Description
A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn’t need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a
Base Score: 8.8 HIGH
CVE-2022-3724 Description Crash in the USB HID protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file on Windows Base Score: 7.5 HIGH https://www.wireshark.org/security/wnpa-sec-2022-08.html ____________________________ CVE-2022-46829 Description In JetBrains JetBrains Gateway before 2022.3 a client could connect without a valid token if the host consented. Base Score: 8.8 HIGH […]
CVE-2022-43883 Description IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 could be vulnerable to a Log Injection attack by constructing URLs from user-controlled data. This could enable attackers to make arbitrary requests to the internal network or to the local file system. IBM X-Force ID: 240266. Base Score: 7.5 HIGH https://www.ibm.com/support/pages/node/6841801 ____________________ CVE-2022-38708 Description IBM Cognos Analytics […]
CVE-2020-14349 Description It was found that PostgreSQL versions before 12.4, before 11.9 and before 10.14 did not properly sanitize the search_path during logical replication. An authenticated attacker could use this flaw in an attack similar to CVE-2018-1058, in order to execute arbitrary SQL command in the context of the user used for replication. Base Score: 7.1 […]
Leave a Reply