Security Vulnerabilities - CVEs Published In August 2022
A vulnerbiility was found in Openscad, where a DXF-format drawing with particular (not necessarily malformed!) properties may cause an out-of-bounds memory access when imported using import().
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-29
A vulnerbiility was found in Openscad, where a .scad file with no trailing newline could cause an out-of-bounds read during parsing of annotations.
CVSS Score
7.1
EPSS Score
0.001
Published
2022-08-29
A flaw was found in dpdk. This flaw allows a malicious vhost-user master to attach an unexpected number of fds as ancillary data to VHOST_USER_GET_INFLIGHT_FD / VHOST_USER_SET_INFLIGHT_FD messages that are not closed by the vhost-user slave. By sending such messages continuously, the vhost-user master exhausts available fd in the vhost-user slave process, leading to a denial of service.
CVSS Score
6.5
EPSS Score
0.0
Published
2022-08-29
A flaw was found in python-oslo-utils. Due to improper parsing, passwords with a double quote ( " ) in them cause incorrect masking in debug logs, causing any part of the password after the double quote to be plaintext.
CVSS Score
4.9
EPSS Score
0.002
Published
2022-08-29
An information leak flaw was found in NFS over RDMA in the net/sunrpc/xprtrdma/rpc_rdma.c in the Linux Kernel. This flaw allows an attacker with normal user privileges to leak kernel information.
CVSS Score
4.3
EPSS Score
0.003
Published
2022-08-29
A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.
CVSS Score
7.1
EPSS Score
0.0
Published
2022-08-29
There is a flaw in convert2rhel. When the --activationkey option is used with convert2rhel, the activation key is subsequently passed to subscription-manager via the command line, which could allow unauthorized users locally on the machine to view the activation key via the process command line via e.g. htop or ps. The specific impact varies upon the subscription, but generally this would allow an attacker to register systems purchased by the victim until discovered; a form of fraud. This could occur regardless of how the activation key is supplied to convert2rhel because it involves how convert2rhel provides it to subscription-manager.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-08-29
Ingredients Stock Management System v1.0 was discovered to contain an arbitrary file deletion vulnerability via the component /classes/Master.php?f=delete_img.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-08-29
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/stockout&month=.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-29
Ingredients Stock Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at /admin/?page=reports/waste&month=.
CVSS Score
8.8
EPSS Score
0.001
Published
2022-08-29