Forum

Message Boards Message Boards

Announcements

Security Vulnerabilities Notification

Security Vulnerabilities Notification
Answer
3 October 2022 1:15

Dear Creodias Users, 

 

In the Security section, customers will find information about the latest and most critical security vulnerabilities, published in the last month by the SANS Institute (www.sans.org). Security vulnerabilities in software and hardware are very often used by cybercriminals to attack IT infrastructure and steal or destroy company’s data, that is why companies are advised to fix those vulnerabilities as soon as possible.  

 

ID: CVE-2022-34918 

Title: Type Confusion vulnerability in the Linux Kernel 

Description: An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. 

 

ID: CVE-2019-15167 

Title: Buffer over-read vulnerability in VRRP PARSER 

Description: The vulnerability affects the function vrrp_print of the file print-vrrp.c of the component VRRP Parser. The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. 

 

ID: CVE-2020-22669 

Title: SQL injection bypass vulnerability in Modsecurity owasp-modsecurity-crs 3.2.0 

Description: Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. 

 

ID: CVE-2022-21797 

Title: Remote code execution vulnerability in Joblib 

Description: The package joblib from 0 and before 1.2.0 are vulnerable to Arbitrary Code Execution via the pre_dispatch flag in Parallel() class due to the eval() statement. 

 

 

ID: CVE-2022-36934 

Title: Heap-based buffer overflow vulnerability in WhatsApp 

Description: An integer overflow in WhatsApp for Android prior to v2.22.16.12, Business for Android prior to v2.22.16.12, iOS prior to v2.22.16.12, Business for iOS prior to v2.22.16.12 could result in remote code execution in an established video call. The vulnerability affects the unknown code of the component Video Call Handler. 

 

 

0 (0 Votes)