what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2022-2309

Status Candidate

Overview

NULL Pointer Dereference allows attackers to cause a denial of service (or application crash). This only applies when lxml is used together with libxml2 2.9.10 through 2.9.14. libxml2 2.9.9 and earlier are not affected. It allows triggering crashes through forged input data, given a vulnerable code sequence in the application. The vulnerability is caused by the iterwalk function (also used by the canonicalize function). Such code shouldn't be in wide-spread use, given that parsing + iterwalk would usually be replaced with the more efficient iterparse function. However, an XML converter that serialises to C14N would also be vulnerable, for example, and there are legitimate use cases for this code sequence. If untrusted input is received (also remotely) and processed via iterwalk function, a crash can be triggered.

Related Files

FreeBSD 13.0 aio_aqueue Kernel Refcount Local Privilege Escalation
Posted Aug 18, 2022
Authored by Chris J-D | Site accessvector.net

FreeBSD versions 11.0 through 13.0 suffers from a local privilege escalation vulnerability via an aio_aqueue kernel refcount bug. This research post goes into great depth on how the researcher traversed the logic flow and achieved exploitability.

tags | exploit, paper, kernel, local
systems | freebsd, bsd
advisories | CVE-2022-23090
SHA-256 | 326b5e8f7907c92be98ab7e3ac35bb7766ebdf09bf20a0f1659fef3debf9aa56
Gentoo Linux Security Advisory 202208-06
Posted Aug 10, 2022
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202208-6 - Multiple vulnerabilities have been discovered in lxml, the worst of which could result in denial of service. Versions less than 4.9.1 are affected.

tags | advisory, denial of service, vulnerability
systems | linux, gentoo
advisories | CVE-2021-28957, CVE-2021-43818, CVE-2022-2309
SHA-256 | 6d9496250c6b1be096da8fdfc2ddf483123bdd7eda3323ea9efa66b39b901e0a
Open-Xchange App Suite 7.10.x Cross Site Scripting / Command Injection
Posted Jul 22, 2022
Authored by Martin Heiland

Open-Xchange App Suite versions 7.10.6 and below suffer from OS command injection and cross site scripting vulnerabilities. One particular cross site scripting issue only affects versions 7.10.5 and below.

tags | advisory, vulnerability, xss
advisories | CVE-2021-42550, CVE-2022-23099, CVE-2022-23100, CVE-2022-23101, CVE-2022-24405, CVE-2022-24406
SHA-256 | 145c2f74cfe9370dfbec4b0f72f06c5a67138afef07940be7a7e97d9a4b1f072
Red Hat Security Advisory 2022-0492-01
Posted Feb 17, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0492-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.43.

tags | advisory
systems | linux, redhat
advisories | CVE-2021-20206, CVE-2021-3521, CVE-2021-4034, CVE-2022-20612, CVE-2022-20617, CVE-2022-21248, CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21360, CVE-2022-21365, CVE-2022-23094
SHA-256 | 05aecb754e5832077aaa2ae3980ca42cf63ce1fddf63c16a0324164d48232f01
Red Hat Security Advisory 2022-0239-02
Posted Jan 25, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0239-02 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-23094
SHA-256 | d81868a5e2e71fa5b6b2567857ad51ea634e921cda98438f96161984eb39b2c8
Red Hat Security Advisory 2022-0199-02
Posted Jan 20, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-0199-02 - Libreswan is an implementation of IPsec and IKE for Linux. IPsec is the Internet Protocol Security and uses strong cryptography to provide both authentication and encryption services. These services allow you to build secure tunnels through untrusted networks such as virtual private network.

tags | advisory, protocol
systems | linux, redhat
advisories | CVE-2022-23094
SHA-256 | cba116a8ccd05fea01368a369b31a845a85169c45f170a62a3ca4d23bfd14890
Page 1 of 1
Back1Next

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close