Security Vulnerabilities - CVEs Published In February 2022
An incorrect sysctls validation vulnerability was found in CRI-O 1.18 and earlier. The sysctls from the list of "safe" sysctls specified for the cluster will be applied to the host if an attacker is able to create a pod with a hostIPC and hostNetwork kernel namespace.
CVSS Score
4.2
EPSS Score
0.001
Published
2022-02-09
A vulnerability was found in htmldoc version 1.9.15 where the stack out-of-bounds read takes place in gif_get_code() and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault).
CVSS Score
5.5
EPSS Score
0.001
Published
2022-02-09
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID: ALPS05862991.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-02-09
In system service, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219064; Issue ID: ALPS06219064.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-09
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126832; Issue ID: ALPS06126832.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-09
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126827; Issue ID: ALPS06126827.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-09
In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06126826; Issue ID: ALPS06126826.
CVSS Score
7.8
EPSS Score
0.0
Published
2022-02-09
Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-02-09
improper input validation vulnerability in nexacro permits copying file to the startup folder using rename method.
CVSS Score
8.1
EPSS Score
0.003
Published
2022-02-09
An OS command injection was found in SecuwaySSL, when special characters injection on execute command with runCommand arguments.
CVSS Score
7.8
EPSS Score
0.007
Published
2022-02-09