022-21418 CVE-2022-21435 CVE-2022-21427 CVE-2022-21417 CVE-2022-21415 CVE-2022-21414 CVE-2022-21413 CVE-2022-21412 CVE-2022-21539 CVE-2022-33987 CVE-2022-21437 CVE-2022-21528 CVE-2022-21527 CVE-2022-21509 CVE-2022-21479 CVE-2022-21478 CVE-2022-21459 CVE-2022-21440 CVE-2022-21425 CVE-2022-2078 CVE-2022-21436 CVE-2022-21438 CVE-2022-40957 CVE-2022-21537 CVE-2022-21423 CVE-2022-21538 CVE-2022-21522 CVE-2022-21460 CVE-2022-21451 CVE-2022-21444 CVE-2022-21553 CVE-2022-21547 CVE-2022-21534 CVE-2022-21452 CVE-2022-21531 CVE-2022-21530 CVE-2022-21529 CVE-2022-21526 CVE-2022-21525 CVE-2022-21517 CVE-2022-21515 CVE-2022-21462 CVE-2022-21455 CVE-2021-3669 CVE-2022-21457 CVE-2022-40674 CVE-2022-40959 CVE-2022-32212 CVE-2022-29244 CVE-2021-3807 CVE-2021-33502 CVE-2020-28469 CVE-2022-2509 CVE-2022-40962 CVE-2022-40960 CVE-2022-31213 CVE-2022-3033 CVE-2022-31212 CVE-2022-38178 CVE-2022-38177 CVE-2022-3080 CVE-2022-34918 CVE-2022-2585 CVE-2022-41032 CVE-2022-32893 CVE-2022-41318 CVE-2022-25857 CVE-2022-34903 CVE-2022-32215 CVE-2022-36059 CVE-2022-3034 CVE-2022-3032 CVE-2022-40958 CVE-2022-40956 CVE-2022-28739 CVE-2022-28738 CVE-2022-21385 CVE-2022-32214 CVE-2020-7788 CVE-2022-32213 CVE-2022-21569 CVE-2022-21556 CVE-2022-21454 CVE-2022-3028 CVE-2022-21499 CVE-2022-2588 CVE-2022-2586 CVE-2022-1280 CVE-2022-21546 CVE-2015-20107 CVE-2016-3709 CVE-2019-11358 CVE-2020-0256 CVE-2020-10735 CVE-2020-23903 CVE-2020-28851 CVE-2020-28852 CVE-2020-28948 CVE-2020-28949 CVE-2020-35525 CVE-2020-35527 CVE-2020-36193 CVE-2020-36516 CVE-2020-36558 CVE-2021-0308 CVE-2021-0561 CVE-2021-20199 CVE-2021-20291 CVE-2021-21707 CVE-2021-21708 CVE-2021-22570 CVE-2021-23648 CVE-2021-2478 CVE-2021-2479 CVE-2021-2481 CVE-2021-25220 CVE-2021-25636 CVE-2021-28861 CVE-2021-30002 CVE-2021-32610 CVE-2021-33195 CVE-2021-33197 CVE-2021-33198 CVE-2021-34558 CVE-2021-3497 CVE-2021-3507 CVE-2021-35546 CVE-2021-35575 CVE-2021-35577 CVE-2021-35591 CVE-2021-35596 CVE-2021-35597 CVE-2021-35602 CVE-2021-35604 CVE-2021-35607 CVE-2021-35608 CVE-2021-35610 CVE-2021-35612 CVE-2021-35622 CVE-2021-35623 CVE-2021-35624 CVE-2021-35625 CVE-2021-35626 CVE-2021-35627 CVE-2021-35628 CVE-2021-35630 CVE-2021-35631 CVE-2021-35632 CVE-2021-35633 CVE-2021-35634 CVE-2021-35635 CVE-2021-35636 CVE-2021-35637 CVE-2021-35638 CVE-2021-35639 CVE-2021-35640 CVE-2021-35641 CVE-2021-35642 CVE-2021-35643 CVE-2021-35644 CVE-2021-35645 CVE-2021-35646 CVE-2021-35647 CVE-2021-35648 CVE-2021-3611 CVE-2021-36221 CVE-2021-3631 CVE-2021-3640 CVE-2021-3750 CVE-2021-3839 CVE-2021-4024 CVE-2021-4048 CVE-2021-41190 CVE-2021-4158 CVE-2021-44269 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2021-44906 CVE-2021-46143 CVE-2021-46828 CVE-2022-0168 CVE-2022-0216 CVE-2022-0396 CVE-2022-0494 CVE-2022-0561 CVE-2022-0562 CVE-2022-0617 CVE-2022-0854 CVE-2022-0865 CVE-2022-0891 CVE-2022-0897 CVE-2022-0908 CVE-2022-0909 CVE-2022-0918 CVE-2022-0924 CVE-2022-0934 CVE-2022-0996 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1122 CVE-2022-1184 CVE-2022-1304 CVE-2022-1328 CVE-2022-1348 CVE-2022-1353 CVE-2022-1354 CVE-2022-1355 CVE-2022-1471 CVE-2022-1679 CVE-2022-1705 CVE-2022-1706 CVE-2022-1708 CVE-2022-1852 CVE-2022-1962 CVE-2022-1998 CVE-2022-20368 CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-21245 CVE-2022-21249 CVE-2022-21253 CVE-2022-21254 CVE-2022-21256 CVE-2022-21264 CVE-2022-21265 CVE-2022-21270 CVE-2022-21278 CVE-2022-21297 CVE-2022-21301 CVE-2022-21302 CVE-2022-21303 CVE-2022-21304 CVE-2022-2132 CVE-2022-21339 CVE-2022-21342 CVE-2022-21344 CVE-2022-21348 CVE-2022-21351 CVE-2022-21352 CVE-2022-21358 CVE-2022-21362 CVE-2022-21367 CVE-2022-21368 CVE-2022-21370 CVE-2022-21372 CVE-2022-21374 CVE-2022-21378 CVE-2022-21379 CVE-2022-21618 CVE-2022-21619 CVE-2022-21624 CVE-2022-21626 CVE-2022-21628 CVE-2022-21673 CVE-2022-21682 CVE-2022-21698 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVE-2022-21824 CVE-2022-2211 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22662 CVE-2022-22719 CVE-2022-22721 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-22844 CVE-2022-2309 CVE-2022-2319 CVE-2022-2320 CVE-2022-23645 CVE-2022-23816 CVE-2022-23825 CVE-2022-2393 CVE-2022-23943 CVE-2022-23960 CVE-2022-2414 CVE-2022-24448 CVE-2022-24735 CVE-2022-24736 CVE-2022-24795 CVE-2022-25255 CVE-2022-25308 CVE-2022-25309 CVE-2022-25310 CVE-2022-2602 CVE-2022-26125 CVE-2022-2625 CVE-2022-26373 CVE-2022-26377 CVE-2022-2639 CVE-2022-26700 CVE-2022-26709 CVE-2022-26710 CVE-2022-26716 CVE-2022-26717 CVE-2022-26719 CVE-2022-27191 CVE-2022-27337 CVE-2022-27404 CVE-2022-27405 CVE-2022-27406 CVE-2022-27664 CVE-2022-27775 CVE-2022-27950 CVE-2022-28131 CVE-2022-28199 CVE-2022-28390 CVE-2022-2850 CVE-2022-28614 CVE-2022-28615 CVE-2022-28893 CVE-2022-29162 CVE-2022-2938 CVE-2022-29404 CVE-2022-29581 CVE-2022-2989 CVE-2022-2990 CVE-2022-29900 CVE-2022-29901 CVE-2022-30067 CVE-2022-30123 CVE-2022-30293 CVE-2022-30522 CVE-2022-30550 CVE-2022-30556 CVE-2022-30594 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-30698 CVE-2022-30699 CVE-2022-31625 CVE-2022-31813 CVE-2022-32148 CVE-2022-32189 CVE-2022-3239 CVE-2022-32742 CVE-2022-32746 CVE-2022-32990 CVE-2022-33068 CVE-2022-33099 CVE-2022-3500 CVE-2022-3515 CVE-2022-3517 CVE-2022-35255 CVE-2022-35256 CVE-2022-3550 CVE-2022-3551 CVE-2022-3565 CVE-2022-3602 CVE-2022-36946 CVE-2022-37434 CVE-2022-3786 CVE-2022-3787 CVE-2022-39190 CVE-2022-39236 CVE-2022-39249 CVE-2022-39250 CVE-2022-39251 CVE-2022-39399 CVE-2022-40768 CVE-2022-41853 CVE-2022-41974 CVE-2022-42898 CVE-2022-42919 CVE-2022-42920 CVE-2022-42927 CVE-2022-42928 CVE-2022-42929 CVE-2022-42932 CVE-2022-43548 CVE-2022-4378 CVE-2022-45060 CVE-2022-45403 CVE-2022-45404 CVE-2022-45405 CVE-2022-45406 CVE-2022-45408 CVE-2022-45409 CVE-2022-45410 CVE-2022-45411 CVE-2022-45412 CVE-2022-45414 CVE-2022-45416 CVE-2022-45418 CVE-2022-45420 CVE-2022-45421 CVE-2022-46872 CVE-2022-46874 CVE-2022-46878 CVE-2022-46880 CVE-2022-46881 CVE-2022-46882 |
CWE-ID | CWE-20 CWE-601 CWE-119 CWE-125 CWE-400 CWE-416 CWE-254 CWE-703 CWE-200 CWE-185 CWE-415 CWE-476 CWE-401 CWE-843 CWE-399 CWE-264 CWE-787 CWE-347 CWE-444 CWE-704 CWE-94 CWE-362 CWE-284 CWE-78 CWE-79 CWE-369 CWE-129 CWE-502 CWE-61 CWE-327 CWE-346 CWE-667 CWE-350 CWE-295 CWE-59 CWE-862 CWE-122 CWE-732 CWE-297 CWE-190 CWE-617 CWE-613 CWE-824 CWE-276 CWE-22 CWE-352 CWE-639 CWE-287 CWE-1037 CWE-611 CWE-909 CWE-121 CWE-191 CWE-388 CWE-911 CWE-863 CWE-120 CWE-341 CWE-908 CWE-755 CWE-330 CWE-285 CWE-345 CWE-749 CWE-918 CWE-451 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #20 is available. Public exploit code for vulnerability #56 is available. Public exploit code for vulnerability #58 is available. Vulnerability #62 is being exploited in the wild. Public exploit code for vulnerability #63 is available. Vulnerability #65 is being exploited in the wild. Public exploit code for vulnerability #86 is available. Public exploit code for vulnerability #87 is available. Public exploit code for vulnerability #92 is available. Public exploit code for vulnerability #98 is available. Vulnerability #99 is being exploited in the wild. Vulnerability #102 is being exploited in the wild. Public exploit code for vulnerability #110 is available. Vulnerability #120 is being exploited in the wild. Public exploit code for vulnerability #124 is available. Public exploit code for vulnerability #195 is available. Public exploit code for vulnerability #210 is available. Public exploit code for vulnerability #267 is available. Public exploit code for vulnerability #287 is available. Public exploit code for vulnerability #296 is available. Public exploit code for vulnerability #301 is available. Public exploit code for vulnerability #306 is available. Public exploit code for vulnerability #363 is available. Public exploit code for vulnerability #364 is available. Public exploit code for vulnerability #365 is available. Public exploit code for vulnerability #366 is available. Public exploit code for vulnerability #385 is available. |
Vulnerable software Subscribe |
Oracle Linux Operating systems & Components / Operating system |
Vendor | Oracle |
Security Bulletin
This security bulletin contains information about 405 vulnerabilities.
EUVDB-ID: #VU62415
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21418
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62421
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21435
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62418
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21427
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62416
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21417
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62427
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21415
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62420
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21414
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62417
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21413
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62419
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21412
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65511
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21539
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66400
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-33987
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to requested URLs are not verified and allow open redirection to a local UNIX socket. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62423
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21437
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65509
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21528
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65508
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21527
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65510
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21509
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62414
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21479
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Optimizer component. A remote user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62413
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21478
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62412
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21459
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62411
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21440
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62410
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21425
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65642
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2078
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_set_desc_concat_parse() function in Linux kernel. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62422
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21436
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62424
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21438
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67504
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-40957
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to inconsistent data in instruction and data cache when creating wasm code. A remote attacker can trick the victim to open a specially crafted web page, trigger memory corruption and potentially execute arbitrary code.
Note, the vulnerability affects Firefox on ARM64 platforms only.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65513
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21537
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62434
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21423
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65526
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21538
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65524
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21522
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62430
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21460
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62428
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21451
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62429
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21444
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65520
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21553
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65514
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21547
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65523
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21534
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62425
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21452
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65519
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21531
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65518
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21530
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65517
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21529
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65516
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21526
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65515
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21525
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65512
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21517
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65521
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21515
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62426
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21462
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65522
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21455
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63911
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-3669
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to measuring usage of the shared memory does not scale with large shared memory segment counts. A local user can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62409
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21457
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: PAM Auth Plugin component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67532
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-40674
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the doContent() function in xmlparse.c. A remote attacker can pass specially crafted input to the application that is using the affected library, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67500
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-40959
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect initialization of FeaturePolicy on all pages during iframe navigation. A remote attacker can trick the victim to open a specially crafted website, bypass FeaturePolicy restrictions and force the browser to leak device permissions into untrusted subdocuments.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65273
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32212
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to IsIPAddress does not properly checks if an IP address is invalid or not. A remote unauthenticated attacker can exploit this vulnerability to bypass the IsAllowedHost check and execute arbitrary code on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66698
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-29244
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to npm pack ignores root-level .gitignore and .npmignore file exclusion
directives when run in a workspace or with a workspace flag (ie.
`--workspaces`, `--workspace=
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57967
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-3807
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63698
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-33502
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to exponential performance for data. A remote attacker can pass specially crafted data to the application and perform a regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU52985
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-28469
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect handling of user-supplied input in regular expression. A remote attacker can pass specially crafted input to the application and perform regular expression denial of service (ReDoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65915
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-2509
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67505
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-40962
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67501
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-40960
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error caused by a concurrent use of the URL parser with non-UTF-8 data. A remote attacker can trick the victim to visit a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67528
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-31213
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when handling a malformed XML config file. A local user can supply a specially crafted XML file to the service and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66919
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-3033
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way Thunderbird handles the meta
tag
having the http-equiv="refresh"
attribute in email messages when the user replies to an email. A remote attacker can send a specially crafted email to the victim and force the application to initiate requests to an external URL regardless of the configuration to block
remote content.
Combined with other HTML elements and attributes in the email, it is possible to execute arbitrary JavaScript code included into the malicious message in the context of the message compose document and read or modify the contents of the message compose document, including the quoted original message, which could potentially contain the decrypted plaintext of encrypted data in the crafted email.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67527
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-31212
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when parsing DBus service Exec line in c-uitl/c-shquote. A local user can pass specially crafted input to the service, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67550
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-38178
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the DNSSEC verification code for the EdDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed EdDSA signature and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67549
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-38177
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the DNSSEC verification code for the ECDSA algorithm. A remote attacker can spoof the target resolver with responses that have a malformed ECDSA signature and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67548
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-3080
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when resolvers are configured to answer from stale cache with zero stale-answer-client-timeout and there is a stale CNAME in the cache for an incoming query. A remote attacker can send a specially crafted request to the DNS resolver and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65360
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-34918
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists in the Linux kernel’s Netfilter subsystem in the way a user provides incorrect input of the NFT_DATA_VERDICT type. A local user can pass specially crafted data to the application, trigger a type confusion error and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66394
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2585
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack or escalate privileges on the system.
The vulnerability exists due to improper management of internal resources in POSIX CPU timers when handling death of a process. A local user can crash the kernel or execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68170
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-41032
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in the NuGet Client, which leads to security restrictions bypass and privilege escalation.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66587
Risk: Critical
CVSSv3.1:
CVE-ID: CVE-2022-32893
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in WebKit when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds write and execute arbitrary code on the target system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67609
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-41318
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information or crash the server.
The vulnerability exists due to a boundary condition within SSPI and SMB authentication helpers. A remote attacker can trigger an out-of-bounds read error and read contents of memory on the system or crash the server.
Successful exploitation of the vulnerability requires that Squid is configured to use NTLM or Negotiate authentication with one of the vulnerable helpers.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67665
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-25857
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64909
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-34903
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65282
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32215
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to llhttp parser in the http module does not correctly handle multi-line Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66922
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-36059
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Matrix SDK. A remote attacker sharing a room with a victim can hide some of the rooms or spaces from users and cause minor temporary corruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66921
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-3034
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to iframe elements in an HTML email force the application to initiate network requests. A remote attacker can use an iframe to confirm that the email was read by the victim and obtain victim's IP address.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66920
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-3032
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists doe to incorrect processing of HTML emails with an iframe</code> element that uses a <code>srcdoc
attribute to define the inner HTML document. A remote attacker can trick the victim to open a specially crafted email message and bypass blocking of remote objects specified in the nested document, for example images or videos.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67502
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-40958
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to incorrect handling of cookies. A remote attacker with access to a shared subdomain can inject a cookies with certain special characters, bypass Secure Context restriction for cookies with __Host and __Secure prefix and overwrite these cookies, potentially allowing session fixation attacks.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67503
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-40956
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to some requests may ignore the CSP's base-uri settings when handling HTML base element injection. A remote attacker can force the browser to accept the injected element's base instead of the original code, leading to Content Security Policy bypass.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 8.0 - 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62081
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-28739
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a type conversion error in some convertion methods like Kernel#Float</code> and <code>String#to_f
. A remote attacker can pass specially crafted data to the affected application, trigger memory corruption and execute arbitrary code in the system.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62080
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-28738
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Regexp compilation process in Ruby. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67475
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21385
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the net_rds_alloc_sgs() function in net/rds/message.c in Linux kernel. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65278
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32214
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to llhttp parser in the http module does not strictly use the CRLF sequence to delimit HTTP requests. A remote attacker can send a specially crafted HTTP request to the server and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66955
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-7788
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code.
The vulnerability exists due to improper input validation when handling INI files. A remote attacker can pass a specially crafted INI file to the application and perform prototype pollution attacks.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65275
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-32213
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of HTTP requests. A remote attacker can send a specially-crafted request to lead to HTTP Request Smuggling to poison the web cache, bypass web application firewall protection, and conduct XSS attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65505
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21569
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65504
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21556
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62404
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21454
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67477
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-3028
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in the Linux kernel's IP framework for transforming packets (XFRM subsystem) when multiple calls to xfrm_probe_algs occurred simultaneously. A local user can exploit the race and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63961
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21499
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to improper access restrictions to the kernel debugger when booted in secure boot environments. A local privileged user can bypass UEFI Secure Boot restrictions.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66397
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2588
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a double free error within the network packet scheduler implementation
in the route4_change() function in Linux kernel when removing all references to a route filter
before freeing it. A local user can run a specially crafted program to
crash the kernel or execute arbitrary code.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 9.0
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66396
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-2586
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the netfilter subsystem implementation in Linux kernel when preventing one nft object from referencing an nft set in another nft table. A local user can trigger a use-after-free error and execute arbitrary code on the system with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 7 - 8.6
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62358
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1280
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error within the drm_lease_held() function in drivers/gpu/drm/drm_lease.c in the Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and crash the kernel or gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: 7 - 8.6
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68553
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21546
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the scsi subsystem within the OS kernel. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: 7.0 - 8.6
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64573
Risk: High
CVSSv3.1:
CVE-ID: CVE-2015-20107
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the mailcap module, which does not escape characters into commands discovered in the system mailcap file. A remote unauthenticated attacker can pass specially crafted data to the applications that call mailcap.findmatch with untrusted input and execute arbitrary OS commands on the target system.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66123
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2016-3709
CWE-ID:
Exploit availability:
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU18092
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2019-11358
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to prototype pollution. A remote attacker can trick the extend
function can into modifying the prototype of Object
when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that will then exist on all objects and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU45872
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-0256
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local non-authenticated attacker to execute arbitrary code.
In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-152874864
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67760
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-10735
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion in algorithms with quadratic time complexity when using non-binary bases within the int() call. A remote attacker can pass specially crafted data to the affected application and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU69350
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-23903
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a division by zero error when handling .wav files. A remote attacker can trick the victim into opening a specially crafted .wav file and crash the application.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68779
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-28851,CVE-2020-28852
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of array index in language.ParseAcceptLanguage while processing a BCP 47 tag. A remote attacker can send a specially crafted HTTP request containing a malformed HTTP Accept-Language header and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU48669
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-28948
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data, related to case sensitivity issues (e.g. "phar:" protocol is blocked, however "PHAR:" is not). A remote attacker can pass specially crafted data to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU48668
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-28949
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper sanitization of the user-supplied input when processing URI handlers in filenames. A remote attacker can pass the "file://" string in the filename and overwrite arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67411
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-35525
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the INTERSEC query processing. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67412
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-35527
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling ALTER TABLE for views that have a nested FROM clause. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU49907
Risk: High
CVSSv3.1:
CVE-ID: CVE-2020-36193
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a symlink following issue in tar.php file in Archive_Tar. A remote attacker can pass specially crafted archive to the application and force the application to overwrite arbitrary files on the system using directory traversal sequences.
Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66811
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2020-36516
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) or MitM attacks.
The vulnerability exists due to an error in the mixed IPID assignment method with the hash-based IPID assignment policy in Linux kernel. A remote attacker can inject data into a victim's TCP session or terminate that session.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66589
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2020-36558
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel before 5.5.7 involving a VT_RESIZEX. A local user can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU49882
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-0308
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local authenticated user to execute arbitrary code.
In ReadLogicalParts of basicmbr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-8.1, Android-9, Android-10, Android-11, Android-8.0; Android ID: A-158063095.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU69342
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-0561
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the append_to_verify_fifo_interleaved_ in stream_encoder.c in Media Framework. A local application can trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU50275
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-20199
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to missing authentication when connecting from all sources. A remote attacker can send a specially crafted request and bypass access restrictions to containerized applications.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62797
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-20291
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS) on the target system.
The vulnerability exists due to double-locking error. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation where the code indefinitely waits for the tar unpacked stream, which never finishes. An attacker could use this vulnerability to craft a malicious image, which when downloaded and stored by an application using containers/storage, would then cause a deadlock leading to a Denial of Service (DoS).
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58331
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-21707
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to inject arbitrary XML code.
The vulnerability exists due to insufficient validation of user-supplied input within the simplexml_load_file() PHP function when processing NULL byte character (e.g. %00). A remote attacker can pass specially crafted URL to the application and bypass implemented security restrictions.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU60707
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-21708
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the "php_filter_float()" function. A remote attacker can pass specially crafted input to the application that uses the affected PHP function, trigger a use-after-free error and crash the php-fpm process.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62403
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-22570
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Compiling (protobuf) component in MySQL Server. A remote non-authenticated attacker can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66868
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-23648
CWE-ID:
Exploit availability:
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in sanitizeUrl() function. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57516
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-2478
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57517
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-2479
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57503
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-2481
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU61422
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-25220
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to poison DNS cache.
The vulnerability exists due to an error in DNS forwarder implementation. When using forwarders, bogus NS records supplied by, or via, those forwarders may be cached and used by named
if it needs to recurse for any reason, causing it to obtain and pass on potentially incorrect answers. The cache could become poisoned with incorrect records leading to
queries being made to the wrong servers, which might also result in
false information being returned to clients.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU60762
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-25636
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a spoofing attack.
The vulnerability exists due to improper certificate validation when processing digital signatures of ODF documents. A remote attacker can modify the documentsignatures.xml or macrosignatures.xml stream within the document to contain both "X509Data" and "KeyValue" children of the "KeyInfo" tag[1], which when opened caused LibreOffice to verify using the "KeyValue" but to report verification with the unrelated "X509Data" value.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67591
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-28861
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to redirect victims to arbitrary URL.
The vulnerability exists due to improper sanitization of user-supplied data in lib/http/server.py due to missing protection against multiple (/) at the beginning of URI path. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.
Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68552
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-30002
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the webcam support driver in video_usercopy() function in drivers/media/v4l2-core/v4l2-ioctl.c in Linux kernel. A local user can trigger leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU55101
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-32610
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to the application does not check if the file in the archive is a symbolic link when extracting it. A remote attacker can pass a specially crafted file to the application and overwrite arbitrary files on the system. Successful exploitation of the vulnerability may allow an attacker to compromise the affected system.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU56022
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-33195
CWE-ID:
Exploit availability:
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of data passed from DNS lookups. A remote attacker can send a specially crafted DNS reqponse and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU56023
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-33197
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to an error in some configurations of ReverseProxy (from net/http/httputil). A remote attacker can drop arbitrary headers and bypass authorization process.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU56024
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-33198
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a large exponent to the math/big.Rat SetString or UnmarshalText method. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU55665
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-34558
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper certificate verification in crypto/tls package in Go when processing X.509 certificates. The application does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU69294
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-3497
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when demuxing certain malformed Matroska files. A remote attacker can trick the victim into opening a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64569
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-3507
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the fdctrl_transfer_handler() function in hw/block/fdc.c while processing DMA read
data transfers from the floppy drive to the guest system. A remote privileged user on the guest OS can trigger a heap-based buffer overflow and crash the QEMU process on the host OS.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57541
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35546
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57527
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35575
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57515
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35577
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57519
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35591
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57520
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35596
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Error Handling component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57501
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35597
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the C API component in MySQL Client. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57514
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35602
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57511
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35604
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57502
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35607
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57513
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35608
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57500
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35610
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57512
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35612
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57542
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35622
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57551
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35623
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Security: Roles component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57543
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35624
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57550
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35625
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to gain access to sensitive information.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote privileged user can exploit this vulnerability to gain access to sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57523
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35626
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57524
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35627
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57525
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35628
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57539
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35630
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Server: Options component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57522
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35631
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: GIS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57545
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35632
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Data Dictionary component in MySQL Server. A local privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57549
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35633
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Logging component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57528
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35634
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57529
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35635
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57530
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35636
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57540
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35637
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: PS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57531
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35638
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57544
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35639
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57548
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-35640
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to manipulate data.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57532
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35641
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57533
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35642
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57534
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35643
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57535
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35644
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57536
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35645
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57537
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35646
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57538
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35647
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU57521
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-35648
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: FTS component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU69352
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-3611
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in the Intel HD Audio device (intel-hda) of QEMU. A remote user of the guest OS trigger an out-of-bounds write and crash the QEMU process on the host.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU55668
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-36221
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in net/http/httputil ReverseProxy when handling ErrAbortHandler events. A remote attacker can trigger a race condition and crash the ReverseProxy.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62735
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-3631
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to an error in the way SELinux MCS category pairs for VMs' dynamic labels in security/security_selinux.c. An attacker with access to the guest OS can access files labeled for another guest.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63769
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-3640
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in sco_sock_sendmsg() function of the Linux kernel HCI subsystem. A privileged local user can call ioct UFFDIO_REGISTER or other way trigger race condition to escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU69353
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-3750
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in the USB EHCI controller emulation of QEMU. A remote guest can trigger a use-after-free error and execute arbitrary code on the host OS.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63625
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-3839
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to vhost_user_set_inflight_fd() function does not validate msg->payload.inflight.num_queues. A local user can trigger out-of-bounds write and execute arbitrary code with elevated privileges.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58668
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-4024
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the "podman machine" function. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU69295
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-4048
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the CLARRV, DLARRV, SLARRV, and ZLARRV functions in lapack. A remote attacker can pass specially crafted data to the application, trigger an out-of-bounds read error and crash the affected application.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU58229
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-41190
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the system.
The vulnerability exists due to a type confusion error. A remote authenticated attacker can pass specially crafted data to the application, trigger a type confusion error and interpret the resulting content differently.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63781
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-4158
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the ACPI code of QEMU when handling certain values. A privileged user can crash the QEMU process on the host, resulting in a denial of service condition.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU65086
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2021-44269
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing *.WAV files within the WavpackPackSamples() function in src/pack_utils.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the application.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59548
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-44531
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The
vulnerability exists due to insufficient validation of URI Subject
Alternative Names. Node.js accepts arbitrary Subject Alternative Name
(SAN) types, unless a PKI
is specifically defined to use a particular SAN type. A remote attacker
can bypass name-constrained intermediates and perform spoofing attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59549
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-44532
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper validation of certificates, when converting SANs (Subject Alternative Names) to a string format. A remote attacker can inject special characters into the string and perform spoofing attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59550
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-44533
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper validation of certificate subject and issuer fields. A remote attacker can create a certificate with specially crafted multi-value Relative Distinguished Names and perform spoofing attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64030
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-44906
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trick the library into adding or modifying the properties of Object.prototype, using a constructor or __proto__ payload, resulting in prototype pollution and loss of confidentiality, availability, and integrity.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59643
Risk: High
CVSSv3.1:
CVE-ID: CVE-2021-46143
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the doProlog() function in xmlparse.c. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66152
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2021-46828
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to library improperly handles idle TCP connections. A remote attacker can exhaust the file descriptors of a process that uses libtirpc and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63789
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-0168
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s smb2_ioctl_query_info function in the fs/cifs/smb2ops.c Common Internet File System (CIFS). A privileged (CAP_SYS_ADMIN) attacker can perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68551
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0216
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU when processing repeated messages to cancel the current SCSI request via the lsi_do_msgout() function. A remote user on the guest OS can trigger a use-after-free error and perform a denial of service attack against the QEMU host.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU61423
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0396
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application that allows TCP connection slots to be consumed for an indefinite time
frame via a specifically crafted TCP stream sent from a client. A remote attacker can initiate a specially crafted TCP stream that can cause connections to BIND to remain in CLOSE_WAIT
status for an indefinite period of time, even after the client has terminated the connection.
This issue can only be triggered on BIND servers which have keep-response-order
enabled, which is not the default configuration. The keep-response-order
option is an ACL block; any hosts which are specified within it will be able to trigger this issue on affected versions.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64259
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-0494
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in the scsi_ioctl() function in drivers/scsi/scsi_ioctl.c in the Linux kernel. A local user with a special user privilege (CAP_SYS_ADMIN or CAP_SYS_RAWIO) can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63326
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0561
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFFetchStripThing() in tif_dirread.c. A remote attacker can trick victim to open specially crafted TIFF file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63328
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0562
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFReadDirectory() in tif_dirread.c. A remote attacker can trick victim to open specially crafted TIFF file and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU61210
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-0617
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel UDF file system functionality. A local user can supply a malicious UDF image to the udf_file_write_iter() function and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63427
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-0854
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due memory leak in the Linux kernel’s DMA subsystem when processing DMA_FROM_DEVICE calls. A local user can trigger a memory leak error and read random memory from the kernel space.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63332
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0865
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in the tiffcp component. A remote attacker can trick a victim to open a specially crafted TIFF file and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63329
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0891
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing TIFF file in ExtractImageSection() function in tiffcrop.c. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62739
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0897
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to double-locking error within the nwfilterConnectNumOfNWFilters() function in nwfilter/nwfilter_driver.c in libvirt. An local user can abuse the libvirt API virConnectNumOfNWFilters to crash the network filter management daemon (libvirtd/virtnwfilterd).
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63374
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0908
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the memcpy() function within TIFFFetchNormalTag () in tif_dirread.c. A remote attacker can pass specially crafted TIFF file to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63376
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0909
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error in the tiffcrop component. A remote attacker can pass a specially crafted TIFF file to the application and crash it.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63128
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0918
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling network packets. A remote attacker can create a single TCP packet to the LDAP port, trigger a segmentation fault and crash the slapd daemon.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63378
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0924
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial-of-service attack.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted TIFF file, trick the victim into opening it, trigger out-of-bounds read error and perform a denial-of-service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63013
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0934
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when handling DHCPv6 requests. A remote attacker can send specially crafted DHCPv6 packets to the affected application, trigger a use-after-free error and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64661
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-0996
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient session expiration issue that allows expired passwords to access the database to cause improper authentication. A remote non-authenticated attacker can obtain or guess session token and gain unauthorized access to session that belongs to another user.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62028
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1016
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error in net/netfilter/nf_tables_core.c:nft_do_chain in Linux kernel.. A local user can trigger a use-after-free error and gain access to sensitive information.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63428
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1048
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to execute arbitrary code with elevated privileges.
The vulnerability exists due to a use-after-free error in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. A local user can execute arbitrary code with elevated privileges and perform a denial-of-service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU61765
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1055
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tc_new_tfilter in Linux kernel. A local user can run a specially crafted program to trigger a use-after-free error and execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63450
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1122
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an invalid pointer initialization in the opj2_decompress program. A remote attacker can gain unauthorized access to sensitive information and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64438
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1184
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to a use-after-free error in fs/ext4/namei.c:dx_insert_block() function in the Linux kernel’s filesystem sub-component.. A local user can trigger use-after-free and perform a denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64075
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1304
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU62357
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-1328
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing email messages. A remote attacker can create a specially crafted message, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63693
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1348
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to the way logrotate uses the state file. When the state file does not exist, it is created with world-readable permission, allowing an unprivileged user to lock the state file, stopping any rotation.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63388
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1353
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in the pfkey_register function in net/key/af_key.c in the Linux kernel. A local user can gain unauthorized access to kernel memory, leading to a system crash or a leak of internal kernel information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67498
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-1354
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the TIFFReadRawDataStriped() function in tiffinfo.c. A remote attacker can pass specially crafted TIFF file to the application that is using the affected library, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67497
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-1355
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within tiffcp.c when processing TIFF files. A remote attacker can pass specially crafted TIFF file to the application that is using the affected library, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU70385
Risk: High
CVSSv3.1:
CVE-ID: CVE-2022-1471
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to insecure input validation when processing serialized data within the SnakeYaml's Constructor() class. A remote attacker can pass specially crafted yaml content to the application and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64861
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1679
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ath9k_htc_wait_for_target() function in the Linux kernel’s Atheros wireless adapter driver. A local user can execute arbitrary code with elevated privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66064
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-1705
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of Transfer-Encoding headers in HTTP/1 responses. A remote attacker can send a specially crafted HTTP/1 response to the client and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU63493
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1706
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in ignition configs. A remote user on the local network can bypass implemented security restrictions and obtain sensitive information.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64008
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-1708
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the ExecSync request. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64262
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1852
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel’s KVM module. A local user can perform a denial of service (DoS) attack in the x86_emulate_insn in arch/x86/kvm/emulate.c.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66065
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-1962
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in go/parser. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU69338
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-1998
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the copy_event_to_user() function in Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU67473
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-20368
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the packet_recvmsg() function in Linux kernel. A local user can trigger an out-of-bounds read error and potentially escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64364
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21123
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64365
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21125
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64366
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21166
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists in Intel processors due to excessive data output when DirectPath I/O (PCI-Passthrough) is utilized. An attacker (both local and remote) with administrative access to a virtual machine that has an attached DirectPath I/O (PCI-Passthrough) device can obtain information stored in physical memory about the hypervisor or other virtual machines that reside on the same host.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59792
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21245
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to manipulate data.
The vulnerability exists due to improper input validation within the Server: Security: Privileges component in MySQL Server. A remote authenticated user can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59807
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21249
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: DDL component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59782
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21253
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59775
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21254
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59778
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21256
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59783
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21264
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59793
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21265
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to manipulate or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to manipulate or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59777
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21270
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Federated component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59735
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21278
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59784
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21297
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59772
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21301
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: DML component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59774
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21302
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59790
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21303
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Stored Procedure component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59788
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21304
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Parser component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU66871
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-2132
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the copy_desc_to_mbuf() function when processing Vhost header. A remote guest can send a packet with the Vhost header crossing more than two descriptors and force application to allocate all available mbufs, causing a denial of service condition for the other guest running on the hypervisor.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59785
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21339
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59786
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21342
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59789
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21344
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Replication component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59776
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21348
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59736
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21351
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote authenticated user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59770
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21352
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the InnoDB component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59738
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21358
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59780
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21362
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59771
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21367
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Compiling component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59791
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21368
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to read and manipulate data.
The vulnerability exists due to improper input validation within the Server: Components Services component in MySQL Server. A remote privileged user can exploit this vulnerability to read and manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59787
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21370
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59808
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21372
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform service disruption.
The vulnerability exists due to improper input validation within the Server: Security: Encryption component in MySQL Server. A remote privileged user can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59781
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21374
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Information Schema component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59773
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21378
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to damange or delete data.
The vulnerability exists due to improper input validation within the Server: Optimizer component in MySQL Server. A remote privileged user can exploit this vulnerability to damange or delete data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59779
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21379
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote privileged user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Server: Group Replication Plugin component in MySQL Server. A remote privileged user can exploit this vulnerability to perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68439
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21618
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JGSS component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68442
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21619
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68441
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21624
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the JNDI component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68438
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21626
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Security component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU68437
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21628
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Lightweight HTTP Server component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64402
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21673
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A remote user can pass a specially crafted query to the data source with an API token and Forward OAuth Identity feature enabled to gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU59689
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21682
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when flatpak-builder applies "finish-args" last in the build. A remote authenticated attacker can send a specially crafted HTTP request and create arbitrary files on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU61599
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21698
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64397
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21702
CWE-ID:
Exploit availability:
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in Grafana. A remote attacker can trick the victim to visit a specially crafted link, execute arbitrary HTML code, and perform a Cross-site scripting (XSS) attack.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64399
Risk: Medium
CVSSv3.1:
CVE-ID: CVE-2022-21703
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim into inviting the attacker as a new user with high privileges to escalate privileges.
Install update from vendor's website.
Vulnerable software versionsOracle Linux: All versions
Fixed software versionsCPE2.3 External links
http://www.oracle.com/security-alerts/linuxbulletinoct2022.html
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64394
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-21713
CWE-ID: