Security Vulnerabilities - CVEs Published In April 2022
A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.
CVSS Score
7.0
EPSS Score
0.0
Published
2022-04-29
A heap-use-after-free flaw was found in ImageMagick's RelinquishDCMInfo() function of dcm.c file. This vulnerability is triggered when an attacker passes a specially crafted DICOM image file to ImageMagick for conversion, potentially leading to information disclosure and a denial of service.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-04-29
A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-04-29
A privilege escalation flaw was found in Podman. This flaw allows an attacker to publish a malicious image to a public registry. Once this image is downloaded by a potential victim, the vulnerability is triggered after a user runs the 'podman top' command. This action gives the attacker access to the host filesystem, leading to information disclosure or denial of service.
CVSS Score
8.8
EPSS Score
0.329
Published
2022-04-29
A NULL pointer dereference flaw was found in pesign's cms_set_pw_data() function of the cms_common.c file. The function fails to handle the NULL pwdata invocation from daemon.c, which leads to an explicit NULL dereference and crash on all attempts to daemonize pesign.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-04-29
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux kernel. This flaw allows a local, unprivileged user to gain access to kernel memory, leading to a system crash or a leak of internal kernel information.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-04-29
A hardcoded cryptographic key in Automation360 22 allows an attacker to decrypt exported RPA packages.
CVSS Score
7.5
EPSS Score
0.006
Published
2022-04-29
IBM UrbanCode Deploy (UCD) 7.1.1.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-04-29
Elcomplus SmartPTT SCADA Server web application does not, or cannot, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
CVSS Score
7.6
EPSS Score
0.001
Published
2022-04-29
Red Planet Laundry Management System 1.0 is vulnerable to SQL Injection.
CVSS Score
9.8
EPSS Score
0.115
Published
2022-04-29