Jmespath.rb (aka JMESPath for Ruby) before 1.6.1 uses JSON.load in a situation where JSON.parse is preferable. Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being accessible by such backend (CVE-2022-33741, CVE-2022-33742).Īn issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.Īn integer overflow in the component of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors. Linux disk/nic frontends data leaks T Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary.
Critical ops hack 1.8.0 code#
This code movement missed a variable changing meaning / value between old and new code positions.
To address XSA-401, code was moved inside a function in Xen. Insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. No future releases of Apache Xalan Java to address this issue are expected.
The Apache Xalan Java project is dormant and in the process of being retired. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file. GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line.Ī stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. The capability to access this feature is only available to teachers, managers and admins by default. This vulnerability allows a remote attacker to perform directory traversal attacks. This insufficient path checks results in arbitrary file read risk. The vulnerability was found in Moodle, occurs due to input validation error when importing lesson questions. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.Ī stored XSS and blind SSRF vulnerability was found in Moodle, occurs due to insufficient sanitization of user-supplied data in the SCORM track details. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain.
This vulnerability does not impact authenticated users.Īn open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A reflected XSS issue was identified in the LTI module of Moodle.