Summary Product Microsoft DirectMusic Vendor Microsoft Severity High Affected Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 Tested Versions Microsoft DirectMusic Core Services DLL (dmusic.dll) version 10.0.22000.1 CVE Identifier CVE-2022-44668 CVSS3.1 Scoring System Base Score: 7.8 (High) Vector String: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Metric Value Attack Vector (AV) Local Attack Complexity (AC) Low Privileges Required (PR) None User Interaction (UI) Required Scope (S) Unchanged Confidentiality (C) High Integrity (I) High Availability (A) High Product Overview Microsoft DirectMusic Core Services DLL is a dynamic link library (DLL) that is part of the DirectMusic component of the DirectX multimedia API for Windows operating systems....

Summary: Product Asus System Control Interface Vendor Asus Severity High - Adversaries may exploit this software vulnerability to set weak file permissions, leading to local privilege escalation. Affected Versions MyASUS: 3.1.5.0 ASUS System Control Interface: 3.1.4.0 File Version: 1.0.9.0 (AsusSwitch.exe) Tested Versions MyASUS: 3.1.5.0 ASUS System Control Interface: 3.1.4.0 File Version: 1.0.9.0 (AsusSwitch.exe) CVE Identifier CVE-2022-26438 CWE CWE-276 - Incorrect Default Permissions CVSS3....

Summary: Product Asus System Control Interface Vendor Asus Severity Medium - Adversaries may exploit this software vulnerability to set weak file permissions, leading to local privilege escalation. Affected Versions MyASUS: 3.1.5.0ASUS System Control Interface: 3.1.4.0File Version: 1.0.52.0 (AsusSoftwareManager.exe)1.0.44.0 (AsusLiveUpdate.dll) Tested Versions MyASUS: 3.1.5.0ASUS System Control Interface: 3.1.4.0File Version: 1.0.52.0 (AsusSoftwareManager.exe)1.0.44.0 (AsusLiveUpdate.dll) CVE Identifier CVE-2022-26439 CWE CVSS3....

CVE: CVE-2021-4206 Tested Versions: QEMU < v6.0.0 Product URL(s): https://www.qemu.org/ Description of the vulnerability Technical Details QXL, the QEMU QXL video accelerator, is a para-virtualized framebuffer device for the SPICE protocol. It is the default video device when we create a VM from virt-manager. It exposes the RAMs and I/O ports to let guest communicate with it. 00:01.0 VGA compatible controller: Red Hat, Inc. QXL paravirtual graphic card (rev 04) (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc....

CVE: CVE-2021-4207 Tested Versions: QEMU < v6.0.0 Product URL(s): https://www.qemu.org/ Description of the vulnerability Technical Details QXL, the QEMU QXL video accelerator, is a para-virtualized framebuffer device for the SPICE protocol. It is the default video device when we create a VM from virt-manager. It exposes the RAMs and I/O ports to let guest communicate with it. 00:01.0 VGA compatible controller: Red Hat, Inc. QXL paravirtual graphic card (rev 04) (prog-if 00 [VGA controller]) Subsystem: Red Hat, Inc....

CVE: CVE-2022-0168 Tested Versions: Linux kernels 5.4–5.12, 5.13-rc+HEAD Description of the vulnerability Common Internet File System (CIFS) is a network filesystem protocol used for providing shared access to files and printers between machines on the network. A CIFS client application can read, write, edit and even remove files on the remote server. Linux can use the ioctl system call on CIFS file for query information. In the function smb2_ioctl_query_info, it incorrectly verify the return from the memdup_user function [2]....

CVE: CVE-2022-0216 Tested Versions: QEMU < v6.0.0 Product URL(s): https://www.qemu.org/ Description of the vulnerability Technical Details The vulnerability resides in the hw/scsi/lsi53c895a.c specifically in lsi_do_msgout function. lsi_do_msgout function is used to receive messages from the OS, and do something based on that message. In this case, one message only has one-byte size. static void lsi_do_msgout(LSIState *s) { uint8_t msg; int len; uint32_t current_tag; lsi_request *current_req, *p, *p_next; if (s->current) { current_tag = s->current->tag; current_req = s->current; // [1] } else { current_tag = s->select_tag; current_req = lsi_find_by_tag(s, current_tag); } trace_lsi_do_msgout(s->dbc); while (s->dbc) { // s->dbc is controlled msg = lsi_get_msgbyte(s); s->sfbr = msg; switch (msg) { ....