CVE-2022-20929
Description
A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload. This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system.
CNA: Cisco Systems, Inc
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score: 7.8 HIGH
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-ISV-BQrvEv2h
CVE-2019-25044 Description The block subsystem in the Linux kernel before 5.2 has a use-after-free that can lead to arbitrary code execution in the kernel context and privilege escalation, aka CID-c3e2219216c9. This is related to blk_mq_free_rqs and blk_cleanup_queue. Base Score: 7.8 HIGH https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.2
CVE-2022-20803 Description A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this […]
CVE-2022-42255 Description NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. Base Score: 7.8 HIGH https://nvidia.custhelp.com/app/answers/detail/a_id/5415 ___________________________________________ CVE-2022-34676 Description NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, […]
Leave a Reply