Security Vulnerabilities - CVEs Published In December 2022
A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-12-08
A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality.
CVSS Score
3.3
EPSS Score
0.0
Published
2022-12-08
Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information.
CVSS Score
6.8
EPSS Score
0.0
Published
2022-12-08
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.
CVSS Score
4.0
EPSS Score
0.0
Published
2022-12-08
Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-12-08
The response header has not enabled X-FRAME-OPTIONS, Which helps prevents against Clickjacking attack.. Some browsers would interpret these results incorrectly, allowing clickjacking attacks.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-12-08
A flaw was found in Openshift. A pod with a DNSPolicy of "ClusterFirst" may incorrectly resolve the hostname based on a service provided. This flaw allows an attacker to supply an incorrect name with the DNS search policy, affecting confidentiality and availability.
CVSS Score
8.1
EPSS Score
0.004
Published
2022-12-08
Kernel subsystem within OpenHarmony-v3.1.4 and prior versions in kernel_liteos_a has a kernel stack overflow vulnerability when call SysClockGetres. 4 bytes padding data from kernel stack are copied to user space incorrectly and leaked.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-12-08
The appspawn and nwebspawn services within OpenHarmony-v3.1.2 and prior versions were found to be vulnerable to buffer overflow vulnerability due to insufficient input validation. An unprivileged malicious application would be able to gain code execution within any application installed on the device or cause application crash.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-12-08
Tenda A18 v15.13.07.09 was discovered to contain a stack overflow via the security_5g parameter at /goform/WifiBasicSet.
CVSS Score
7.5
EPSS Score
0.002
Published
2022-12-08